So, I am seriously wondering how the IETF would react to a
proposal to standardise some other kind of hint in HTTP requests.
For example, if you happen to like or hate the colour green,
and/or ecologically-friendly solutions, how about a standard which
contains text like the following?
4. Security Considerations
The "green" preference is not a secure mechanism; it can be inserted
or removed by intermediaries with access to the request stream (e.g.
for "http://" URLs). Its presence reveals limited information about
the user, which may be of small assistance in "fingerprinting" the
user.
By its nature, including "green" in requests does not assure that all
content will actually be green; it is only when servers elect to honor
it that content might be "green".
Even then, a malicious server might adapt content so that it is even
less "green" (by some definition of the word). As such, this
mechanism on its own is not enough to assure that only "green" content
is seen; those who wish to ensure that will need to combine its use
with other techniques (e.g., content filtering).
Furthermore, the server and user may have differing ideas regarding
the semantics of "green." As such, the "greenness" of the user's
experience when browsing from site to site might (and probably will)
change.
The more I look at this draft, the less it seems like a meaningful idea.
The latest tweaks don't help.
Brian