ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard

2015-02-02 16:44:51
from [Bjoern Hoehrmann] [Permanent Link] 
* The IESG wrote:

The IESG has received a request from an individual submitter to consider
the following document:
- 'The "safe" HTTP Preference'
 <draft-nottingham-safe-hint-05.txt> as Proposed Standard


I think the document should not become a Proposed Standard.

In addition to what others have said I would like to note that the
proposal fails to describe how the header is implemented in practise.
For instance, in the Firefox implementation the header broadcasts that
the user's system is in "parental control mode". That is very different
from expressing the user's content preferences.

I also note the lack of "privacy" considerations with respect to such
implementations in the document. It is unlikely that the User Agent is
actually acting on behalf of the user in sending this header. In fact,
the proposal contradicts itself, it claims this is a user preference,
and then notes that it is important to ensure that users cannot actually
state their own preference. According to the draft it is not permissable
to obscure, say, NSFW content for users sending the header and also have
a "show anyway" button.

What should we tell children asking what to do if they do not want
random web sites to know they are most probably a child? I would expect
the draft to provide an answer to the affected users, a better one than
saying that sites cannot be 100% certain. I note that in some legal
environments an almost perfect indicator that the visitor is a child may
imply obligations that sites can currently avoid because so far there
was no such indicator. I think it is misleading to avoid discussing this
in the draft.

The Microsoft documentation referenced in the document says "Web sites
that receive this header should filter out adult material that is
unsuitable for children when the web sites respond to the HTTP requests"
while the draft tries to cast the header as something much more generic.
I do not think it is unreasonable to expect some consensus around the
semantics of the header prior to becoming a Proposed Standard.
-- 
Björn Höhrmann · mailto:bjoern(_at_)hoehrmann(_dot_)de · 
http://bjoern.hoehrmann.de
D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de
 Available for hire in Berlin (early 2015)  · http://www.websitedev.de/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard, Bjoern Hoehrmann <=
Previous by Date:  Re: Gen-Art LC review: draft-ietf-uta-tls-bcp-08, Robert Sparks
Next by Date:  Proposals for new working groups at IETF-92, IETF Chair
Previous by Thread:  Anyone have a link to a video of Einar Stefferud's presentation on the Inter-Network?, Phillip Hallam-Baker
Next by Thread:  Proposals for new working groups at IETF-92, IETF Chair
Indexes:  [Date] [Thread] [Top] [All Lists]