Djoerd Hiemstra 馃崏
and 1 other
boosted
Frustrating to see new #IETF drafts and mailing list discussions etc. continuing to use legacy IPv4 in the examples with no mention of #IPv6
Normalize IPv6 by using it in your documentation and examples. The same goes for #OpenSource projects.
It would be nice if, at least within the IETF standards body itself, we could start dancing like it's 1998 馃暫
Cat 馃悎馃 (D.Burch) :blobcatrainbow:
and 10 others
boosted
HTTP has a new method: QUERY. Tl;dr: GET with a body.
https://www.ietf.org/archive/id/draft-ietf-httpbis-safe-method-w-body-14.html
(Doesn鈥檛 have an RFC number yet but has been approved, will get one in a few weeks.)
NSA and IETF, part 3: Dodging the issues at hand
https://blog.cr.yp.to/20251123-dodging.html
#HackerNews #NSA #IETF #DodgingIssues #Cybersecurity #Privacy #TechNews
HTTP has a new method: QUERY. Tl;dr: GET with a body.
https://www.ietf.org/archive/id/draft-ietf-httpbis-safe-method-w-body-14.html
(Doesn鈥檛 have an RFC number yet but has been approved, will get one in a few weeks.)
Frustrating to see new #IETF drafts and mailing list discussions etc. continuing to use legacy IPv4 in the examples with no mention of #IPv6
Normalize IPv6 by using it in your documentation and examples. The same goes for #OpenSource projects.
It would be nice if, at least within the IETF standards body itself, we could start dancing like it's 1998 馃暫
Well @chrysn@chaos.social, I really appreciate your good intentions and will to fight for users' #privacy.
But I was not talking about you or the few independent developers who still volunteer at #IETF these days.
I was talking about IETF effects on the Internet standards as a whole.
I'm afraid the impact of a few independent engineers is not going to balance the power of organized and well funded #BigTech lobbyists.
As an example, let's stay on topic and look at RFC 9001, "Using #TLS to Secure #QUIC".
All that is said about the impoved ability of the server to identify (and thus track) the user are in two lines about session resumption (emphasys mine):
Session resumption allows servers to link activity on the original connection with the resumed connection, which might be a privacy issue for clients. Clients can choose not to enable resumption to avoid creating this correlation.Now please notice the #hypocrisy: the wording is set up as if clients should opt-in, but it's pretty unlikely that users will be given a choice between a personal data leak at protocol level and an imperceptible increase in connection time, in particular with 0-RTT where " Endpoints cannot selectively disregard information that might alter the sending or processing of 0-RTT".
So while I'm pretty curious about @bagder@mastodon.social's perspective, I see that #Google managed to get a protocol designed to thwart user privacy and reduce its own server costs (even just the energy consumed during TLS hadshakes, amount to thousands dollars each day).
This way, if EU would decide to forbid tracking cookies at all, Google would get a competitive advantage over all other #AdsTech companies.
Now a properly working IETF would have rejected such shit, knowing that it would have been leveraged against people (and democracies) though #Chrome browsers and #Android defaults.
CC: @daniel@gultsch.social @lorenzo@snac.bobadin.icu
Chewie
boosted
@daniel@gultsch.social
#QUIC (and #HTTP3) exists to serve the interests and needs of #Google.
In particular 0-RTT is basically a low-level cookie that allows deterministic user tracking below and before #http: if it will ever spread, disabling or deleting cookies, even out-lawing them, won't be a issue for #SurveillanceCapitalism.
So these days what happens at #IETF is much more lobbying than engineering. Overpaid engineers lobby against the users to further cement the power of their corporations.
I wouldn't call these as "improvements".
These days, sadly, IETF is the place where the fundamental fabric of the internet is constantly being ^^enshittified**.
@lorenzo@snac.bobadin.icu
#QUIC (and #HTTP3) exists to serve the interests and needs of #Google.
In particular 0-RTT is basically a low-level cookie that allows deterministic user tracking below and before #http: if it will ever spread, disabling or deleting cookies, even out-lawing them, won't be a issue for #SurveillanceCapitalism.
So these days what happens at #IETF is much more lobbying than engineering. Overpaid engineers lobby against the users to further cement the power of their corporations.
I wouldn't call these as "improvements".
These days, sadly, IETF is the place where the fundamental fabric of the internet is constantly being ^^enshittified**.
@lorenzo@snac.bobadin.icu