S. Bortzmeyer ✅ utilise mastodon.gougere.fr. Vous pouvez læ suivre et interagir si vous possédez un compte quelque part dans le "fediverse". Si ce n’est pas le cas, vous pouvez en créer un ici.
S. Bortzmeyer ✅ @bortzmeyer

Sad decision by the : the anti-encryption draft will be published datatracker.ietf.org/doc/draft
If it's TL;DR for you, just read section 2.3.4 claiming the operators have a right to insert HTTP headers.

Ping @1000grues

· Web · 14 · 6
Luc Ⓐ🏴 @framasky@framapiaf.org

@bortzmeyer @1000grues oO

Agnès 🏗️ :white_check_mark: @1000grues@mamot.fr

@bortzmeyer thanks :-/

John Shaft (ジョン・シャフト) ✅ @Shaft@mamot.fr

@bortzmeyer @1000grues The authors use "impacted" six times in the draft which is sufficient, from my point of view, to claim that their draft is a bunch if crap 🤔

en.wiktionary.org/wiki/impact#

Wolf480pl @Wolf480pl@niu.moe

@bortzmeyer @1000grues where do they say they have the right to inject headers?
All I see from 2.3.4 is that:
- Operators already inject headers.
- Purposes of the injected headers are controversial.
- It's not recommended to have middleboxes that inject headers - instead, heaeders should be generated by endpoints.

Guess I'll have to read the whole draft...

S. Bortzmeyer ✅ @bortzmeyer

@Wolf480pl @1000grues "Controversial" was enough to drive me mad. It is not controversial, it is bad and, if encryption prevents it, great.

Nick Doty @npd@octodon.social

@bortzmeyer reading this now, I think 2.3.4 specifically does *not* claim that operators have such a right. Instead, it notes IAB guidance (RFC8165) that suggests host-based alternatives to network-based metadata insertion.

mastodon.gougere.fr propulsé par Mastodon