On 11/18/14 9:44 AM, Eliot Lear wrote: > Hi Joe, > > On 11/18/14, 6:21 PM, Joseph Lorenzo Hall wrote: >> >> (Incidentally, if something outside the browser inserts this header it >> may be very difficult for the user to actually turn off, as well. I'm >> not sure if that's something you've thought about. In DNT, there are >> applications you can install that will insert that header for you on >> each request (AVG does this).) > > If that is detected (and it is easily detected by comparing against a > TLS request), the content provider is not likely to make use of the safe > bit. In fact the content provider is in a good position to warn the > user that this sort of thing is going on. The draft not only assumes that proxies should insert this on ones' behalf, but that such an activity is a normal course of events. Furthermore, a proxy (for example, at a school) can associate the preference with all (unencrypted) requests flowing through it, helping to assure that clients behind it are not exposed to "objectionable" content. > Eliot >
Attachment:
signature.asc
Description: OpenPGP digital signature