Server Tracking Prevention is also needed

tlswg / tls13-spec

TLS 1.3 Specification

562 stars 158 forks source link

Server Tracking Prevention is also needed #1289

Closed emanjon closed 1 year ago

emanjon commented 1 year ago

The document has a section on Client Tracking Prevention which is what is relevant for the Web. For IoT the TLS server is often a device. That device might be something that a person takes with them.

Motivation for changes is given by the charter.

Security and privacy goals will place emphasis on the following:

- Identify and mitigate other (long-term) user tracking or fingerprinting
vectors enabled by TLS deployments and implementations.

emanjon commented 1 year ago

This seems to be an easy fix. Just chaning the heading from "client tracking prevention" to "client and server tracking prevention" seems to do the job

ekr commented 1 year ago

Fixed