Hi,
Sorry if I'm missing some context here (and I've only
skimmed the document), but I've a couple of questions:
On 05/13/2012 06:07 PM, SM wrote:
> As a starting point, here's some suggested text for Section 8.2:
>
> In recent years, there has been growing concerns about privacy. There
> is a
> tradeoff between ensuring privacy for users versus disclosing information
> which is useful for debugging. The Forwarded HTTP header field, by
> design,
> exposes information which affects the privacy of users. This header
> field
> should not be used if the proxy is being operated as a privacy service.
- Is "privacy service" well-defined? (Or well enough defined?)
- In general, is a user supposed to know that headers like this
are being added? If so, how? If not, doesn't that have privacy
implications as well?
- Section 5.4 is also odd: when would we want a proxy to make it
look to the UA that stuff the proxy got unprotected was protected?
- I also wondered how widely the X-Forwarded stuff is deployed and
generally whether its really a good or bad idea to standardise
this. I can't tell from (the quick read I had of) the document.
Ta,
S.
_______________________________________________
apps-discuss mailing list
apps-discuss@...
https://www.ietf.org/mailman/listinfo/apps-discuss
