WARNING: This server is unstable and will be retired in the next days.
If you want to keep this forum available, please request immediately a migration
on the Nabble Support forum.
Forums that don't receive any migration request will be deleted forever.
Sorry if I'm missing some context here (and I've only
skimmed the document), but I've a couple of questions:
On 05/13/2012 06:07 PM, SM wrote:
> As a starting point, here's some suggested text for Section 8.2:
> In recent years, there has been growing concerns about privacy. There
> is a
> tradeoff between ensuring privacy for users versus disclosing information
> which is useful for debugging. The Forwarded HTTP header field, by
> exposes information which affects the privacy of users. This header
> should not be used if the proxy is being operated as a privacy service.
- Is "privacy service" well-defined? (Or well enough defined?)
- In general, is a user supposed to know that headers like this
are being added? If so, how? If not, doesn't that have privacy
implications as well?
- Section 5.4 is also odd: when would we want a proxy to make it
look to the UA that stuff the proxy got unprotected was protected?
- I also wondered how widely the X-Forwarded stuff is deployed and
generally whether its really a good or bad idea to standardise
this. I can't tell from (the quick read I had of) the document.