On Mon, Jul 09, 2012 at 10:48:59PM +0100, Stephen Farrell wrote:
So I have a question about this draft that wasn't
resolved on apps-discuss and is maybe more suited
for IETF LC anyway.
With geopriv, we've gone to a lot of trouble to
support end-users having some control over their
location privacy.
This HTTP header will be used by proxies to forward
on the IP address of a client, and that will be used
via geo-ip services to locate the HTTP client.
In practice, the real use for the header is in the reverse-proxy chain,
as many people already disable x-forwarded-for on outgoing proxies for
privacy concerns. And server-side generally ignores the untrustable
x-forwarded-for provided by clients anyway. In the abstract, the draft
says it's for use between trusted proxies, which generally means either
the client-side proxy chain for logging purposes, where the last one
will remove the info, or more generally the server side where everyone
appends itself.
Maybe a small paragraph on this might emphasize the intended purpose
and suggest use cases as well as software options to add/ignore/remove
the header depending on the proxy location in the chain.
Regards,
Willy