On Tue, 10 Jul 2012 12:32:08 -0400
Alissa Cooper <acooper(_at_)cdt(_dot_)org> wrote:
On Jul 10, 2012, at 12:07 PM, Andreas Petersson wrote:
The first half of the statement is basically a refinement of the previous
sentence in the section ("The Forwarded HTTP header field, by design,
exposes information that some users consider privacy sensitive"), so I
don't see what is lost by eliminating it.
See my answer to SM. I think it better explains that the expectations
of the end user are important to consider, even if these expectations
are wrong.
Right, I'm not saying that user expectations are unimportant. I think
characterizing their role accurately should be the goal. If there is a desire
to leave this in, I would suggest something more along the lines of:
Proxies using this extension will preserve the information of a direct
connection. In some cases, the user's and/or deployer's knowledge or
expectation that this will occur can help to mitigate the associated privacy
impact.
Off-list discussion with Alissa resulted in this suggestion:
"Proxies using this extension will preserve the information of a direct
connection. This has an end-user privacy impact regardless of whether
the end-user or deployer knows or expects that this is the case."
Cheers,
Andreas
signature.asc
Description: PGP signature