Re: Last Call: <draft-ietf-appsawg-http-forwarded-06.txt> (Forwarded HTT

On Tue, 10 Jul 2012 12:32:08 -0400
Alissa Cooper <acooper(_at_)cdt(_dot_)org> wrote:

> On Jul 10, 2012, at 12:07 PM, Andreas Petersson wrote:
> > > The first half of the statement is basically a refinement of the previous 
> > > sentence in the section ("The Forwarded HTTP header field, by design, 
> > > exposes information that some users consider privacy sensitive"), so I 
> > > don't see what is lost by eliminating it.
> > See my answer to SM. I think it better explains that the expectations
> > of the end user are important to consider, even if these expectations
> > are wrong.
> Right, I'm not saying that user expectations are unimportant. I think 
> characterizing their role accurately should be the goal. If there is a desire 
> to leave this in, I would suggest something more along the lines of:
>
> Proxies using this extension will preserve the information of a direct 
> connection. In some cases, the user's and/or deployer's knowledge or 
> expectation that this will occur can help to mitigate the associated privacy 
> impact.
Off-list discussion with Alissa resulted in this suggestion:

"Proxies using this extension will preserve the information of a direct
connection. This has an end-user privacy impact regardless of whether
the end-user or deployer knows or expects that this is the case."


Cheers,
 Andreas

signature.asc
Description: PGP signature