On 03/02/14 08:28, joel jaeggli wrote:
Section 12.3
http://tools.ietf.org/html/draft-ietf-alto-protocol-25#section-12.3
seems ripe for inadvertent information disclosure and or deliberate
abuse. it's certainly not something that I would ask my ISP.
... and the document tries to do its job by warning against it, in
section 15.4 ("Privacy for ALTO Users"), and pointing to the problem
statement part that deals with the issue in detail (RFC 6708, S. 5.2).
Just to confirm that client information inadvertent disclosure is a well
perceived issue (whose severity varies on a case by case basis though,
as probably one wouldn't care much if such sharing was done by the
Spotify app running on their laptop). Do you have any text
change/addition to suggest to make it even clearer?
Enrico
smime.p7s
Description: S/MIME Cryptographic Signature