Re: [apps-discuss] Last Call: <draft-ietf-appsawg-http-forwarded-06.txt> (Forwarded HTTP Extension) to Proposed Standard
Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 09 July 2012 21:48 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E49F211E80D1; Mon, 9 Jul 2012 14:48:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.544
X-Spam-Level:
X-Spam-Status: No, score=-102.544 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s9APYT-dVnkz; Mon, 9 Jul 2012 14:48:36 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 0D60611E80CD; Mon, 9 Jul 2012 14:48:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id BD5911714F8; Mon, 9 Jul 2012 22:49:00 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1341870540; bh=+DywMSR6z98hRJ F3D95Q1Q+d7NWe/iYIhuv4ZoRiefk=; b=hb4Nqv36nJWvP1mP0z/6iAHIEGmJLH 0Cotx7bBMK3gYJZTvui2lXovJoCcjsrTaxkZkwIHeNQtYlGRMRdw1SPbDmzckIL2 y/+YR73HKZGd2+nw7AB3kBxypmo/U+fd2Pg/CrYaVumYMhWWNtklWBJE4Do9r0QS 8YTXiH6ObGDMF8zRfjCA9RfmiJDma2rUwTS8JYbFcqvKL6BVwDVWgaTrZTs9xQKQ rJghL7Iv4ouMwdZfPS+/A3gJvYj3LinnWWsGTiHwe4nQivQ3hT3EW2WD/gxrNw8x U3TwUiBraZV7UNryaaAYJ2M/0R/Y/SXSzylz8PQURlpmm7IeHlke9Jpw==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id imNGqDbZg-Sg; Mon, 9 Jul 2012 22:49:00 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.42.25.143]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id C8E5B1714F7; Mon, 9 Jul 2012 22:48:59 +0100 (IST)
Message-ID: <4FFB51CB.2070608@cs.tcd.ie>
Date: Mon, 09 Jul 2012 22:48:59 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1
MIME-Version: 1.0
To: ietf@ietf.org
References: <20120709162848.23418.51856.idtracker@ietfa.amsl.com>
In-Reply-To: <20120709162848.23418.51856.idtracker@ietfa.amsl.com>
X-Enigmail-Version: 1.4.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-http-forwarded-06.txt> (Forwarded HTTP Extension) to Proposed Standard
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2012 21:48:38 -0000
So I have a question about this draft that wasn't resolved on apps-discuss and is maybe more suited for IETF LC anyway. With geopriv, we've gone to a lot of trouble to support end-users having some control over their location privacy. This HTTP header will be used by proxies to forward on the IP address of a client, and that will be used via geo-ip services to locate the HTTP client. But in this case, there's no control whatsoever for the end user, nor are they even told that its happened. That seems to me to be quite a disconnect, but I'm not sure what if anything ought be done about it, since in this case, there's a non-standard header that's widely deployed that does this. So if we did try encourage taking the geopriv approach we'd presumably just be ignored. Any ideas? Ta, S. On 07/09/2012 05:28 PM, The IESG wrote: > > The IESG has received a request from the Applications Area Working Group > WG (appsawg) to consider the following document: > - 'Forwarded HTTP Extension' > <draft-ietf-appsawg-http-forwarded-06.txt> as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf@ietf.org mailing lists by 2012-07-23. Exceptionally, comments may be > sent to iesg@ietf.org instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > Abstract > > > This document standardizes an HTTP extension header field that allows > proxy components to disclose information lost in the proxying > process, for example, the originating IP address of a request or IP > address of the proxy on the user-agent-facing interface. Given a > trusted path of proxying components, this makes it possible to > arrange it so that each subsequent component will have access to, for > example, all IP addresses used in the chain of proxied HTTP requests. > > This document also specifies guidelines for a proxy administrator to > anonymize the origin of a request. > > > The file can be obtained via > http://datatracker.ietf.org/doc/draft-ietf-appsawg-http-forwarded/ > > IESG discussion can be tracked via > http://datatracker.ietf.org/doc/draft-ietf-appsawg-http-forwarded/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > ==================================== > A specific point for Last Call discussion, please: > During AD Evaluation, the registration policy for the new "HTTP > Forwarded parameters" registry (see Section 9) was changed to > "Specification Required" from "RFC Required". This needs further > review during Last Call, for two reasons: > > 1. While RFC Required forces new registrations through the IETF RFC > process, and might discourage registrations from individuals or > organizations that are unfamiliar with or averse to that process, > Specification Required necessitates the appointment of a Designated > Expert to review the requests and associated specifications. Each of > these policies comes with baggage, and we have to make sure we're > weighing it down with the *right* baggage. > > 2. If we stay with Specification Required we should include a short > paragraph with rough guidelines for the Designated Expert: what to > consider when approving registration requests. If we want the DE to > approve most requests, just checking the associated specifications for > sanity, we need to say that. If we want the DE to put some judgment > into deciding whether the requested parameters make sense and fit into > the usage model, or whatever, we should say something about that. > Comments and proposed text for this are encouraged. > ==================================== > >
- [apps-discuss] Last Call: <draft-ietf-appsawg-htt… The IESG
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Alissa Cooper
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… SM
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Stephen Farrell
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Willy Tarreau
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Andreas Petersson
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Andreas Petersson
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Andreas Petersson
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Andreas Petersson
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Alissa Cooper
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Andreas Petersson
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Alissa Cooper
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… SM
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Andreas Petersson
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Andreas Petersson
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… SM
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Barry Leiba
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Andreas Petersson
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Barry Leiba
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Alexey Melnikov
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Murray S. Kucherawy
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Mark Nottingham
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Barry Leiba
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Mark Nottingham