IETF Logo Mail Archive

Re: Last Call: <draft-ietf-appsawg-http-forwarded-06.txt> (Forwarded HTTP Extension) to Proposed Standard

Andreas Petersson <andreas@sbin.se> Wed, 11 July 2012 14:41 UTC

Return-Path: <andreas@sbin.se>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 398AF21F86C2; Wed, 11 Jul 2012 07:41:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.503
X-Spam-Level:
X-Spam-Status: No, score=-6.503 tagged_above=-999 required=5 tests=[AWL=0.096, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U3d3NxI2FZLE; Wed, 11 Jul 2012 07:41:14 -0700 (PDT)
Received: from smtp.opera.com (smtp.opera.com [213.236.208.81]) by ietfa.amsl.com (Postfix) with ESMTP id 521DF21F86A1; Wed, 11 Jul 2012 07:41:14 -0700 (PDT)
Received: from hetzer (oslo.jvpn.opera.com [213.236.208.46]) by smtp.opera.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q6BEfOQQ004292; Wed, 11 Jul 2012 14:41:25 GMT
Date: Wed, 11 Jul 2012 16:41:11 +0200
From: Andreas Petersson <andreas@sbin.se>
To: Alissa Cooper <acooper@cdt.org>
Subject: Re: Last Call: <draft-ietf-appsawg-http-forwarded-06.txt> (Forwarded HTTP Extension) to Proposed Standard
Message-ID: <20120711164111.1b9e86d5@hetzer>
In-Reply-To: <62148A5F-B5F0-4915-8064-F33A0ADCB311@cdt.org>
References: <20120709162848.23418.51856.idtracker@ietfa.amsl.com> <22B6DCC8-3BBF-4C64-876E-13ABFBE6CB2F@cdt.org> <20120710132756.4dac582d@hetzer> <C023E9BE-5183-4A36-8470-B206FFBF1746@cdt.org> <20120710180729.42712860@hetzer> <62148A5F-B5F0-4915-8064-F33A0ADCB311@cdt.org>
X-Mailer: Claws Mail 3.7.9 (GTK+ 2.24.6; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg="PGP-SHA1"; boundary="Sig_/N.7js2fI0g5=4i9GE9p/OfJ"; protocol="application/pgp-signature"
Cc: IETF Discussion Mailing List <ietf@ietf.org>, apps-discuss@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2012 14:41:15 -0000

On Tue, 10 Jul 2012 12:32:08 -0400
Alissa Cooper <acooper@cdt.org> wrote:

> On Jul 10, 2012, at 12:07 PM, Andreas Petersson wrote:
> >> The first half of the statement is basically a refinement of the previous sentence in the section ("The Forwarded HTTP header field, by design, exposes information that some users consider privacy sensitive"), so I don't see what is lost by eliminating it.
> > 
> > See my answer to SM. I think it better explains that the expectations
> > of the end user are important to consider, even if these expectations
> > are wrong.
> 
> Right, I'm not saying that user expectations are unimportant. I think characterizing their role accurately should be the goal. If there is a desire to leave this in, I would suggest something more along the lines of:
> 
> Proxies using this extension will preserve the information of a direct connection. In some cases, the user's and/or deployer's knowledge or expectation that this will occur can help to mitigate the associated privacy impact.

Off-list discussion with Alissa resulted in this suggestion:

"Proxies using this extension will preserve the information of a direct
connection. This has an end-user privacy impact regardless of whether
the end-user or deployer knows or expects that this is the case."


Cheers,
 Andreas

v2.23.0 | Report a Bug | By Email