- From: Roy T. Fielding <fielding@liege.ICS.UCI.EDU>
- Date: Tue, 09 Jul 1996 20:52:59 -0700
- To: Paul Leach <paulle@microsoft.com>
- Cc: 'IETF HTTP Working Group' <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
I would rather see a single mechanism for indicating the privacy
category (or categories) of the content of a message, than a specific
header field for every conceivable category or method by which the
privacy might be compromised. It most certainly should not be limited
to referrals from prior GET responses.
Likewise, it should make the common case efficient -- that is, no such
field would indicate that it is okay to send Referer (which is the common
case today -- the HTTP spec only suggests that the browser be configurable
to avoid sending it, not that it shouldn't send Referer by default).
Naturally, this should be done in PEP (or an equivalent replacement if
PEP is not in HTTP/1.2) since that matches PEP's intended capabilities.
...Roy T. Fielding
Department of Information & Computer Science (fielding@ics.uci.edu)
University of California, Irvine, CA 92697-3425 fax:+1(714)824-4056
http://www.ics.uci.edu/~fielding/
Received on Tuesday, 9 July 1996 21:01:23 UTC