W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2011

Privacy and HTTP intermediaries

From: Thomson, Martin <Martin.Thomson@commscope.com>
Date: Tue, 3 May 2011 09:10:09 +0800
To: httpbis mailing list <ietf-http-wg@w3.org>
Message-ID: <8B0A9FCBB9832F43971E38010638454F0404907168@SISPE7MB1.commscope.com>
The issue of logging HTTP requests has come up in a discussion in another working group.

The goal is not just to prevent someone from learning that a certain person requested a certain resource, but to protect the identity of the resource.  That is, the very existence of the resource is a secret.

I understand that with CONNECT an intermediary only really knows that a particular server has been contacted, but what about unsecured HTTP?  Does the value of the Cache-Control header have any bearing on whether something is logged?

What sort of logging does an HTTP intermediary typically do?

--Martin
Received on Tuesday, 3 May 2011 01:10:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:40 GMT