W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2011

Re: Privacy and HTTP intermediaries

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 03 May 2011 07:35:59 +0200
Message-ID: <4DBF943F.8020103@gmx.de>
To: Willy Tarreau <w@1wt.eu>
CC: "Thomson, Martin" <Martin.Thomson@commscope.com>, Mark Nottingham <mnot@mnot.net>, httpbis mailing list <ietf-http-wg@w3.org>
On 03.05.2011 07:18, Willy Tarreau wrote:
> ...
> Many intermediaries will still log regardless of whatever new directive
> you add, and there are a lot of places where logging will be mandatory
> regardless of the cache-control header (which should control caching and
> not logging).
>
> Also, concerning the privacy, I see no reason for not logging something
> that is exchanged in clear text. This has always been the case for decades
> with the query string in GET requests etc... ; if you want some privacy,
> you know you need SSL.
> ...

Logging is one thing, preserving logs is another thing. Reminder: in 
some countries, the IP address is considered relevant for privacy (and I 
agree), thus preserving HTTP logs containing IP information for too long 
is not allowed.

Best regards, Julian
Received on Tuesday, 3 May 2011 05:36:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:40 GMT