- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 03 May 2011 07:35:59 +0200
- To: Willy Tarreau <w@1wt.eu>
- CC: "Thomson, Martin" <Martin.Thomson@commscope.com>, Mark Nottingham <mnot@mnot.net>, httpbis mailing list <ietf-http-wg@w3.org>
On 03.05.2011 07:18, Willy Tarreau wrote: > ... > Many intermediaries will still log regardless of whatever new directive > you add, and there are a lot of places where logging will be mandatory > regardless of the cache-control header (which should control caching and > not logging). > > Also, concerning the privacy, I see no reason for not logging something > that is exchanged in clear text. This has always been the case for decades > with the query string in GET requests etc... ; if you want some privacy, > you know you need SSL. > ... Logging is one thing, preserving logs is another thing. Reminder: in some countries, the IP address is considered relevant for privacy (and I agree), thus preserving HTTP logs containing IP information for too long is not allowed. Best regards, Julian
Received on Tuesday, 3 May 2011 05:36:43 UTC