- From: Thomson, Martin <Martin.Thomson@commscope.com>
- Date: Tue, 3 May 2011 14:07:58 +0800
- To: Willy Tarreau <w@1wt.eu>
- CC: Mark Nottingham <mnot@mnot.net>, httpbis mailing list <ietf-http-wg@w3.org>
On 2011-05-03 at 15:18:40, Willy Tarreau wrote:
> I think it'd be more efficient to remind the reader about that in the
> spec, so that implementers leave the choice to their users
> (accessibility vs privacy). Right now when I connect to Yahoo mail in
> clear text from some customer's, I know I'm taking a risk on my
> privacy but I have my access.
> With WS it should be the same. When you connect to some services in
> clear text, you accept a risk.
This discussion probably needs to include a quote of the relevant, and existing, disclaimer.
This directive is NOT a reliable or sufficient mechanism for
ensuring privacy. In particular, malicious or compromised caches
might not recognize or obey this directive, and communications
networks might be vulnerable to eavesdropping.
As this disclaimer says, there's no accounting for those who choose to disrespect your wishes. But that doesn't mean that you should suffer indignities quietly, or not even bother trying.
I think that a quick skim of http://tools.ietf.org/html/draft-morris-policy-cons might be enlightening for those who aren't aware of some of the more advanced privacy work currently going on.
--Martin
Received on Tuesday, 3 May 2011 06:08:30 UTC