W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2011

RE: Privacy and HTTP intermediaries

From: Thomson, Martin <Martin.Thomson@commscope.com>
Date: Tue, 3 May 2011 14:26:28 +0800
To: Willy Tarreau <w@1wt.eu>
CC: Mark Nottingham <mnot@mnot.net>, httpbis mailing list <ietf-http-wg@w3.org>
Message-ID: <8B0A9FCBB9832F43971E38010638454F0404907213@SISPE7MB1.commscope.com>
On 2011-05-03 at 16:16:57, Willy Tarreau wrote:
> OK but still my point remains that cache-control is irrelevant to 
> logging.
> Cache-* is for caches only. Proxies, l7 firewalls, load balancers, 
> WAFs, compressors, URL filters, anti-virus, etc... all do log and will 
> not inspect
> cache-* because they are not caches (and it should remain this way).

That was my initial thought too.  Until I saw the description of no-transform, which almost all of those examples will have to respect...if they want to remain compliant.

As you say, the alternative is to add a new header (DNT?), but when there is already so much overlap, it seemed cleaner this way.

> [...] legal obligations [...]

That's the golden rule, isn't it?  Policy trumps all.  Irrespective of what an RFC says, someone can enact a policy that overrides the specification.  Add that to the cases covered by the caveat (under compromised, if you like).

Received on Tuesday, 3 May 2011 06:27:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:13:51 UTC