Re: Privacy and HTTP intermediaries

I think the cases where client-controlled suppression of logging will be 
useful are few and far between.

In most cases, the user should not have authority to control logging 
function on an intermediary.

Only if the intermediary explicitly allows such control (and I can't 
imagine any corporate sys admins turning such a feature on) could it be 
allowed by policy.  It's also completely open to abuse (proxy advertises 
ok, it will do it, but then doesn't).

I don't know if I buy the argument "at least we should try".  This will 
just bloat http requests out with yet another bandwidth-wasting header.



On 3/05/2011 6:41 p.m., Poul-Henning Kamp wrote:
> In message<8B0A9FCBB9832F43971E38010638454F0404907213@SISPE7MB1.commscope.com>
> , "Thomson, Martin" writes:
>> On 2011-05-03 at 16:16:57, Willy Tarreau wrote:
>> That was my initial thought too.  Until I saw the description of no-transform,
>> which almost all of those examples will have to respect...if they want
>> to remain compliant.
> This is the crux of the matter:  How can you as a privacy-desiring user
> know if they want to be compliant ?
>
> Squezing non-effective "please-protect-my-privacy" requests into HTTP
> is not going to have any practical effect at all, so we should not do it.
>

-- 
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com

Received on Tuesday, 3 May 2011 22:40:19 UTC