#552: allow privacy proxies to be conformant

In the IESG comments on p1 from Sean Turner:

> 1A) s5.7.2 and s2.3: s2.3 mentions privacy proxies and s5.7.2 says the
> following about proxies without qualifying the type of proxy:
> 
>   A proxy MUST NOT modify header fields that provide information about
>   the end points of the communication chain, the resource state, or the
>   selected representation.
> 
> So does that essentially mean privacy filters proxies are non-conformant?

http://trac.tools.ietf.org/wg/httpbis/trac/ticket/552

I think that the above text (which is broader than the specific header
field requirements in RFC2616) can be improved by replacing it with the
following text:

   A proxy MUST NOT modify header fields that provide information about
   the end points of the communication chain, the resource state, or the
   selected representation (other than those necessary to describe how
   the payload has been transformed). However, an exception to this
   requirement applies to proxies that are specifically configured to
   remove or filter header fields for the sake of privacy or security.
   The person or organization selecting the proxy is presumed to have
   control over its configuration.

Alternatively, we could go back to the list of specific header fields
that were specified in RFC2616 sec 13.5.2 and Allow.

....Roy

Received on Wednesday, 29 January 2014 01:47:30 UTC