Re: [apps-discuss] Last Call: <draft-ietf-appsawg-http-forwarded-06.txt> (Forwarded HTTP Extension) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 11:27 09-07-2012, Alissa Cooper wrote:
Is it possible to recommend that generated tokens have limited lifetimes (per-request or otherwise), and make the static case the exception? The first statement above gets at this, but it seems to me that the middle ground between random generation per request and permanent unique token is worth emphasizing if there will be proxies that want to keep per-client identifiers around for some limited amount of time that isn't forever.

Yes.

It's also worth noting that the second statement above is equally true for statically provisioned client IP addresses.

Also, this statement in 8.3 is not really true and probably better left out:

"Proxies using this extension will preserve the information of a
   direct connection, which has an end-user privacy impact, if the end-
   user or deployer does not know or expect that this is the case."

I suggest removing that statement. The wording is not entirely clear. I read it as diluting end-user privacy impact.

In Section 6.3:

  'To distinguish the obfuscated identifier from other identifiers,
   it MUST have a leading underscore "_".'

I suggest removing the requirement and using "can". The implementer can decide what to put in that field.

Regards,
-sm


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]