On Mon, Jul 09, 2012 at 10:48:59PM +0100, Stephen Farrell wrote: > > So I have a question about this draft that wasn't > resolved on apps-discuss and is maybe more suited > for IETF LC anyway. > > With geopriv, we've gone to a lot of trouble to > support end-users having some control over their > location privacy. > > This HTTP header will be used by proxies to forward > on the IP address of a client, and that will be used > via geo-ip services to locate the HTTP client. In practice, the real use for the header is in the reverse-proxy chain, as many people already disable x-forwarded-for on outgoing proxies for privacy concerns. And server-side generally ignores the untrustable x-forwarded-for provided by clients anyway. In the abstract, the draft says it's for use between trusted proxies, which generally means either the client-side proxy chain for logging purposes, where the last one will remove the info, or more generally the server side where everyone appends itself. Maybe a small paragraph on this might emphasize the intended purpose and suggest use cases as well as software options to add/ignore/remove the header depending on the proxy location in the chain. Regards, Willy