On Tue, 10 Jul 2012 12:32:08 -0400
Alissa Cooper <acooper@xxxxxxx> wrote:
> On Jul 10, 2012, at 12:07 PM, Andreas Petersson wrote:
> >> The first half of the statement is basically a refinement of the previous sentence in the section ("The Forwarded HTTP header field, by design, exposes information that some users consider privacy sensitive"), so I don't see what is lost by eliminating it.
> >
> > See my answer to SM. I think it better explains that the expectations
> > of the end user are important to consider, even if these expectations
> > are wrong.
>
> Right, I'm not saying that user expectations are unimportant. I think characterizing their role accurately should be the goal. If there is a desire to leave this in, I would suggest something more along the lines of:
>
> Proxies using this extension will preserve the information of a direct connection. In some cases, the user's and/or deployer's knowledge or expectation that this will occur can help to mitigate the associated privacy impact.
Off-list discussion with Alissa resulted in this suggestion:
"Proxies using this extension will preserve the information of a direct
connection. This has an end-user privacy impact regardless of whether
the end-user or deployer knows or expects that this is the case."
Cheers,
Andreas
Attachment:
signature.asc
Description: PGP signature