On 03/02/14 08:28, joel jaeggli wrote: > Section 12.3 > > http://tools.ietf.org/html/draft-ietf-alto-protocol-25#section-12.3 > > seems ripe for inadvertent information disclosure and or deliberate > abuse. it's certainly not something that I would ask my ISP. ... and the document tries to do its job by warning against it, in section 15.4 ("Privacy for ALTO Users"), and pointing to the problem statement part that deals with the issue in detail (RFC 6708, S. 5.2). Just to confirm that client information inadvertent disclosure is a well perceived issue (whose severity varies on a case by case basis though, as probably one wouldn't care much if such sharing was done by the Spotify app running on their laptop). Do you have any text change/addition to suggest to make it even clearer? Enrico
<<attachment: smime.p7s>>