W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

(PRIVACY) Draft words for W.G. review.

From: <jg@w3.org>
Date: Tue, 26 Mar 96 18:01:43 -0500
Message-Id: <9603262301.AA07653@zorch.w3.org>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
The following sections is intended to emphasize the privacy problems
that have been coming up with client implementations (e.g. Javascript problem)
that are not careful about the information stored inside themselves.
			Comments to me,
				Jim Gettys

Add to Section 14.4:
-------------------
HTTP clients are often privy to large amounts of personal information
(e.g. the user's name, location, mail address, passwords, 
encryption keys, etc.), and should be very careful to prevent unintentional
leakage of this information via the HTTP protocol to other sources.  We
suggest, though do not require, that a convenient interface be provided for
the user to control dissemination of such information, and that 
designers and implementors be particularly careful in this area.  
History shows that errors in this area are often both serious security
and/or privacy problems, and often generate very adverse publicity 
for the implemetor's company.
Received on Tuesday, 26 March 1996 15:06:15 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:49 EDT