W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

(PRIVACY) Consensus

From: <jg@w3.org>
Date: Mon, 01 Apr 96 19:32:58 -0500
Message-Id: <9604020032.AA06841@zorch.w3.org>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Unless further comment is heard, this will be used to close out
this issue.
 
The following sections is intended to emphasize the privacy problems
that have been coming up with client implementations (e.g. Javascript problem)
that are not careful about the information stored inside themselves.

The only comment was from Paul Leach on wording; I've adopted his
change below.
			Comments to me,
				Jim Gettys

Add to Section 14.4:
-------------------
HTTP clients are often privy to large amounts of personal information
(e.g. the user's name, location, mail address, passwords, 
encryption keys, etc.), and should be very careful to prevent unintentional
leakage of this information via the HTTP protocol to other sources.  We
!very strongly recommend that a convenient interface be provided for
the user to control dissemination of such information, and that 
designers and implementors be particularly careful in this area.  
History shows that errors in this area are often both serious security
and/or privacy problems, and often generate very adverse publicity 
for the implemetor's company.
Received on Monday, 1 April 1996 16:35:54 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:49 EDT