W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: draft-ietf-http-state-mgmt-01.txt LAST CALL

From: Marc Salomon <marc@pele.ckm.ucsf.edu>
Date: Sat, 15 Jun 1996 11:44:09 -0700
Message-Id: <199606151844.LAA26596@pele.ckm.ucsf.edu.UCSF-LIBRARY>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/946
koen@win.tue.nl wrote to snowhare@netimages.com:
on emulating 1:n domain cookies...
|You will have to work more than just slightly harder.  And after you
|deploy such a system, it will inevitably be discovered, and it will
|result in bad publicity not just for you but for the entire web.  But
|at least this bad publicity won't involve stories about browser
|vendors and the IETF being on your side in the battle over privacy.

Putting on my political science hat, this is essentially a regulatory issue.  
Restricting the options for good actors because malicious actors might abuse 
functionality won't solve the problem.  The market is not the solution 
for everything, but when it comes to the public relations consequences of
vendors abusing privacy, it seems to work well.  N.B. Netscape's quick 
reaction to Javascript privacy violations in Navigator 2.0.

If you require safety belts in all cars, and pass a law that requires drivers
wear them, they choose not to and get into a wreck, then you are not 
responsible for that wreck.  If a site collects login:passwd using basic 
authentication, promises to keep the data confidential and turns around and 
shares it, does that reflect on the IETF and its committment to privacy?  If 
people disable 1:n domain cookie confirmation dialogues (with whois data
for each domain), as required by some IETF draft, then caveat emptor as they 
take control of the situation, and the IETF is still on the side of privacy.

Clearinghouses will spring up that serve lists of domains with a history of 
privacy abuses for those users who care to filter based on those criteria.  
But sadly enough, at least here in the USA, the prevailing sentiment is that 
corporations are the overtaxed valiant innovators bringing us a world of 
choice, convenience and a job if we're lucky.  Most people here couldn't care 
less what data are gathered and shared about them by corporations and 
probably see it a as feature.

As far as client-initiated cookies go, think of them as situationism in
practice.  A sort of .rc file that one can source for each persona or role 
one plays as they go through their day on the web.  Metadata on all of Me.  
Preemptive scenario negotiation so you and the server can cut through the 
bull and get to a mutually beneficial spot in webspace and on your way.
This kind of functionality is essential to achieve a stateful dialogue 
you wrote about in an earlier version of this draft.  This proposal as 
it currently stands specifies a server-controlled rote monologue.

Received on Saturday, 15 June 1996 11:52:28 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:17 UTC