W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Re: draft-ietf-http-state-mgmt-01.txt LAST CALL

From: Marc Salomon <marc@pele.ckm.ucsf.edu>
Date: Sat, 15 Jun 1996 14:53:41 -0700
Message-Id: <199606152153.OAA26648@pele.ckm.ucsf.edu.UCSF-LIBRARY>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Koen wrote:
|Warning: though this browser tries to help you in protecting your
|privacy, it cannot not offer strong protection against cross-server
|user tracking because several features of the web allow this to be
|implemented.

Why can't strong protection be afforded by a cookie management suite with a 
feature to allow toggling a domain's active status within a cookie (but not
adding new domains)?

----------------------------------------------------------------
View Cookie: Journal Browsing Cookie

 Contents:

 [SiteLicense = Encrypted ticket for you alone to access the distributed
                collection.  Contains your encrypted internet address and
                a time stamp so each site we license with can verify that 
                you are licensed without knowing your name.  Sites would 
                know your internet address regardless if you connect with 
                a cookie or not. ]

 [Specialty   = Radiology]

 [Version     = 1.0]

 [Path       = /pub]

 Toggle Checkbox to Enable/Disable Domain on Future Transactions

    (O) UCSF Library Electronic Periodicals Collection
    (*) New England Journal of Medicine
    (*) Journal of the American Medical Society      [$Path = /sitelicense]
    ( ) Jeff and Akbar's Demographic Hut             [$Path = /spoof]
        and Stateful Cookie Shack 

[Committ][Reset][Dismiss]
----------------------------------------------------------------
 key:
 (O) = Cookie Originating Domain - Always on
 (*) = Active Cookie Domain - cookie sent if domain-match
 ( ) = Inactive Cookie Domain - cookie not sent if domain-match

Should descriptive comments be allowed in the Set-Cookie header for each 
attribute so that Cookie management software can report an annotated version 
of cookie contents, informing the users' Cookie management decisions and 
holding server owners accountable for those claims?  Fraud is a crime.

-marc
Received on Saturday, 15 June 1996 15:01:58 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:04 EDT