W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

draft-ietf-http-state-mgmt-03.txt

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Wed, 31 Jul 1996 18:37:42 -0400
Message-Id: <199607312237.AA269872667@otter.hpl.hp.com>
To: dmk@bell-labs.com, montulli@netscape.com
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
The "security considerations" section of the draft does not include
any text regarding privacy concerns.

Here's some suggested text:

PRIVACY CONCERNS:

The protocol described in this draft can be used to keep track of the
browsing habits of a user without the user's knowledge or permission.
Many people consider this to be an unethical invasion of privacy.

Any HTTP client implementing this protocol MUST provide at least three
options for the user:
	1) disable cookies entirely.
	2) ask the user before setting a cookie.
	3) set cookies without asking the user.

The default "out of the box" behavior of the client MUST NOT be #3.

Any HTTP client should provide a way for the user to know which
cookies are associated with a given page.
Received on Wednesday, 31 July 1996 15:43:18 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:05 EDT