W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Re: Unverifiable Transactions / Cookie draft

From: David W. Morris <dwm@xpasc.com>
Date: Tue, 18 Mar 1997 22:14:26 -0800 (PST)
Cc: http-wg@cuckoo.hpl.hp.com
Message-Id: <Pine.SOL.3.95.970318220400.6619C-100000@shell1.aimnet.com>
To: http-wg@cuckoo.hpl.hp.com


On Tue, 18 Mar 1997, Phillip Lindsay wrote:

> Despite what is implied above,  many ad delivery implementations
> currently "require" cookies to function correctly (e.g., sequence,
> impression link).
> Let's not trivialize the reality of the current situation.   This
> standard
> will force thousands of web sites to change to support some new
> ad delivery mechanism.

By this statement you prove my concern justified. The RFC only requires
that users be made aware of unverifiable transactions. If making the
general user aware results in general rejection of such cookies by the
user community, then I believe the sites using such cookies are today
doing objectionable things with cookies and the requirement that the RFC
remain as written is very important. 

If cross domain cookies are not objectionable to the general user
population, then they won't be rejected and no changes will be required to
continue using such cookies.

Just like the argument is made that UAs should be allowed to differentiate
themselves by cookie control features, I would argue that
cookie-dispensing sites can differentiate themselves by doing the right
kind of documentation and marketing to end users of the value to the end
user of their use of cookies and how they use the information obtained via
cookies.  Knowing that DoubleClick has passed the ETrust (or whatever)
audit/certification might convince me that they will not disclose their
data and I might allow their cookies.

But as its been said ... make the user aware, give them the choice.

Dave Morris
Received on Tuesday, 18 March 1997 22:18:05 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:31 EDT