W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Re: RFC2109 addition...

From: David W. Morris <dwm@xpasc.com>
Date: Mon, 24 Mar 1997 16:40:24 -0800 (PST)
To: Jonathan Stark <stark@commerce.net>
Cc: http-wg@cuckoo.hpl.hp.com
Message-Id: <Pine.SOL.3.95.970324163153.23840C-100000@shell1.aimnet.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/2861

On Mon, 24 Mar 1997, Jonathan Stark wrote:

> Here's a first crack at the text as I feel it should be included in the
> RFC:
> --
> CommentURL=commenturl
> Optional.  The CommentURL allows an origin server to specify a document
> that explains the usage of this cookie, and could optionally also explain
> the policies governing the use of information collected through this cookie.
> A user-agent can offer the user the option of inspecting this page before
> accepting a cookie.  Any cookies issued while attempting to retrieve the
> document at commenturl should be refused.

I have been working thru a similar idea before presenting it ... BUT thus
far my thought is that there shouldn't be any restrictions on what the
URL points at, associated cookies, etc. except that we need to work thru
the rules to make sure a privacy hole isn't created... but I think if
the rules are that retrieving this URL is like following any other link
then I don't think there are any new exposures.  (That is the cookie
issued by this link would have to fit the URL being retrieved.)  THis
has the additional advantage in that language issues can be handled via
normal UA / server negotiation. A suggested UI for an UA able to do so
would be to open a new browser window to follow the link.

Dave Morris
Received on Monday, 24 March 1997 16:42:24 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:19 UTC