Re: can't really be LAST CALL, "HTTP State Management Mechanism (Rev1) " to Propo

"David W. Morris" <dwm@xpasc.com> wrote:
>On Wed, 23 Jul 1997, Larry Masinter wrote:
>>> Too much icing on the cookie, just say no.
>
>[...]
>
>The difference between the Comment attribute and the CommentURL is the
>difference between the Windows application which provides a message 
>box with a message like:
>             "Unable to write bookmark file"
>and one which presents the message:
>             "Unable to write bookmark file: 
>              C:\home\user\internet\bkmrks.fil
>              because the file already exists and is owned
>              by another user"
>In the first case, only a user familiar with the application internals
>could guess where to start looking.  In the second case, the average
>reasonably knowledgable user of the operating system usage would have 
>a good chance at successful problem resolution.

	Note that even in that example, you are restricting yourself
to ASCII characters. :)
		

>If user privacy is important to our protocol effort, we must make it
>>possible for the user to receive sufficient information for informed
>>consent. If we don't, the user community will throw their hands up
>>and take the course of least resistance and all of our concern about
>>cookie sharing will be moot.
>>
>>In other words, I don't consider CommentURL as icing on the cookie,
>>it is central to any possibility of achieving user control over
>>privacy.

	I doubt it will be considered icing by users whose language
is not adequately accomodated by the device of try to stuff a body
into the value of a Set-Cookie2 header's comment attribute. :)

				Fote

=========================================================================
 Foteos Macrides            Worcester Foundation for Biomedical Research
 MACRIDES@SCI.WFBR.EDU         222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================

Received on Wednesday, 23 July 1997 14:48:00 UTC