W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1997

Re: Comment-URL question

From: Ted Hardie <hardie@thornhill.arc.nasa.gov>
Date: Mon, 28 Jul 1997 14:34:52 -0700
Message-Id: <9707281434.ZM20015@thornhill.arc.nasa.gov>
To: "David W. Morris" <dwm@xpasc.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
On Jul 28,  1:32pm, David W. Morris wrote:

> Intentionally no ... with good citizen seals and other future
> possibilities, there may be no correlation we could see at the
> protocol level and in the near term case, it seems reasonable that
> IBM would have a corporate policy on use of the cookie information,
> owned by the legal folks.  That policy URL would exist on www.ibm.com
> but be referenced by www.lotus.com, www.hursley.ibm.com, etc.

Thanks for clarifying this.  I certainly see why someone might
want to reference a third-party hosted policy, whether it be
hosted on a "main" corporate server, some policy org, or even
at some site whose policy you just happen to admire.  Inserting
a third pary into a transaction for verification of anything
has some known dangers, however (in fact, I have an odd memory
of Brian Behlendorf raising a related issue a very long time
ago).

Minimally, the user-agent must be able to deal with the situation in
which a comment-url is present but the site is unreachable or very
slow.  What, in particular, does it do with its connection to the
cookie-providing site?  If there is a user and she has requested to
approve cookies, does it close the connection until approval? If not,
can it or should it prevent the connection from closing, and if so,
what would be the best method for doing so?  A HEAD against the
requested resource to make sure it has not changed?  If the server
closes the connection during this processing, should a client continue
to try to reach the comment-url site and gain acceptance, or should it
present an error?  What happens if the user accepts the policy but,
upon reconnect, a different cookie is presented?  (In general, once a
policy has been approved for a specific resource, should a UA consider
it in force if the same URL is visited, even if a different cookie is
presented, provided the same policy is referenced?  That may seem like
a no-brainer, but the first view of a cookie at a site may show much
less than a view twenty items into the shopping basket later.  When
should someone be asked to re-view the policy and cookie?)

Sorry for entering this discussion late with these questions.  I can
see that they are closely related to some of the others which have
been raised, but they seem to me different enough to be worth voicing.
Please feel free to point me to archived discussions of these points
if I missed them in my look at the issue,

			best regards,
				Ted Hardie
				NASA NIC
Received on Monday, 28 July 1997 14:37:31 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:49 EDT