- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Mon, 18 Aug 1997 12:57:22 PDT
- To: Foteos Macrides <MACRIDES@sci.wfbr.edu>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, http-state@lists.research.bell-labs.com
> This self-avowed opinionated rant is invalid because it retains > the myopic view that the commentURL is simply for legalistic statements > about a site's privacy policy. Foteos, I know what the Comment and the CommentURL are *for*. There are a lot of things that they are useful *for*. But just because a salad-shooter and an apple-corer are very useful kitchen appliances doesn't mean that we should add them to HTTP. I'm sure it is dandy that a CommentURL *could* tell you "This cookie maintains your display preferences" and "This cookie performs trade secrets which cannot be revealed to you." It could also tell me "This cookie was designed by that great web site designer Joe Coolsite who will build cookies for you too!" A CommentURL could include advertisements for local bakeries! It could shine your shoes! It could wash your dog! No, the problem isn't that Comments and CommentURLs don't have conceivable uses. > Providers should not be prevented from making such information > available in a manner which allows charset/language negotiation and > via a simple, consistent UA mechanism, rather than requiring users to > hunt around in unspecified documents for it, with no assurance that > what's said in some such documents applies to a particular cookie. I agree 100%. I want the way a site tells me what it is doing with my private information to be available via a simple, consistent UA mechanism. I don't want one mechanism for cookies, another mechanism for content negotiation, a third mechanism for deciding whether to supply my email address as the password for anonymous FTP, another mechanism for deciding whether I want to supply personal information in forms I fill out using a web browser, another mechanism for deciding whether I want to supply personal information when interacting with a Java applet. I want just what you're calling for: a single, consistent UA mechanism, adapted for local preferences for charset and language, but I want it to be useful for all of those mechanisms. Putting in "Comment" and/or "CommentURL" inside Set-Cookie does nothing to help out with any of the other situations in which privacy is also an issue, and is quite possibly inconsistent or incompatible with those other situations. Regards, Larry -- http://www.parc.xerox.com/masinter
Received on Monday, 18 August 1997 13:02:50 UTC