W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1997

Re: FW: revised trusted cookie spec

From: Foteos Macrides <MACRIDES@sci.wfbr.edu>
Date: Mon, 18 Aug 1997 17:43:58 -0500 (EST)
To: masinter@parc.xerox.com
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, http-state@lists.research.bell-labs.com
Message-Id: <01IMLDGUVO020096IF@SCI.WFBR.EDU>
Larry Masinter <masinter@parc.xerox.com> wrote:
>I'm sure it is dandy that a CommentURL *could* tell you "This cookie
>maintains your display preferences" and "This cookie performs
>trade secrets which cannot be revealed to you." It could also tell me
>"This cookie was designed by that great web site designer Joe Coolsite
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>who will build cookies for you too!"
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

	The purpose of the commentURL is to provide information
about a *particular* cookie.  Information does not lie solely in
bytes or multi-byte characters received over the wire.  It lies
in their interaction with a human intellect.  If that last statement
were recieved as the sole content of the "document" from a commentURL,
in conjuction with a human intellect which evaluates it, it does
provide a form of information relevant to a variety of decisions,
and not simply ones about "privacy", which might be made concerning
that particular cookie.  The quality of the decision is co-dependent
on the quality of the human's intellect.


>					A CommentURL could include
>advertisements for local bakeries! It could shine your shoes! It could
>wash your dog!

	Those also, when evaluated by a human's intellect, would
provide some basis for decisions on whether to accept, or discard
a previously accepted, cookie.  And, again, the reasons for invoking
a decision-making process need *not* be related to "privacy", per se.


>[...] Putting in "Comment" and/or
>"CommentURL" inside Set-Cookie does nothing to help out with any of the
>other situations in which privacy is also an issue, and is quite
>possibly inconsistent or incompatible with those other situations.

	What will it take to get across that "privacy" is not the only
issue here, nor necessarily a central one when a commentURL is sought
to assist in making a decision?

	Also, it would be inside Set-Cookie2.  The Big Two are free to
continue using just Set-Cookie.

	Information does not lie in a single source.  This statement
provided information to it's readers:

	I also don't think content providers are going to want to share the
	meaning of their cookies (perhaps for marketing purposes).
		-- valeski@netscape.com (Judson Valeski)

As did this statement:

	Consensus in Munich (which does not include many concerned with
	this issue) was that comment/commentURL is to be taken out of
	the spec, which I believe is the right thing to do. How is this
	formally done?  Let's do it.
		-- valeski@netscape.com (Judson Valeski)

As did this statement:

	What happened in Munich was not 'consensus', but a straw poll
	of the room.
	It was uniform, but of course, most of the concerned parties
	weren't there.

But the combination of those statements, and others retrieved from memory,
all processed through a human intellect, constitute more information than
each in isolation, and a progressively better basis for an actual decision
when one is solicited from a human being.

				Fote

=========================================================================
 Foteos Macrides            Worcester Foundation for Biomedical Research
 MACRIDES@SCI.WFBR.EDU         222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
Received on Monday, 18 August 1997 14:50:25 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:51 EDT