- From: (unknown charset) Matthias Schunter <mts@zurich.ibm.com>
- Date: Wed, 21 Dec 2011 09:21:22 +0100
- To: (unknown charset) public-tracking@w3.org
Yes - you are right. matthias On 12/20/2011 9:57 PM, Kevin Smith wrote: >> If a request header was received that says DNT=1, then a site MUST send a response header (otherwise the user agent cannot validate compliance). > > We say this a lot. Remember, the user agent can never validate compliance - in any circumstance. All it can do is validate that the server *claims* to be compliant. I think that is an important distinction. If I remember right, this was one reason that some were arguing in favor of a document at a well-known location, because then a service can state its intent to be compliant once instead of over and over. > > -----Original Message----- > From: Matthias Schunter [mailto:mts@zurich.ibm.com] > Sent: Tuesday, December 20, 2011 1:07 PM > To: public-tracking@w3.org > Subject: Re: tracking-ISSUE-105: Response header without request header? [Tracking Preference Expression (DNT)] > > Hi! > > > Summarizing the mails: > If _no request header was received_, we agree that in general > "MAY send response header" and neither "MUST" nor "SHOULD". > > If this is a common agreement, it settles ISSUE-105! > > More discussions: > > If a request header was received that says DNT=1, then a site MUST send a response header (otherwise the user agent cannot validate compliance). > > If a request header with DNT=0 was received, the server may indicating that it understood and supports DNT by sending a response. This is ISSUE-78. > > I actually think that making "the entire existing internet non-compliant in a single foop" can be avoided: If I send DNT=1 and a server does not respond with any DNT-related info, then a user cannot tell whether his preference is followed. Therefore, I would call this site non-compliant. > > > Regards, > matthias > > > On 12/20/2011 7:07 PM, David Singer wrote: >> >> On Dec 19, 2011, at 17:26 , Shane Wiley wrote: >> >>> I agree with JC as we'll have publishers/web servers that will take time to upgrade to DNT support once the standard is out. It'll take several years (if not longer if you look at the IE6 deprecation timeline) for all servers to get to a point where they can provide DNT Response Headers. >> >> well, that's a different question (if you get a request, is a response required?). (the answer is no, we can't, or we make the entire existing internet non-compliant in a single foop). >> >> this is the opposite; can you (must you?) send a response WITHOUT a request. I'm pretty clear that responses without a request should be allowed. I cannot for the life of me imagine how we would think that they are mandatory, even for sites that track. >> >>> I would assume if a server does not provide a response header it does not support DNT (either technical or by policy). >>> >>> - Shane >>> >>> -----Original Message----- >>> From: JC Cannon [mailto:jccannon@microsoft.com] >>> Sent: Monday, December 19, 2011 6:22 PM >>> To: David Singer; Tracking Protection Working Group WG >>> Subject: RE: tracking-ISSUE-105: Response header without request >>> header? [Tracking Preference Expression (DNT)] >>> >>> I expect that the guidance will be "MAY send response header" vs. "MUST" or "SHOULD". >>> >>> JC >>> >>> -----Original Message----- >>> From: David Singer [mailto:singer@apple.com] >>> Sent: Monday, December 19, 2011 12:18 PM >>> To: Tracking Protection Working Group WG >>> Subject: Re: tracking-ISSUE-105: Response header without request >>> header? [Tracking Preference Expression (DNT)] >>> >>> I hope so. Simple sites that do no tracking should be allowed to configure a static 'response' header, saying so, into their config files. >>> >>> >>> On Dec 19, 2011, at 9:35 , Tracking Protection Working Group Issue Tracker wrote: >>> >>>> >>>> tracking-ISSUE-105: Response header without request header? >>>> [Tracking Preference Expression (DNT)] >>>> >>>> http://www.w3.org/2011/tracking-protection/track/issues/105 >>>> >>>> Raised by: Matthias Schunter >>>> On product: Tracking Preference Expression (DNT) >>>> >>>> Should a site be required to send a response header even if no request header was received? >>>> >>>> [Spawned off ISSUE-51 during 2011-11-30 Telco] >>>> >>>> >>>> >>> >>> David Singer >>> Multimedia and Software Standards, Apple Inc. >>> >>> >>> >>> >>> >>> >> >> David Singer >> Multimedia and Software Standards, Apple Inc. >> >> >> >> > > > > > >
Received on Wednesday, 21 December 2011 08:22:49 UTC