Re: tracking-ISSUE-264: requirement on UAs for setting cookies [TPE Last Call] from Roy T. Fielding on 2014-09-10 (public-tracking@w3.org from September 2014)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Tue, 9 Sep 2014 17:13:43 -0700
To: Tracking Protection Working Group <public-tracking@w3.org>
Message-Id: <B4EB988F-622B-4C53-AABA-3EF6FFE1C783@gbiv.com>

On 13/07/2014 04:19, Tracking Protection Working Group Issue Tracker wrote:

> http://www.w3.org/2011/tracking-protection/track/issues/264
> 
> Raised by: Xuemei Yan On product: TPE Last Call
> 
> http://lists.w3.org/Archives/Public/public-tracking-comments/2014Jun/att-0013/comments_on_working_draft_of_tracking_preference_expression_DNT_.doc
> 
> Comment: A user agent MUST NOT block the transmission of any Cookie,
> also MUST NOT block the operation of setting cookie upon the receipt
> of any request. Reason: In general, A user agent will configurate an
> option for user to close the cookie. If removal of the cookie, the
> internet service can not be used in normal condition.

WONTFIX. This comment has nothing to do with TPE.

How a user agent is configured to send (or not send) Cookies is defined by the Cookie RFC and HTTP/1.1. In general, the choice of sending Cookie header fields is left to the user agent configuration, since the right balance between privacy and site (dys)function can only be chosen by the user. A user can make such choices independent of their DNT configuration.

....Roy

Received on Wednesday, 10 September 2014 00:14:05 UTC