W3C home > Mailing lists > Public > www-p3p-dev@w3.org > September 2001

Hints mechanism

From: Giles Hogben <giles.hogben@jrc.it>
Date: Fri, 28 Sep 2001 15:50:13 +0200
Message-ID: <00c301c14824$7f922030$162abf8b@pcdsa22>
To: "p3pdev" <www-p3p-dev@w3.org>

Having just read over the paragraph in the latest (sep) p3p spec about the
 new hints mechanism, I have 2 questions
1. The following is confusing me:

  "Before using a hinted policy reference, the user agent MUST check the
  well-known location and give precedence to any policy references directly
  declared by the host, with the well-known location taking the highest

  What exactly does "directly declared" mean - it is not clear to me whether
  this includes the p3p http header mechanism and link tag mechanisms or
  If it does, then I can't see what use the hints mechanism can be.
  If however, it allows user agents to make use of policy reference files
  even if there turns out to be no pref in the well-known location, then
  this allow unknown 3rd parties to state the location of a policy reference
  file. If so, doesn't this allow for the possibility of malicious
behavior -
  3rd party sites referring to bogus policy reference files?

  2. Am I right in saying that policy reference files (and policies) do not
  have to be located on the domain they are applied to? If this is the case,
  doesn't this, combined with the hints mechanism, allow poeple to put up
  completely bogus policies and prf files?


  Giles Hogben
Received on Friday, 28 September 2001 09:49:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:49:15 UTC