W3C home > Mailing lists > Public > www-p3p-policy@w3.org > August 2001

Disavowing Legal Liability

From: Ben Wright <Ben_Wright@compuserve.com>
Date: Thu, 23 Aug 2001 15:45:55 -0400
To: P3P Policy <www-p3p-policy@w3.org>
Message-ID: <200108231546_MC3-DD72-7BDD@compuserve.com>
P3P Policy List:

I am a lawyer studying Internet Explorer 6's implementation of P3P.  

Web administrators will be reacting to IE 6's P3P implementation as the
browser is rolled out to the market.  I am concerned that administrators
will expose themselves to unwarranted legal liability through the
statements they try to make in compact P3P policies.  I'm looking for a way
to disclaim liability in compact policies.

I'm thinking about suggesting that web administrators add the token "DSA"
at the end of their compact policies.  DSA is not defined in the P3P
specification, but it would be defined in full P3P policies and elsewhere
as meaning that the web administrator disavows any legal liability
associated with the compact policy.

I see in the update for P3P specification section 4.2 that "If an
unrecognized token appears in a compact policy, the compact policy has the
same semantics as if that token was not present." 

My question:  Suppose a user agent like IE 6 sees, with respect to a
certain cookie, a compact policy that ends with the token "DSA". For
purposes of the user agent's decision on how to handle the cookie, will the
agent simply ignore the DSA token and treat the cookie as it otherwise
would in the absence of the token?  It seems to me that the answer should
be yes, but I'm not technically savvy enough to know for sure.  

Is anyone aware of someone doing something like this?

I would be happy to hear other thoughts anyone wishes to share about this

--Ben Wright
tel 214-403-6642
Received on Thursday, 23 August 2001 15:47:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:07 UTC