Re: errata for cookie spec from Matthew Rubenstein on 1997-02-06 (www-talk@w3.org from January to February 1997)

From: Matthew Rubenstein <ruby@name.net>
Date: Thu, 06 Feb 1997 18:39:31 -0500
To: Jeremey Barrett <jeremey@veriweb.com>
Cc: www-talk@w3.org
Message-Id: <2.2.32.19970206233931.008b9e90@mail.name.net>

At 12:40 PM 2/6/97 -0800, Jeremey Barrett wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>>         As a WWW developer since 1994, I was relieved by the arrival of
>> cookies as a client state storage mechanism.

>>Suggestions from the UA that the user turn off
>> cookies for "security" merely break these apps, while keeping failing to
>> keep any info "private".
>
>Misinformation about the privacy risks of cookies is very damaging to 
>the many legitimate applications that require them. However, I know
>of _no_ case where as an application developer or a user I would want 
>a user-agent to send cookies to a domain that does not match that of 
>the enclosing document.
>
>This should be configurable of course, perhaps with the ability to block
>cookies to particular sites.
>
>Maintaining privacy does _not_ break legitimate apps, in fact it makes them
>less likely to break. Currently, many people turn off cookies altogether
>in fear of the privacy risks. Certainly that will break cookie-requiring
>apps.

        We're in complete agreement. I didn't say that UAs should allow any
receiving "domain" access to cookies stored by another; _that_ access could
be a security breach. A domain can encrypt the cookie and "secure" the data
from everyone: this technique can be employed to keep a usage counter
current and accurate, in spite of attempted user intervention.

        Domains' cookies should be partitioned from one another. However,
preventing a domain from sending its cookie to another domain's server for
parsing only forces the sender to use out-of-band communication between
servers - higher cost, especially in syncing the timing with the user's
navigation between the servers. Whether this feature is outside the scope of
a data format/protocol for recording domain-specific state is a valid
concern to implementors of the UA, but end-runs around its intended
"security" (acually privacy) aspect are so readily available that it merely
shuts out legitimate developers with no appreciable gain.

        We can all get what we want from cookies. Proprietary Net clients
can save state; there's no reason to cripple the "universal client" that WWW
UAs strive to be for no effective gains. 
>Jeremey Barrett                                  VeriWeb Internet Corp.
--
Matthew Rubenstein                     North American Media Engines
Toronto, Ontario   *finger matt for public key*       (416)943-1010

               They also surf who only stand on waves.

Received on Thursday, 6 February 1997 18:40:33 UTC