RE: Unverifiable Transactions / Cookie draft

On Fri, 14 Mar 1997, Jaye, Dan wrote:
> I would like to suggest that we provide a mechanism, similar to a
> Certificate Authority, that would allow for a "unverifiable transaction"
> to be verified against a list of valid site certificates.  These
> certificates could be assigned levels, perhaps using the E-TRUST
> trustmarks, and users could select their privacy level according to
> those trustmarks.  The default behavior could be for the cookies to be
> rejected from all non-verifiable transactions except for ETrust Level 3
> (i.e., anonymous) site certificates.

I agree that this is a fine suggestion.  How about changing section 4.3.5,
paragraph 1, sentence 4, from:

> A transaction is verifiable if the user has the option to review the
> request-URI prior to its use in the transaction. 

to:

> A transaction is verifiable if the user _or a user-designated agent_
> has the option to review the request-URI prior to its use in the
> transaction. 

(emphasis for review purposes).

Would that give the specification sufficient flexibility for your
recommendation to be implemented?

M. Hedlund <hedlund@best.com>

Received on Tuesday, 18 March 1997 11:13:41 UTC