- From: M. Hedlund <hedlund@best.com>
- Date: Fri, 8 Dec 1995 17:11:10 -0700
- To: Shel Kaphan <sjk@amazon.com>, Koen Holtman <koen@win.tue.nl>
- Cc: Dave Kristol <dmk@allegra.att.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, montulli@mozilla.com, eric@spyglass.com
At 4:52 PM 12/8/95, Shel Kaphan wrote:
>Whether there is consensus (of any texture) for it or not, I think the
>reasonable thing to do under the circumstances is to compare it
>critically to the Netscape Cookie Proposal
See <URL:http://www.ics.uci.edu/pub/ietf/http/hypermail/1995q4/0161.html>
for a comparison on privacy issues. I don't think there's any valid
comparison between the two other than: 'state-info:' addresses privacy, and
'cookie:' does not.[1]
Lou's objection was that it would be impractical to store all shopping
basket information in one header. I disagreed (as an implementor of
several shopping-basket type applications) and others did as well. I
suggested that if Lou felt this was a serious concern, perhaps we could add
the cookie proposal's concept of "path" to state-info. Koen objected that
"path" was only a minor improvement. Lou, would the addition of "path"
overcome your objections to 'state-info:'? If not, what would?
M. Hedlund <hedlund@best.com>
[1] My favorite quote on the issue:
"Currently, when you first use the Netscape program,
a message is sent to our server in Mountain View, and
we retrieve what we call the Magic Cookie, and this
Magic Cookie uniquely identifies you. The second
time you run our program, our central system checks
if we have received that Magic Cookie before."
-Jim Clark, _The Red Herring_, Nov. 95, p. 70
Received on Friday, 8 December 1995 17:11:36 UTC