Re: draft-ietf-http-state-mgmt-01.txt LAST CALL

Marc Salomon:
[...1:n cookies...]
>Browser vendors that implement the enabling technology fully will
>have nothing to fear, but cannot be held responsible for the evil use
>of that value-neutral enabling technology by others.  

There is no such thing as value-neutral enabling technology.
Especially not after the mass media get involved.

>The threat of
>public crucifixion is the best incentive mechanism to prod browser
>vendors into giving the user complete control of what data are sent
>out in their name, cookies or anything else.

This threat can also be countered by not implementing 1:n cookies at
all, and I think that this the way browser vendors want to go.

The same thing has happened for java applets: they initially could
connect to every host on the network.  When this became a problem,
browser vendors did not respond by providing elaborate control
mechanisms, they simply restricted the interface so that the applet
could only connect to the host it came from.

I don't feel I can make my point more clear than I already did in this
thread.  This is really an argument about the public relations risks
the most conservative browser vendor is willing to take.  Only actual
browser vendors speaking up in this forum could settle this issue



Received on Monday, 17 June 1996 04:04:45 UTC