HTTP State Management Mechanism draft question from Paul Grand on 1996-08-12 (ietf-http-wg@w3.org from July to September 1996)

From: Paul Grand <pgrand@netcount.com>
Date: Mon, 12 Aug 1996 12:55:25 -0700
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <v03007811ae353c9d8c83@[206.17.62.80]>

Gentlemen,

In my review of your document "HTTP State Management Mechanism" dated July
19, 1996, I have come across two points that I find would impede commerce in
web usage by eliminating state retention mechanisms.

In the next to last paragraph of section 7.1, it is suggested that at the
conclusion of a user agent session, the user agent inquire of the operator
if the state information should be retained.  The proposed default value is
"No".  This makes it more costly in user agent time and server resources to
reestablish the user agent's state.  This raises privacy concerns as it
makes it mandatory for one web service to maintain a central database of
users' state information.  What is the reason for this?

In section 4.3.5 eliminating the ability of having "unverifiable"
redirection impairs the ability of the web service (chosen by the user agent
operator) to engage in using the services of a third party for advertising,
content building, download specialized "plugins" or other usage.  This hurts
web commerce.  Why is this proposed?

The implementation of these two items would have two deleterious effects:
First, they would decrease the privacy and anonymity of web users by storing
data about user agents / individuals on servers, not at the user agent,
under user agent / individual control.  Additionally, login and password
exchanges would be required, allowing identity spoofing.

Second, they would increase the storage, processing and communication
requirements of web servers.  Re-establishing inter-session states would
require server operators to send and receive extra messages (logins and
passwords), extra disk space to keep the personal login, password, and state
information, and extra processing to operate a state recover mechanism.

I understand that the IESG plans to make a decision about the proposed
"HTTP State Management Mechanism" document and has requested that all
comments be delivered by August 20th.  Please reply in as complete and
timely manner as possible so that I may most effectively deliver my
comments.

Thank you for your prompt attention.

Best regards,

Paul Grand

_________________________________________________________________________
 Paul Grand                              e-mail: pgrand@netcount.com
 Chairman                                   WWW: http://www.netcount.com
 NetCount LLC                             Voice: (800) 700-0638
 1645 N. Vine Street,             International: (213) 848-5700
 Los Angeles, CA 90028                      FAX: (213) 848-5499
_________________________________________________________________________

Received on Monday, 12 August 1996 13:04:48 UTC