- From: M. Hedlund <hedlund@best.com>
- Date: Tue, 18 Mar 1997 10:07:52 -0800 (PST)
- To: "Jaye, Dan" <DJaye@engagetech.com>
- Cc: 'Yaron Goland' <yarong@microsoft.com>, "'dmerriman@doubleclick.net'" <dmerriman@doubleclick.net>, "'http-wg@cuckoo.hpl.hp.com'" <http-wg@cuckoo.hpl.hp.com>
On Fri, 14 Mar 1997, Jaye, Dan wrote: > I would like to suggest that we provide a mechanism, similar to a > Certificate Authority, that would allow for a "unverifiable transaction" > to be verified against a list of valid site certificates. These > certificates could be assigned levels, perhaps using the E-TRUST > trustmarks, and users could select their privacy level according to > those trustmarks. The default behavior could be for the cookies to be > rejected from all non-verifiable transactions except for ETrust Level 3 > (i.e., anonymous) site certificates. I agree that this is a fine suggestion. How about changing section 4.3.5, paragraph 1, sentence 4, from: > A transaction is verifiable if the user has the option to review the > request-URI prior to its use in the transaction. to: > A transaction is verifiable if the user _or a user-designated agent_ > has the option to review the request-URI prior to its use in the > transaction. (emphasis for review purposes). Would that give the specification sufficient flexibility for your recommendation to be implemented? M. Hedlund <hedlund@best.com>
Received on Tuesday, 18 March 1997 11:13:41 UTC