Re: Issues with the cookie draft

Yaron Goland wrote:
> I went through this same debate on the DAV group when I made a
> suggestion similar to Larry's. I was told, in no uncertain terms, that
> telling people to go off and write their own spec is not the IETF way.
> Rather it is the responsibility of the document editor to ensure that
> all comments are addressed to the satisfaction of the group. It is clear
> that this is not the case. In order to help the document editor out I
> will recap my major problems with the current specification. I hope
> others who have issues with the specification will do the same.

The circumstances are considerably different.

First, we're discussing a revision to a Proposed Standard which we
through working group consensus, last call, and IESG review, after
discussion of the very same points that are being re-raised. It is that
this issues were not previously considered, it was considered
at great length.

Secondly, I am not suggesting that you go off and write your own
I am suggesting that you explicate your own point of view in an
draft which explains how this particular element of the protocol should
and what the privacy and security implications are for that alternative.
We certainly would need to justify any change in position on the issue
privacy and cookies from the one we've promoted over the last year, and
that justification is written and the privacy considerations explained,
won't get past the IESG, much less the press.

Personally, I am skeptical that it is possible to deal with the privacy
issues. However, on the mailing list, various people (including you)
have made rather forthright assertions that there is an alternative
provides adequate(? equivalent? different but just as important?)
guarantees. However, these details have been floating by in the middle
of mail messages that also allude to the business models of the various
companies that are engaged in advertising. If a separate proposal is
we'll be able to evaluate the privacy concerns independently of the

So, I will continue to call for volunteer(s) to write up an alternative
proposal to Dave Kristol's soon-to-be-issued internet draft, and ask
we defer discussion of that particular issue until we have at least an
interim draft of an alternative that is claimed by its authors
to deal with the requirements credibly. 


(as HTTP-WG chair)

Received on Tuesday, 18 March 1997 20:09:25 UTC