Re: Issues with the cookie draft from Larry Masinter on 1997-03-19 (ietf-http-wg@w3.org from January to March 1997)

From: Larry Masinter <masinter@parc.xerox.com>
Date: Tue, 18 Mar 1997 20:07:43 PST
To: Yaron Goland <yarong@microsoft.com>
Cc: http-wg@cuckoo.hpl.hp.com
Message-Id: <332F668F.527B@parc.xerox.com>

Yaron Goland wrote:
> 
> I went through this same debate on the DAV group when I made a
> suggestion similar to Larry's. I was told, in no uncertain terms, that
> telling people to go off and write their own spec is not the IETF way.
> Rather it is the responsibility of the document editor to ensure that
> all comments are addressed to the satisfaction of the group. It is clear
> that this is not the case. In order to help the document editor out I
> will recap my major problems with the current specification. I hope
> others who have issues with the specification will do the same.

The circumstances are considerably different.

First, we're discussing a revision to a Proposed Standard which we
passed
through working group consensus, last call, and IESG review, after
considerable
discussion of the very same points that are being re-raised. It is that
this issues were not previously considered, it was considered
at great length.

Secondly, I am not suggesting that you go off and write your own
protocol,
I am suggesting that you explicate your own point of view in an
auxiliary
draft which explains how this particular element of the protocol should
work,
and what the privacy and security implications are for that alternative.
We certainly would need to justify any change in position on the issue
of
privacy and cookies from the one we've promoted over the last year, and
until
that justification is written and the privacy considerations explained,
we
won't get past the IESG, much less the press.

Personally, I am skeptical that it is possible to deal with the privacy
issues. However, on the mailing list, various people (including you)
have made rather forthright assertions that there is an alternative
which
provides adequate(? equivalent? different but just as important?)
privacy
guarantees. However, these details have been floating by in the middle
of mail messages that also allude to the business models of the various
companies that are engaged in advertising. If a separate proposal is
written,
we'll be able to evaluate the privacy concerns independently of the
business
considerations.

So, I will continue to call for volunteer(s) to write up an alternative
proposal to Dave Kristol's soon-to-be-issued internet draft, and ask
that
we defer discussion of that particular issue until we have at least an
interim draft of an alternative that is claimed by its authors
to deal with the requirements credibly. 

Regards,

Larry
(as HTTP-WG chair)

Received on Tuesday, 18 March 1997 20:09:25 UTC