- From: David W. Morris <dwm@xpasc.com>
- Date: Tue, 18 Mar 1997 22:14:26 -0800 (PST)
- To: http-wg@cuckoo.hpl.hp.com
- Cc: http-wg@cuckoo.hpl.hp.com
On Tue, 18 Mar 1997, Phillip Lindsay wrote: > Despite what is implied above, many ad delivery implementations > currently "require" cookies to function correctly (e.g., sequence, > impression link). > Let's not trivialize the reality of the current situation. This > standard > will force thousands of web sites to change to support some new > ad delivery mechanism. By this statement you prove my concern justified. The RFC only requires that users be made aware of unverifiable transactions. If making the general user aware results in general rejection of such cookies by the user community, then I believe the sites using such cookies are today doing objectionable things with cookies and the requirement that the RFC remain as written is very important. If cross domain cookies are not objectionable to the general user population, then they won't be rejected and no changes will be required to continue using such cookies. Just like the argument is made that UAs should be allowed to differentiate themselves by cookie control features, I would argue that cookie-dispensing sites can differentiate themselves by doing the right kind of documentation and marketing to end users of the value to the end user of their use of cookies and how they use the information obtained via cookies. Knowing that DoubleClick has passed the ETrust (or whatever) audit/certification might convince me that they will not disclose their data and I might allow their cookies. But as its been said ... make the user aware, give them the choice. Dave Morris
Received on Tuesday, 18 March 1997 22:18:05 UTC