Re: Issues with the cookie draft

Dave Kristol:
>
>Yaron Goland <yarong@microsoft.com> wrote:
[...]
>  > Languages:
>  > As I mentioned in my original proposal, the accept-language header would
>  > server the purpose of choosing the language. In the worst case, the
>  > language is just English. The UTF8 Unicode encoding preserves the lower
>  > ASCII range so when dealing with downlevel clients, one sends UTF8
>  > English. I do admit woeful ignorance of the language tag issues. Any
>  > experts in the house?
>
>I'm also really bad on the language issues.  That's why I asked for more
>details.

I'm not a language expert, but my personal opinion as a `negotiation expert'
is that internationalisation of comments in headers is not ready for prime
time.  This is a tar pit I'd rather steer clear of.  Maybe it would be nice
to add a note that the comment could be the URL of a page which explains the
cookie in multiple languages.

>  > 4.3.2 Rejecting Cookies (how far into the domain do you go):
>  > I appreciate that it was a long and drawn out debate but that is not a
>  > sufficient rational for preventing perfectly reasonable behavior. The
>  > decision to stop at one domain level is completely arbitrary. It is no
>  > more and no less secure than 2 or infinite domain levels deep. I do not
>  > feel that an arbitrary choice is a good enough reason to include a
>  > requirement in a specification.
>
>It wasn't completely arbitrary.

Specifically, Netscape said that, according to the contacts they had with
multi-hosted sites, the 1 domain level restriction would not be too tight
for the kinds of services these people had in mind.  And privacy expectation
considerations led to us wanting a number as low as possible, so 1 domain it
was.

I don't remember that we had very long discussions about this, we just noted
that Netscape's initial choice was a good one.

Koen.

Received on Monday, 24 March 1997 11:56:57 UTC