- From: Yaron Goland <yarong@microsoft.com>
- Date: Mon, 24 Mar 1997 19:27:43 -0800
- To: "'David W. Morris'" <dwm@xpasc.com>, Jonathan Stark <stark@commerce.net>
- Cc: http-wg@cuckoo.hpl.hp.com
Why not just make the comment field syntax into something like CommentAttribute = "Comment" "=" (Quoted-String | "<" URI ">") ? Yaron > -----Original Message----- > From: David W. Morris [SMTP:dwm@xpasc.com] > Sent: Monday, March 24, 1997 4:40 PM > To: Jonathan Stark > Cc: http-wg@cuckoo.hpl.hp.com > Subject: Re: RFC2109 addition... > > > > On Mon, 24 Mar 1997, Jonathan Stark wrote: > > > Here's a first crack at the text as I feel it should be included in > the > > RFC: > > > > -- > > CommentURL=commenturl > > Optional. The CommentURL allows an origin server to specify a > document > > that explains the usage of this cookie, and could optionally also > explain > > the policies governing the use of information collected through this > cookie. > > A user-agent can offer the user the option of inspecting this page > before > > accepting a cookie. Any cookies issued while attempting to retrieve > the > > document at commenturl should be refused. > > I have been working thru a similar idea before presenting it ... BUT > thus > far my thought is that there shouldn't be any restrictions on what the > URL points at, associated cookies, etc. except that we need to work > thru > the rules to make sure a privacy hole isn't created... but I think if > the rules are that retrieving this URL is like following any other > link > then I don't think there are any new exposures. (That is the cookie > issued by this link would have to fit the URL being retrieved.) THis > has the additional advantage in that language issues can be handled > via > normal UA / server negotiation. A suggested UI for an UA able to do so > would be to open a new browser window to follow the link. > > Dave Morris
Received on Monday, 24 March 1997 23:17:29 UTC