- From: Ted Hardie <hardie@thornhill.arc.nasa.gov>
- Date: Mon, 28 Jul 1997 14:34:52 -0700
- To: "David W. Morris" <dwm@xpasc.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
On Jul 28, 1:32pm, David W. Morris wrote: > Intentionally no ... with good citizen seals and other future > possibilities, there may be no correlation we could see at the > protocol level and in the near term case, it seems reasonable that > IBM would have a corporate policy on use of the cookie information, > owned by the legal folks. That policy URL would exist on www.ibm.com > but be referenced by www.lotus.com, www.hursley.ibm.com, etc. Thanks for clarifying this. I certainly see why someone might want to reference a third-party hosted policy, whether it be hosted on a "main" corporate server, some policy org, or even at some site whose policy you just happen to admire. Inserting a third pary into a transaction for verification of anything has some known dangers, however (in fact, I have an odd memory of Brian Behlendorf raising a related issue a very long time ago). Minimally, the user-agent must be able to deal with the situation in which a comment-url is present but the site is unreachable or very slow. What, in particular, does it do with its connection to the cookie-providing site? If there is a user and she has requested to approve cookies, does it close the connection until approval? If not, can it or should it prevent the connection from closing, and if so, what would be the best method for doing so? A HEAD against the requested resource to make sure it has not changed? If the server closes the connection during this processing, should a client continue to try to reach the comment-url site and gain acceptance, or should it present an error? What happens if the user accepts the policy but, upon reconnect, a different cookie is presented? (In general, once a policy has been approved for a specific resource, should a UA consider it in force if the same URL is visited, even if a different cookie is presented, provided the same policy is referenced? That may seem like a no-brainer, but the first view of a cookie at a site may show much less than a view twenty items into the shopping basket later. When should someone be asked to re-view the policy and cookie?) Sorry for entering this discussion late with these questions. I can see that they are closely related to some of the others which have been raised, but they seem to me different enough to be worth voicing. Please feel free to point me to archived discussions of these points if I missed them in my look at the issue, best regards, Ted Hardie NASA NIC
Received on Monday, 28 July 1997 14:37:31 UTC