RE: FW: revised trusted cookie spec

>I agree 100%. I want the way a site tells me what it is doing with my
>private information to be available via a simple, consistent UA
>mechanism. I don't want one mechanism for cookies, another mechanism
for
>content negotiation, a third mechanism for deciding whether to supply
my
>email address as the password for anonymous FTP, another mechanism for
>deciding whether I want to supply personal information in forms I fill
>out using a web browser, another mechanism for deciding whether I want
>to supply personal information when interacting with a Java applet. I
>want just what you're calling for: a single, consistent UA mechanism,
>adapted for local preferences for charset and language, but I want it
to
>be useful for all of those mechanisms. Putting in "Comment" and/or
>"CommentURL" inside Set-Cookie does nothing to help out with any of the
>other situations in which privacy is also an issue, and is quite
>possibly inconsistent or incompatible with those other situations.

I agree -- one mechanism for handling private information would be much
better than separate mechanisms for cookies, Java, etc.  It should also
be pursued by another working group, so that http-state can handle the
rest of the revisions to the cookie spec.  This has been a tremendously
contentious issue, which should be handled in general purpose fashion
rather than on a case-by-case basis (which is what commentURL does).


Thanks for writing the above, Larry -- I was going to ask you exactly
why you objected to commentURL, but your email stated it very clearly
(and changed my mind to boot).
==========================================================
Mark Leighton Fisher          Thomson Consumer Electronics
fisherm@indy.tce.com          Indianapolis, IN
"Browser Torture Specialist, First Class"

Received on Tuesday, 19 August 1997 11:33:54 UTC