W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 1997

Re: FW: revised trusted cookie spec

From: Koen Holtman <koen@win.tue.nl>
Date: Tue, 2 Sep 1997 21:19:32 +0200 (MET DST)
Message-Id: <199709021919.VAA12325@wsooti08.win.tue.nl>
To: Larry Masinter <masinter@parc.xerox.com>
Cc: DJaye@engagetech.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/4263
Larry Masinter:
>It was hard to separate your quotation from your statement, but I think
>you said:
>> My proposal does not put the privacy policy inside the state mgt 
>> mechanism.  A separate PICS-Label header is used.  It merely 
>> establishes how you relate cookie handling to privacy policies.  Do 
>> you think it is unnecessary to establish that link (from within the 
>> http protocol)?
>I think a privacy policy should be more comprehensive than merely a
>policy about cookie handling, so a Pics-Label header that's solely
>useful for labelling cookies seems pretty useless to me.

Larry, would you be happy with a spec which defines

a) an extensible Pics-Label header for conveying information about
   privacy policies
b) the specific cookie-related instance of this extensible header?

Or are you saying that this is to weak, and that we need a complete,
comprehensive scheme which handles cookies, passwords, business cards,
and so on, under a single unified unterface?

I would be with you on calling for an extensible header, but a call
for the development of a comprehensive scheme goes too far for me.  In
my opinion, a call for completeness will guarantee that there will
never be any convergence (because too many people with advertising
business models will be opposed to it), and I want to see convergence
on something which improves on the current cookie situation, even if it
does nothing more than that.


Received on Tuesday, 2 September 1997 12:24:19 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:03 UTC