W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 1997

Re: FW: revised trusted cookie spec

From: Koen Holtman <koen@win.tue.nl>
Date: Mon, 8 Sep 1997 19:39:52 +0200 (MET DST)
Message-Id: <199709081739.TAA23659@wsooti08.win.tue.nl>
To: Larry Masinter <masinter@parc.xerox.com>
Cc: koen@win.tue.nl, DJaye@engagetech.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/4359
Larry Masinter:
>[Koen Holtman:]
>> Larry, would you be happy with a spec which defines
>> a) an extensible Pics-Label header for conveying information about
>>    privacy policies
>> b) the specific cookie-related instance of this extensible header?


>I'm just not at all certain that this kind of policy issue belongs
>in HTTP at all. What if, for example, there were an HTML HEAD element
>that could contain a site's policies or links to them, and that
>before actually storing any cookie to disk, the policy could
>be determined?
>Putting this kind of information in the protocol seems like it violates
>the boundary between protocol and application in a way that doesn't feel
>right to me.

Strange.  My feelings on what is right are just the other way around.
I think that a boundary would be violated if we were to use HTML to
take care of the HTTP cookie privacy issues.  We cannot rely on having
HTML whenever we have HTTP cookies.  What happens, for example, for a
site based on vrml or java content?

The cookie pricavy policy mechanisms should be able to use HTTP
headers for the same reason that PICS content labels are able to HTTP


Received on Monday, 8 September 1997 10:45:41 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:03 UTC