- From: Koen Holtman <koen@win.tue.nl>
- Date: Mon, 8 Sep 1997 19:39:52 +0200 (MET DST)
- To: Larry Masinter <masinter@parc.xerox.com>
- Cc: koen@win.tue.nl, DJaye@engagetech.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Larry Masinter: >[Koen Holtman:] >> Larry, would you be happy with a spec which defines >> >> a) an extensible Pics-Label header for conveying information about >> privacy policies >> b) the specific cookie-related instance of this extensible header? [...] >I'm just not at all certain that this kind of policy issue belongs >in HTTP at all. What if, for example, there were an HTML HEAD element >that could contain a site's policies or links to them, and that >before actually storing any cookie to disk, the policy could >be determined? > >Putting this kind of information in the protocol seems like it violates >the boundary between protocol and application in a way that doesn't feel >right to me. Strange. My feelings on what is right are just the other way around. I think that a boundary would be violated if we were to use HTML to take care of the HTTP cookie privacy issues. We cannot rely on having HTML whenever we have HTTP cookies. What happens, for example, for a site based on vrml or java content? The cookie pricavy policy mechanisms should be able to use HTTP headers for the same reason that PICS content labels are able to HTTP headers. >Larry Koen.
Received on Monday, 8 September 1997 10:45:41 UTC