- From: David W. Morris <dwm@xpasc.com>
- Date: Sat, 11 Oct 1997 12:31:41 -0700 (PDT)
- To: Yaron Goland <yarong@microsoft.com>
- Cc: Dave Kristol <dmk@research.bell-labs.com>, http-state@lists.research.bell-labs.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
On Fri, 10 Oct 1997, Yaron Goland wrote: > An alternative proposal is to take the signed cookie draft and combine > it with the protocol draft and put that up as the standard. That way we > don't have to argue over heuristics which prevent legitimate > functionality and instead use a policy based system backed up with > authentication. This alternative would not be a complete solution since it would drop the default specification for cookie privacy when the cookie presented was not signed. I have no problem with an alternative which includes completing work on the signed cookie proposal but I see that as additional specification and not replacing some form of the existing privacy specifications. Dave Morris
Received on Saturday, 11 October 1997 12:34:13 UTC