- From: Rigo Wenning <rigo@w3.org>
- Date: Mon, 27 Aug 2018 12:14:35 +0200
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>, HTTP Working Group <ietf-http-wg@w3.org>
- Cc: Mike West <mkwst@google.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, squid3@treenet.co.nz
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Monday, August 27, 2018 12:02:32 PM CEST Poul-Henning Kamp wrote: > Historically pretty much anything the server has ever had any > amount of control over has been used to track users across the > network, so there is a very strong case for not making the same > mistake again, and give the client complete control. And a lot of business cases are totally dependent on this. My suggestion is NOT to be disruptive, but to create a new identifier and keep cookies for those. Over time, people will use to the new identifier as it will be easier to handle and more reliable and easier in GDPR compliance etc. Remember that people erase their cookies at least once a month nowadays. Carving out easy good use cases (like authentication) and leaving the others with the broken cookie world is the basic idea why I jumped on the bandwagon. --Rigo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEvjoqZTaQXUCffv5tfUgJiEo2QCsFAluDzwsACgkQfUgJiEo2 QCttUg/5AUb0RkJ7Ym9DrgsqFSBe6OE8O1vFeWtJScKGyhJtn4MKzqYYXqW3XYVz KazM+3ca/+jMdZoVrp6K1eCD5iq+T4N+6YxReYogR/1Gugb8eLzbwvZxPqgfigtE CZO4yg0r/eZeQGnzZm1IeI+zl3pGVlk5bPgG4dNM1Me4gWAIFGTNjc2WVs++WdM0 BaYQVXc2dfvrIHSSyQz8K+Ir1R2qmpwDD7KsjcH0OLxr5sv+sluQtbs+ZL1JzOOR 2b6sJO8DXP7KvZUeeMHhXgsRo4ubAyYtqRP87fxHTyZw3yFK6NxVzrrHo8Xm/Uew CmxacuuZdvQ0RwziuhoGNhmjHN7wFSa4hD7iGAlZ0eFd3ICTYvOxPBbld+55OkXi 12sbFJWd/to7tZ/VhOTquj2DzhEEyDupYqZ8O1T/khtxqXTbt+vfAQz4IkOOElU1 NoTdcB1djii4Mwbhv0Sqok8ZXd1T0f+mGrlEW6WmsLKojEiHCw56QRWr/RNWk5LY iGQ+1dGtihQOkC6J8N6g6DcSskOcUjWNQfzze1pkg7kfs+6dU46iDkLQYOpzsOds C70UwLDJ5dEhIPjjB+33a2x+5M56j+g6+mUQiSokAsCel3nEUfyqaZMYvOfxBrtf 72K919NTR0SHSGgBFhZtly912oi6cYiwu0EUwkFSbSVUD/5yfe4= =aVDx -----END PGP SIGNATURE-----
Received on Monday, 27 August 2018 10:14:42 UTC