- From: Joseph Reagle <reagle@w3.org>
- Date: Tue, 6 May 2003 12:52:03 -0400
- To: "Giles Hogben" <giles.hogben@jrc.it>, "Public-P3p-Spec" <public-p3p-spec@w3.org>
On Tuesday 06 May 2003 12:11, Giles Hogben wrote: > It offers a "visible" sign of commitment to the privacy policy. It does, and in as far as that happens that is a good thing. However, I have two comments: 1. Would it lead to the presumption that a unsigned P3P policy is somehow less committed to or binding? 2. Who exactly is validating the signature? This isn't something users are likely to comprehend or be able to easily do. (How is it that they are getting the service's public key for the validation, this presumes a level of infrastructure and knowledge which is not yet present.) So I think a signed privacy is a nice exercise, but don't find it that compelling in the b2c scenario and might weaken the interpretation of a unsigned policy.
Received on Tuesday, 6 May 2003 12:52:08 UTC