Re: ISSUE-95: May an institution or network provider set a tracking preference for a user?

On 2011-12-22, at 01:41 +0100, Bjoern Hoehrmann wrote:

> * Thomas Roessler wrote:
>> How about we add some *non-normative* text to section 3 of the header
>> definition that explains things a bit more, but doesn't actually change
>> the nature of the protocol definition?  Borrowing heavily from Tom's
>> earlier text, I could imagine adding something like this to section 3:
> 
> I think it would be okay to have a non-normative clarification on the
> expected behavior of intermediaries. A normative note however, that'd
> say an intermediary must or should or should not or must not do some-
> thing or other, would likely be actively harmful (akin to putting up
> signs "do not violate the law in this area" in some places;

Bjoern — I think you're again conflating different levels of the conversation.

1. On the technical level, HTTP is specified (among other things) in terms of user agent behavior, server behavior, and intermediary behavior.  It, for example, says how intermediaries handle hop-to-hop header, how caching behavior is controlled by the protocol, and all that.  Intermediaries are participants in that protocol, and they actually are developed according to specifications.  Therefore, on the technical level, we need the "intermediaries MUST NOT mess with this header" note.  That's part of the technical protocol specification.

2. On the deployment and social level, there are all sorts of oddities going on.  I agree with you that we mustn't fool ourselves into thinking that we can influence those with a protocol MUST NOT — people violate protocols all the time.  As I said in my earlier note, I think it's fine to call that out in a non-normative note, based on the fine text that Tom and others had produced.

> if a user preference header specification does not say intermediaries must not modify the header, but the dnt-specification says the dnt preference must not be modified, you would have a harder time arguing that it's obvious that intermediaries do not control user preferences, because the people working on the dnt specification did not think it is).

I'm sorry, but you have this backwards.

HTTP header specifications include a specification of the expected intermediary behavior. What you call "obvious" here turns into an explicit protocol-level  "MUST NOT" about intermediaries modifying the header.

Stating that "MUST NOT" doesn't suddenly turn it into its own opposite, as you seem to fear.

Received on Thursday, 22 December 2011 12:35:21 UTC