W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

Re: Agenda for 2012-02-01 call (V02: added more incoming issues with text)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Tue, 7 Feb 2012 18:13:11 -0800
Cc: Tracking Protection Working Group WG <public-tracking@w3.org>
Message-Id: <F031E006-A2AF-46B3-ACFC-3F575893A4D6@gbiv.com>
To: David Singer <singer@apple.com>
On Feb 7, 2012, at 9:50 AM, David Singer wrote:
> The absence of a response header does have the huge downside that there is no 'automated discovery' of compliance in the transaction, and UAs that rely on that will assume the worst.  If we go with SHOULD, this needs clearly stating.

There is no automated discovery of compliance in headers, regardless.
Compliance to requirements that apply over time and across multiple
requests can only be detected by observing behavior over time and
multiple requests.  Just because a header says that the server complies
does not mean the server complies.  UAs that actually depend on compliance
should be checking against a curated list, just like fraud avoidance.

IMO, the response header is a complete waste of time and bytes.  It is
a very expensive delusion.

In the entire history of HTTP, the only other protocols that defined a
response header to indicated compliance were MIME-version (ignored),
DAV (ignored), PICS (failed), and P3P (ignored).  I don't understand why
this WG needs to make the same mistake.

Received on Wednesday, 8 February 2012 02:16:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:33 UTC