Re: ISSUE-95: May an institution or network provider set a tracking preference for a user? from Rigo Wenning on 2012-01-06 (public-tracking@w3.org from January 2012)

From: Rigo Wenning <rigo@w3.org>
Date: Fri, 06 Jan 2012 15:16:31 +0100
To: public-tracking@w3.org
Cc: Thomas Roessler <tlr@w3.org>, Bjoern Hoehrmann <derhoermi@gmx.net>
Message-ID: <3014919.Nuam8KSlHy@freud>

My initial aim in issue 95 (I was cited) was, that the DNT Specification makes 
assertions over HTTP behavior. This may cause trouble as you indicate below, 
because we specify in foreign territory. My argument is purely formalistc: We 
should not express normative expectations on things that are ruled elsewhere. 
Because this adds confusion and someone reading only the HTTP Specification 
will not be aware of the requirements by the DNT Specification. And your DNT 
header will pass by networks who do not know about the DNT Specification.

So why I'm very comfortable having even a strong preference/expectation 
expressed in the DNT Specification that intermediaries should not tinker with 
the DNT header, we would have to liaise with the HTTP WG to ask them to write 
that normatively into _their_ Specification.

Again, we all agree on the desired outcome. The rest is a formalistic argument 
that is about social rulemaking rules. And there it makes sense not to 
trespass into the HTTP Specification (e.g. what about caching etc).

Best, 

Rigo

On Friday 23 December 2011 10:14:31 Thomas Roessler wrote:
> If you look at draft-ietf-httpbis-p2-semantics-17 (the almost-done revision 
of HTTP), one of the considerations that's explicitly called out for new 
header specifications is:
> >    o  Under what conditions intermediaries are allowed to modify the
> >    
> >       header field's value, insert or delete it.
> 
> That question is answered by the current "MUST NOT" text.
> 
> Meanwhile, I believe that we're in violent agreement on the actual substance
> here, and would respectfully suggest that we move on.
> 
> --
> Thomas Roessler, W3C  <tlr@w3.org>  (@roessler)
> 
> On 2011-12-23, at 04:03 +0100, Bjoern Hoehrmann wrote:
> > * Thomas Roessler wrote:
> >> 1. On the technical level, HTTP is specified (among other things) in
> >> terms of user agent behavior, server behavior, and intermediary
> >> behavior.  It, for example, says how intermediaries handle hop-to-hop
> >> header, how caching behavior is controlled by the protocol, and all
> >> that.  Intermediaries are participants in that protocol, and they
> >> actually are developed according to specifications.  Therefore, on the
> >> technical level, we need the "intermediaries MUST NOT mess with this
> >> header" note.  That's part of the technical protocol specification.
> > 
> > I am saying that HTTP does not allow intermediaries to rewrite, add, or
> > remove the "dnt" header without the user agreeing to that in some way.
> > If you can demonstrate that HTTP allows this, please go ahead and do so.

Received on Friday, 6 January 2012 14:16:58 UTC