Re: SHOULD or MUST for responses to DNT;1?

On Jan 19, 2012, at 12:03 , Matthias Schunter wrote:

> 
> Hi Karl,
> 
> The points I tried to make here is that
> A) it is testable whether a response header has been sent
> B) it is testable whether this response header contains a field like 'I
> promise to implement DNT and I will adhere to the requirement put forward
> in the compliance spec'.
> C) It is not testable from the outside whether a site in fact adheres to
> these promises.
> 
> Eg if we were to require 'no recording if IP addresses', compliance is hard
> to test from the outside,
> 
> Matthias

Right.  But it may be actionable if *in the same transaction* you promised me you were doing X, and actually you were not (e.g. you promised you adhered to a rule that said "must not record IP address" and it later turns out my IP address is in your database).  We need the 'must' to make not actionable, even if it's not testable.


David Singer
Multimedia and Software Standards, Apple Inc.

Received on Thursday, 19 January 2012 20:28:36 UTC