RE: Modifying a DNT Header (ISSUE-153, ACTION-285)


'For the sake of moving this process forward.'

I believe that's the core issue you're missing.  If there is no way to solve for this issue (disagree this is a Halting Problem as we're only suggesting a UA protect its own settings, not attempting to understand another's application/settings), then DNT will mostly likely NOT be implemented in the real-world.

This is "that" significant.

- Shane

-----Original Message-----
From: Walter van Holst [] 
Sent: Friday, November 09, 2012 12:47 PM
Subject: Re: Modifying a DNT Header (ISSUE-153, ACTION-285)

On 9 nov. 2012, at 20:28, Shane Wiley <> wrote:

> Outside of true malware, I believe there are many settings UAs attempt to protect (Certs & Keys, for example) and we're asking for a similar level of protection here to ensure only those plug-ins/apps that have a valid handshake with the UA are able to modify the setting (and appropriately record what party is making the change).

Apples and oranges, SSL certs can only provide a reasonable level of confidence that no Man-In-The-Middle attack is taking place at the HTTPS connection level. Once you move beyond the HTTPS end points there is little you can do unless you control the hardware at the silicon level and even then it is a non-trivial if not hard computer science problem.

> As this is a voluntary standard, attempts to call something that Server-side implementers are clearly interested in as "rat holing" is not going to help the process move forward.

Given that Turing's Halting Problem is practically Computer Science 101 stuff, I do not think that David Singer's use of that metaphor is unjust, let alone unconstructive. It has been mathematically proven that this is a problem we cannot solve in this universe. So unless you're aiming for a Fields Medal instead of a workable W3C standard, I would humbly suggest to let this rest. For the sake of moving this process forward.



Received on Friday, 9 November 2012 19:55:00 UTC