RE: action-231, issue-153 requirements on other software that sets DNT headers

Clearing this thread to try to get back to the essence of the issue.  Here's the background information I'm using to frame the issue in my head.  

- Section 4.2 explicitly calls out that: "An HTTP intermediary must not add, delete, or modify the DNT header field in requests forwarded through that intermediary unless that intermediary has been specifically installed or configured to do so by the user making the requests."  
- RFC 2616 (HTTP 1.1) defines "User Agent" specifically as "The client which initiates a request", and subdefines "client" as "A program that establishes connections for the purpose of sending requests."  It doesn't explicitly define "intermediary", but uses the term in the definitions of "proxy", "gateway", and "tunnel" .  
- We have to go to RFC 6202 (Bidirection HTTP) for an attempt at defining the term "intermediary" - but note that this is 12 years after 2616 - and even this is a weak rehashing of the 2616 text.  

Given that the User Agent is the client which initiates the request, there are two main classes of software that may affect the outbound HTTP header:
1 - Software that falls into the traditional classification of "intermediary", as in proxies, gateways, and tunnels.  This type of software has access to the HTTP request after it has left the User Agent.  
2 - Software that can modify the outbound HTTP headers in the User Agent, as in plugins and toolbars.  This type of software has access to the HTTP request before it has left the User Agent.  

My read of the specific concern (as raised in issue-150) is that, given that some plugins and toolbars (class 2) *do* have access to the outbound HTTP headers, but *do not* have (or have not sought) access to modify the DNT state in the User Agent settings, a user can currently end up with a User Agent UI that indicates one DNT state, while they are sending another.   

Given that neither issue-150 nor issue-153 is currently resolved, am I correct to understand that it is currently permissible for a plugin or toolbar to modify the DNT state on the HTTP request without altering the DNT state selected in the User Agent UI?  


Received on Wednesday, 19 September 2012 09:12:56 UTC