RE: Issue-207 from Mike O'Neill on 2014-04-18 (public-tracking@w3.org from April 2014)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Fri, 18 Apr 2014 20:15:07 +0100
To: "'Roy T. Fielding'" <fielding@gbiv.com>, "'Walter van Holst'" <walter.van.holst@xs4all.nl>
Cc: <public-tracking@w3.org>
Message-ID: <007a01cf5b3a$83170b30$89452190$@baycloud.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If that is the only reason to send a D ("we have reason to believe this DNT signal does not reflect the user's intention") then we do not need a qualifier, just specify that as the only justification for it in the TCS. If there are other possible reasons then, for transparency, there has to be a way of signalling the relevant one to the user.

The UA may indicate the response in some way, and the user is able draw conclusions from it.

mike


> -----Original Message-----
> From: Roy T. Fielding [mailto:fielding@gbiv.com]
> Sent: 18 April 2014 19:23
> To: Walter van Holst
> Cc: public-tracking@w3.org
> Subject: Re: Issue-207
> 
> On Apr 18, 2014, at 10:41 AM, Walter van Holst wrote:
> 
> > Rob already as argued for this better than I can. It only stands to
> > reason that syntactically well-formed DNT requests are honoured without
> > second guessing the user.
> 
> No, that doesn't stand to reason, anywhere.  We don't honor requests
> from clients that match the pattern of a denial of service attack.
> We don't honor purchases made with a stolen credit card.  We don't
> honor requests that appear to be gatewayed through a phishing site.
> We frequently don't honor requests that pass through an export-controlled
> location. And we sure don't honor HTTP protocol fields from user agents
> that lie about their capabilities or semantics.
> 
> I will never support a standard that allows a user agent to lie about
> its semantics to a server without any corresponding power of the server
> to recognize that lie and work around the bug.  That would only
> encourage unscrupulous actors to manipulate standard protocols for
> their own personal gain.
> 
> If a user agent does not adhere to the semantics of the protocol,
> the signal will be ignored.  This is not subject to the WG's opinion.
> Whether or not a "D" is sent after a signal is ignored is what
> is subject to the WG's opinion.
> 
> ....Roy
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.2.42.4591 - http://www.gpg4o.de/
Charset: utf-8

iQEcBAEBAgAGBQJTUXm6AAoJEHMxUy4uXm2JA54IAMGloJfE7P4c3tk4ENqyeqBS
Vke/7moiNUZ+/l32Q8KwxOatt3WrdmLafUIJBX5L5rXmn+PK4dyJJnu+grFXMKoz
+SDdwIAv4xoPM/9hw7D5loYZ5BAaWG1SLogDcLePIoRsBaf7bCP1NY0x8jzHDznz
4J3ScoVzhFv7i592MVOKwXpC3nLCUIUh8UmaCdplXGekTel+9ORQNKbz7Y5XVPs7
sul9+vsIuZf4W9JYShWwTRaxeZkiD9KDCG8uvCN5lke+DoGpr6gfuRz92M+E7xmX
ykldJtgYfCfd7p7Abg9SKukhOH6CAKsnfilT5gw2XWyCNJyoqGF36nGd4v6ukkI=
=Cu9j
-----END PGP SIGNATURE-----

Received on Friday, 18 April 2014 19:15:55 UTC