- From: Giles Hogben <giles.hogben@jrc.it>
- Date: Fri, 28 Sep 2001 15:50:13 +0200
- To: "p3pdev" <www-p3p-dev@w3.org>
Hi, Having just read over the paragraph in the latest (sep) p3p spec about the new hints mechanism, I have 2 questions 1. The following is confusing me: "Before using a hinted policy reference, the user agent MUST check the well-known location and give precedence to any policy references directly declared by the host, with the well-known location taking the highest precedence." What exactly does "directly declared" mean - it is not clear to me whether this includes the p3p http header mechanism and link tag mechanisms or not. If it does, then I can't see what use the hints mechanism can be. If however, it allows user agents to make use of policy reference files even if there turns out to be no pref in the well-known location, then does this allow unknown 3rd parties to state the location of a policy reference file. If so, doesn't this allow for the possibility of malicious behavior - 3rd party sites referring to bogus policy reference files? 2. Am I right in saying that policy reference files (and policies) do not have to be located on the domain they are applied to? If this is the case, doesn't this, combined with the hints mechanism, allow poeple to put up completely bogus policies and prf files? Thanks Giles Hogben
Received on Friday, 28 September 2001 09:49:30 UTC