- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Thu, 30 Aug 2001 11:08:35 -0400
- To: "Ben Wright" <Ben_Wright@compuserve.com>, <www-p3p-policy@w3.org>
By default IE6 does not block all cookies that do not have compact policies. Only third party cookies are blocked. See http://support.microsoft.com/support/kb/articles/Q283/1/85.ASP for more information. Regards, Lorrie Cranor ----- Original Message ----- From: "Ben Wright" <Ben_Wright@compuserve.com> To: <www-p3p-policy@w3.org> Sent: Thursday, August 30, 2001 10:56 AM Subject: Re: Disavowing Legal Liability > My thanks to Lorrie Cranor for the comment below to the effect that the > definining of a new token would be a mandatory extension, and that the > Specification forbids full policies with mandatory extensions to be > expressed as compact policies. > > Please help me understand. It appears that the P3P rules (as implemented by > Internet Explorer 6) are a trap for web adminstrators. > > A mandatory extenstion, as I understand it, is a way to define a new term. > If an honest web administrator feels she needs to use a mandatory extension > in order to express an honest and accurate privacy policy, then under the > rules she is forbidden from representing that policy in compact form. And > if she cannot make a compact policy, then IE 6 will block her cookies. > > Is my understanding correct? If it is, then the adminstrator is trapped, is > she not? If she wants to save her cookies, it seems she is forced to > publish an inaccurate privacy policy. > > Is there any way for her to get out of the trap? > > Thank you > > --Ben Wright > http://ourworld.compuserve.com/homepages/Ben_Wright > > >Message-ID: <010501c12c35$3a6263e0$3a06cf87@research.att.com> > >From: "Lorrie Cranor" <lorrie@research.att.com> > >To: "Ben Wright" <Ben_Wright@compuserve.com>, "P3P Policy" > <www-p3p-policy@w3.org> > >Date: Thu, 23 Aug 2001 20:39:25 -0400 > >Subject: Re: Disavowing Legal Liability > > > >Section 4.5 of the specification says that full policies that > >include mandatory extensions must not be represented > >as compact policies. The DSA token you describe sounds > >like it would be a mandatory extension. Thus what you > >describe is a violation of the P3P specification. > > > >Regards, > > > >Lorrie Cranor > >P3P Specification Working Group Chair > > > > > >----- Original Message ----- > >From: "Ben Wright" <Ben_Wright@compuserve.com> > >To: "P3P Policy" <www-p3p-policy@w3.org> > >Sent: Thursday, August 23, 2001 3:45 PM > >Subject: Disavowing Legal Liability > > > > > > P3P Policy List: > > > > I am a lawyer studying Internet Explorer 6's implementation of P3P. > > > > Web administrators will be reacting to IE 6's P3P implementation as the > > browser is rolled out to the market. I am concerned that administrators > > will expose themselves to unwarranted legal liability through the > > statements they try to make in compact P3P policies. I'm looking for a > way > > to disclaim liability in compact policies. > > > > I'm thinking about suggesting that web administrators add the token "DSA" > > at the end of their compact policies. DSA is not defined in the P3P > > specification, but it would be defined in full P3P policies and elsewhere > > as meaning that the web administrator disavows any legal liability > > associated with the compact policy. > > > > I see in the update for P3P specification section 4.2 that "If an > > unrecognized token appears in a compact policy, the compact policy has the > > same semantics as if that token was not present." > > http://www.w3.org/P3P/updates.html > > > > My question: Suppose a user agent like IE 6 sees, with respect to a > > certain cookie, a compact policy that ends with the token "DSA". For > > purposes of the user agent's decision on how to handle the cookie, will > the > > agent simply ignore the DSA token and treat the cookie as it otherwise > > would in the absence of the token? It seems to me that the answer should > > be yes, but I'm not technically savvy enough to know for sure. > > > > Is anyone aware of someone doing something like this? > > > > I would be happy to hear other thoughts anyone wishes to share about this > > idea. > > > > --Ben Wright > > ben_wright@compuserve.com > > tel 214-403-6642 > > http://ourworld.compuserve.com/homepages/Ben_Wright > >
Received on Thursday, 30 August 2001 11:14:49 UTC