- From: David Grant <david@davidjonathangrant.info>
- Date: Wed, 30 Jan 2002 12:23:18 +0000
- To: www-p3p-policy@w3.org
Hi, I've been doing some testing with MSIE6 and its interpretation of P3P compact policies and cookies. It seems that the predefined [http://msdn.microsoft.com/library/en-us/dnpriv/html/ie6privacyfeature.asp?frame=true] actions for compact policies ONLY work if the compact tokens appear in the following order: 1. ACCESS | DISPUTES | REMEDIES | NON-IDENTIFIABLE | PURPOSE | RETENTION 2. CATEGORIES 3 .RECIPIENT | PURPOSE That is to say, any tokens from any of the token "collections" on the first line, followed by a token from the CATEGORIES collection, followed by a token from either the RECIPIENT or PURPOSE collections. More simply put, "unsatisfactory" (see above URL) RECIPIENT or PURPOSE tokens MUST appear after the any "unsatisfactory" CATEGORIES for any action to be taken on the cookies. These findings raise a number of points: 1. Why does MSIE6 not obey the recommendation [S4.1] by allowing compact policy tokens to appear in ANY ORDER? 2. What SHOULD happen in the case of invalid compact policy DTDs -- should they be treated as if there was no CP at all? 3. What will MS do to address this issue? Regards, David Grant http://www.davidjonathangrant.info/p3p/
Received on Wednesday, 30 January 2002 07:27:32 UTC