Re: [www-p3p-public-comments] <none>

Yes, you always need a cookie-include if
you want your policy to apply to cookies.
I've noticed that some of the P3P enabled
sites that are already out there are missing
this. They will need to add this or P3P user
agents that use the full policy (rather than
the CP)  will think that their cookies don't
have P3P policies.

Regards,

Lorrie Cranor


> Hi,
> 
> Referring to the policy reference file, the current working 
> draft 24 Sept 2001 says:
> 
> > Note that the set of URIs specified with INCLUDE 
> > and EXCLUDE does not include cookies that might 
> > be triggered when requesting one of such URIs: 
> > in order to associate policies with cookies, the 
> > COOKIE-INCLUDE and COOKIE-EXCLUDE elements are needed.
> 
> My question is, if the "dynamic.cookies" value is specifed
> in the base data schema, and the information linked-to and 
> contained-in a cookie is covered in the policy, doesn't that
> policy then cover cookies set when requesting the URI 
> associated with the policy? Or does the cookie-include
> still need to appear?
> 
> Thanks,
> 
> cpl.

Received on Wednesday, 26 September 2001 09:19:01 UTC