- From: Mike Meyer <mwm@contessa.phone.net>
- Date: Tue, 25 Jul 95 14:55:40 PST
- To: www-talk@w3.org
> I'm confused. Do you mean to say you want session-id renegotiation by > the client for the case that two servers want to push the same > session-id value on the client? No - I'm just uncomfortable allowing the server to specify the session id, even if the client only uses it for that server. The renegotiation is trivial (just send the ID you generated), and a client doesn't need to implement it. Do you think the renegotiation shouldn't be there at all? > I still think that with `one server only' restrictions, both client > generated and server generated have exactly the same privacy problems. Now I'm confused. I think you're objecting to having a renegotation, but what your'e proposing - `one server only' - would require that for server-generated id's anyway. <mike
Received on Tuesday, 25 July 1995 18:02:54 UTC