... digital authentication schemes would do nothing to reduce
the effort required to track down ...
vernon,
rightly or wrongly, dan jaye and i set out on that path for changing the
way cookies are used, the way-expired draft is on the nic-naa.net public
ftp just now. the goal was to make bad cookies carry increassingly marginal
certs, and change the way privacy was managed.
our work intersected with the ie5.5 (early) cookie handling, and with
the p3p, which resulted in a withdrawal of one ie5.5 approach that was
detrimental to all 3rd-party cookies, and the inclusion of a form of
p3p policies on cookies (and eventually on other http methods).
in sum, we changed or participated in the complementary changes to both
ie5.5 (and mozilla) and to p3p, circa nov. 1999.
readers of keith moore and ned freed's work, also on the subject of the
http state management mechanism, are of course aware that they rejected
our work, or the notion of policy evaluation on cookies, other than the
form that was actually present in ie5.5 (early), and fortunately (imho)
withdrawn by the redmond policy and engineering teams.
where that line of work (attempted in provreg) differs from what i see
here (asrg), is we took/take care to understand 95/46/ec, as well as less
stringent or other-conceived policy frameworks.
for what its worth, spamcop v1.3.3 decided a note i sent to nanog was
"spam", so it isn't high on my list of things to buy.
eric
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg