I've set up a mailing list for discussion of policy implications of http
cookies, and other persistent session artifacts which may be used as
identifiers. We've list(s) for discussion of the mechanism(s), e.g., Tom
Limoncelli's http-state list, the W3C P3P interop list, the mozilla general
list, and of course the overworked ietf general list. These all tend to
progress towards implementations, not towards user documentation.
What I'd like to see is something along the lines of a draft in the IETF's
User Services Area which is updated to reflect the changes of mechanism(s)
employed, and what effect these have for user data protection and on-line
privacy, modified for the browser, host and "idiot's guide" genre of user
documentation. Rather than write a -00.txt draft first, then solicit any
technical contributions, I've set up the contribution list first.
Writing for the IESG, Keith Moore and Ned Freed have produced "Use of HTTP
State Management" <draft-iesg-http-cookies-03.txt>, intended as a BCP RFC.
This is a step in the right direction, and one that can be improved upon
and made "accessible" to the general reader.
To subscribe, simply send mail to:
cookie-cutters-request(_at_)world(_dot_)std(_dot_)com
The usual majordomo rules apply.
Cheers,
Eric