On 4 May 2017, at 3:45 am, Pete Resnick
<presnick(_at_)qti(_dot_)qualcomm(_dot_)com> wrote:
The current document does not differentiate at all. It it
was published as is, the naive reader could just deduce that "the IETF
endorses adding supercookies to HTTP headers" -- to take just one
example.
I cannot come up with any way to read the mention of super cookies in section
8 as an endorsement at all.
If you're referring to the discussion of header insertion in 2.6.5, the only
thing that could be vaguely construed as endorsing would be the phrase in
inverted commas (which I take to be indicating irony) 'header-enrichment'. If
the suggestion is that the irony will be missed and someone might read that
as endorsing, then saying "so-called 'header-enrichment'" might make it
crystal clear.
Either way, lack of overt disapproval is not endorsement.
I don't know, Pete. In my experience, people often misread intent in specs,
even when we think it's very clearly spelled out, because we are blinded by how
close we are to it. On the other side, developers routinely cherry-pick a
statement in isolation to prove their point, rather than taking in the whole.
This happens all of the time in HTTP, despite our best efforts to educate.
Relying on irony to convey intent in specifications is spectacularly poor
practice; we should know better than this by now.
So I don't think it does any harm to over-communicate; if we're going to talk
about a controversial practice like header "enrichment", it seems reasonable to
me that we should put the appropriate context with it, rather than relying on
the reader having a full understanding not only of the whole document, but the
context within which it was written.
Even more so when the person misreading (or misusing) it might be a legislator
or regulator who has comparatively little technical depth, but great impact.
Cheers,
--
Mark Nottingham https://www.mnot.net/