[2426] in WWW Security List Archive
Re: cookies and privacy
daemon@ATHENA.MIT.EDU (Seth I. Rich)
Wed Jul 17 11:29:52 1996
Date: Wed, 17 Jul 1996 09:00:09 -0400
To: dmk@allegra.att.com (Dave Kristol), www-security@ns2.rutgers.edu
From: "Seth I. Rich" <seth@hygnet.com>
Errors-To: owner-www-security@ns2.rutgers.edu
>There has been much backing-and-forthing on mailing lists (and even
>broadcast media) lately about Netscape's cookies and privacy. Perhaps
>the following information will prove useful. Lou Montulli (Netscape)
>and I are co-authors of an Internet Draft (I-D),
>http://ds.internic.net/internet-drafts/draft-ietf-http-state-mgmt-02.txt
>(soon to be updated slightly), that describes the standards track
>specification for cookies.
I've just read this, and I apologize if this is the wrong forum for me to
make my comments. The first thing I notice is that this draft maintains
the (IMO) absurd practice of deleting a cookie by expiring it into the
past. Wouldn't it be better to remedy that now with a "delete-cookie:"
HTTP header?
Seth (more later, I'm sure)
---------------------------------------------------------------------------
Seth I. Rich - seth@hygnet.com "Info-Puritan elitist crapola!!"
Systems Administrator / Webmaster, HYGNet (pbeilard@direct.ca)
Rabbits on walls, no problem.
