Re: Issues with the cookie draft
Koen Holtman (koen@win.tue.nl)
Mon, 24 Mar 1997 20:27:32 +0100 (MET)
Dave Kristol:
>
>Yaron Goland <yarong@microsoft.com> wrote:
[...]
> > Languages:
> > As I mentioned in my original proposal, the accept-language header would
> > server the purpose of choosing the language. In the worst case, the
> > language is just English. The UTF8 Unicode encoding preserves the lower
> > ASCII range so when dealing with downlevel clients, one sends UTF8
> > English. I do admit woeful ignorance of the language tag issues. Any
> > experts in the house?
>
>I'm also really bad on the language issues. That's why I asked for more
>details.
I'm not a language expert, but my personal opinion as a `negotiation expert'
is that internationalisation of comments in headers is not ready for prime
time. This is a tar pit I'd rather steer clear of. Maybe it would be nice
to add a note that the comment could be the URL of a page which explains the
cookie in multiple languages.
> > 4.3.2 Rejecting Cookies (how far into the domain do you go):
> > I appreciate that it was a long and drawn out debate but that is not a
> > sufficient rational for preventing perfectly reasonable behavior. The
> > decision to stop at one domain level is completely arbitrary. It is no
> > more and no less secure than 2 or infinite domain levels deep. I do not
> > feel that an arbitrary choice is a good enough reason to include a
> > requirement in a specification.
>
>It wasn't completely arbitrary.
Specifically, Netscape said that, according to the contacts they had with
multi-hosted sites, the 1 domain level restriction would not be too tight
for the kinds of services these people had in mind. And privacy expectation
considerations led to us wanting a number as low as possible, so 1 domain it
was.
I don't remember that we had very long discussions about this, we just noted
that Netscape's initial choice was a good one.
Koen.