RE: List charter

• To: "John C. Pavao" <pavaojc@rixix.sod.eds.com>, Mary Ellen Zurko <zurko@osf.org>
• Subject: RE: List charter
• From: "Davidson, Clyde" <CDAVIDSO@IS.NMH.NMH.ORG>
• Date: Thu, 25 Jul 1996 10:30:00 -0500
• Cc: www-security <www-security@ns2.rutgers.edu>
• Priority: urgent

I agree with you. Fortunately, I was on vacation with all this cookie   
discussion was going on. However, I didn't know too much about cookies   
and their real threats on the web. Therefore, I have actually read all   
the messages in this discussion and found it educational.

I do find it a bit odd that people here don't think this is a "WWW   
Security" issue. It seems directly related to me. Privacy is always a   
part of security and this is certainly Web related.

After reading the discussion, I have decided to configure my IE 3b2 to   
show me when a cookie is trying to run. I will watch it for a while to   
see what it is doing. So far, it looks very benign. Being the Libertarian   
that I am, I'm quite concerned with privacy. However, there isn't much of   
it around. It seems that the members of this list don't know how little   
privacy there really is in the age of marketing. Any good marketing   
researcher knows FAR more about all of us that a little thing like   
knowing what web pages my computer has seen. For example: my grocer can   
tell the manufactures exactly what I'm eating and that is information   
that they can do a lot with. Even this is just the tip of the iceberg.   
So, at this point, I'm not too worried. I'm worry much more about Java   
and ActiveX than Cookies.

Clyde Davidson
Data Security Coordinator,
NMH


 ----------
From:  Mary Ellen Zurko[SMTP:zurko@osf.org]
Sent:  Tuesday, July 23, 1996 2:52 PM
To:  John C. Pavao
Cc:  www-security; zurko
Subject:  List charter

> Ditto!  Seriously, (and this is an honest question, not a flame!)   
without
the heated
> debate regarding the devious cookie, would this list be about   
discussion of
web
> server security issues?  That's what I was thinking when I joined...

I don't believe there's an up-to-date charter for this list. It used to
be the place to discuss SHTTP as a standard, but now there's a separate
email list for the WTS IETF WG (Web Transaction Security Internet   
Engineering
Task Force Working Group). I've treated this list as a place to discuss
WWW security, which means client side as well as server side (for   
instance,
Java security discussions seem to be accepted pretty well, but Java is
clearly a larger threat on the client side). While it can be argued that
privacy is not the same as security, they have a lot of overlap (is the
protection of my private information from a buggy Java applet a privacy
issue or a security issue?).

As I'm sure you've seen before, it's hard and counterproductive to try to
enforce a narrow charter (particularly when it's not even written down   
:-).
I suggest use of the delete key and it's friends (all these mail messages
did have "cookie" in the title) for the threads you're not interested in.
Or you can always try to find the charter and update it!
 Mez

• Previous: Apache authentication module
• Next: Re: Apache authentication module
• Index(es):
  • Index
  • Thread