[Previous] [Next] [Index]
[Thread]
RE: List charter
I agree with you. Fortunately, I was on vacation with all this cookie
discussion was going on. However, I didn't know too much about cookies
and their real threats on the web. Therefore, I have actually read all
the messages in this discussion and found it educational.
I do find it a bit odd that people here don't think this is a "WWW
Security" issue. It seems directly related to me. Privacy is always a
part of security and this is certainly Web related.
After reading the discussion, I have decided to configure my IE 3b2 to
show me when a cookie is trying to run. I will watch it for a while to
see what it is doing. So far, it looks very benign. Being the Libertarian
that I am, I'm quite concerned with privacy. However, there isn't much of
it around. It seems that the members of this list don't know how little
privacy there really is in the age of marketing. Any good marketing
researcher knows FAR more about all of us that a little thing like
knowing what web pages my computer has seen. For example: my grocer can
tell the manufactures exactly what I'm eating and that is information
that they can do a lot with. Even this is just the tip of the iceberg.
So, at this point, I'm not too worried. I'm worry much more about Java
and ActiveX than Cookies.
Clyde Davidson
Data Security Coordinator,
NMH
----------
From: Mary Ellen Zurko[SMTP:zurko@osf.org]
Sent: Tuesday, July 23, 1996 2:52 PM
To: John C. Pavao
Cc: www-security; zurko
Subject: List charter
> Ditto! Seriously, (and this is an honest question, not a flame!)
without
the heated
> debate regarding the devious cookie, would this list be about
discussion of
web
> server security issues? That's what I was thinking when I joined...
I don't believe there's an up-to-date charter for this list. It used to
be the place to discuss SHTTP as a standard, but now there's a separate
email list for the WTS IETF WG (Web Transaction Security Internet
Engineering
Task Force Working Group). I've treated this list as a place to discuss
WWW security, which means client side as well as server side (for
instance,
Java security discussions seem to be accepted pretty well, but Java is
clearly a larger threat on the client side). While it can be argued that
privacy is not the same as security, they have a lot of overlap (is the
protection of my private information from a buggy Java applet a privacy
issue or a security issue?).
As I'm sure you've seen before, it's hard and counterproductive to try to
enforce a narrow charter (particularly when it's not even written down
:-).
I suggest use of the delete key and it's friends (all these mail messages
did have "cookie" in the title) for the threads you're not interested in.
Or you can always try to find the charter and update it!
Mez