From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 16 Feb 1996 16:45:35 +0800
To: cypherpunks@toad.com
Subject: Re: Netscrape's Cookies
In-Reply-To: <9602151600.AA03535@cti02.citenet.net>
Message-ID: <312429DD.1729@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Jean-Francois Avon JFA Technologies, QC, Canada wrote:
> 
> Alex Strasheim <cp@proust.suba.com> said:
> 
> >The best answer would probably be to use the kind of pop-up messages you
> >get when you're going to submit a secure or insecure form.  "You're about
> >to send a cookie back to a web server, continue or abandon?"  "You're
> >about to send mail from a web page, do you want to do that?"  Give people
> >the ability to turn the messages off -- that way functionality isn't
> >impaired.
> 
> I find that a very good solution providing that the browser say:
> >"You're about to send a cookie...."
> Here, I would add:
> "... that contain the following information:"
> 
> (information list)
> 
> "... back to a web server, continue or abandon?"
> 
> Otherwise, it not as worse, but still in the same spirit as to
> sign a blank check to a stranger...

  The problem with this approach is that some sites are already obscuring
or encrypting their cookies.  I think our merchant system may even do it
for the user shopping basket.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.