On 4 May 2017, at 3:45 am, Pete Resnick <presnick@xxxxxxxxxxxxxxxx> wrote: >> The current document does not differentiate at all. It it >> was published as is, the naive reader could just deduce that "the IETF >> endorses adding supercookies to HTTP headers" -- to take just one >> example. > > I cannot come up with any way to read the mention of super cookies in section 8 as an endorsement at all. > > If you're referring to the discussion of header insertion in 2.6.5, the only thing that could be vaguely construed as endorsing would be the phrase in inverted commas (which I take to be indicating irony) 'header-enrichment'. If the suggestion is that the irony will be missed and someone might read that as endorsing, then saying "so-called 'header-enrichment'" might make it crystal clear. > > Either way, lack of overt disapproval is not endorsement. I don't know, Pete. In my experience, people often misread intent in specs, even when we think it's very clearly spelled out, because we are blinded by how close we are to it. On the other side, developers routinely cherry-pick a statement in isolation to prove their point, rather than taking in the whole. This happens all of the time in HTTP, despite our best efforts to educate. Relying on irony to convey intent in specifications is spectacularly poor practice; we should know better than this by now. So I don't think it does any harm to over-communicate; if we're going to talk about a controversial practice like header "enrichment", it seems reasonable to me that we should put the appropriate context with it, rather than relying on the reader having a full understanding not only of the whole document, but the context within which it was written. Even more so when the person misreading (or misusing) it might be a legislator or regulator who has comparatively little technical depth, but great impact. Cheers, -- Mark Nottingham https://www.mnot.net/