dstiles - 9:42 pm on Feb 21, 2012 (gmt 0)
My reading of the MS analysis and others is that G is (deliberately?) sending a malformed P3P that tricks (at least MSIE) browsers into allowing the cookie. MS is considering rejecting any unrecognised code rather than, as I think the spec suggests, ignoring it.
Actually, it's not clear to me that a P3P cannot be entirely faked. Is there some reason it cannot be?