OK, the spec is flawed. Other browser makers have solved that problem quite neatly by not implementing it.

It's also my opinion that while the implementation is strictly speaking correct, IE's default settings are too conservative and it is not at all an easy option for the user to change.

Firefox dropped support for P3P in Firefox 3 because "p3p isn't an effective way to establish trust with a site. it's a one-way system; anyone can say they're the good guy." See item b: https://bugzilla.mozilla.org/show_bug.cgi?id=417800#c11