Re: HTTPBis BOF followup - should RFC 2965 (cookie) be in scope for the WG?
"Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com> Tue, 04 September 2007 15:07 UTC
Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1ISa0V-0007mz-EP; Tue, 04 Sep 2007 11:07:59 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1IRrFU-0002pM-2T for discuss-confirm+ok@megatron.ietf.org; Sun, 02 Sep 2007 11:20:28 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IRrFT-0002pE-P7 for discuss@apps.ietf.org; Sun, 02 Sep 2007 11:20:27 -0400
Received: from sam.opera.com ([213.236.208.81]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IRrFS-0001eg-35 for discuss@apps.ietf.org; Sun, 02 Sep 2007 11:20:27 -0400
Received: from nimisha.oslo.opera.com (pat-tdc.opera.com [213.236.208.22]) (authenticated bits=0) by sam.opera.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l82FKB4s008271 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Sun, 2 Sep 2007 15:20:16 GMT
Date: Sun, 02 Sep 2007 17:19:53 +0200
To: Stefanos Harhalakis <v13@priest.com>, Alexey Melnikov <alexey.melnikov@isode.com>
Subject: Re: HTTPBis BOF followup - should RFC 2965 (cookie) be in scope for the WG?
From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
Organization: Opera Software AS
Content-Type: text/plain; format="flowed"; delsp="yes"; charset="iso-8859-15"
MIME-Version: 1.0
References: <46BDE53B.1070404@isode.com> <46D332AD.5070702@isode.com> <200708282004.49749.v13@priest.com> <200708282044.10419.v13@priest.com>
Message-ID: <op.tx08vfrhqrq7tp@nimisha.oslo.opera.com>
In-Reply-To: <200708282044.10419.v13@priest.com>
User-Agent: Opera Mail/9.20 (Win32)
X-Virus-Scanned: ClamAV 0.91.1/4131/Sun Sep 2 08:47:51 2007 on sam.opera.com
X-Virus-Status: Clean
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by sam.opera.com id l82FKB4s008271
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0
X-Mailman-Approved-At: Tue, 04 Sep 2007 11:07:58 -0400
Cc: Apps Discuss <discuss@apps.ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org
Hello Stefanos, On Tue, 28 Aug 2007 19:44:10 +0200, Stefanos Harhalakis <v13@priest.com> wrote: > > On Tuesday 28 August 2007, Stefanos Harhalakis wrote: >> On Monday 27 August 2007, Alexey Melnikov wrote: >> >> I don't know if I'm supposed to vote, but I'd suggest 1 (No). The >> rationale >> can be summarized in the question: "Why yes?". > > Sorry for replying to self but I'd like to change that to 4: > Discuss it in the list first. > > Then, maybe vote for '3'. > > After reading the minutes (again), I understand that this will only > change > RFC 2695 to 'become' the Netscape doc. So, I don't actually see it as a > hi > priority issue, thinking that a well accepted document already exists > (Netscape) and there is no confusion. Also, shouldn't this become a new > RFC > that will replace 2695? I think you misunderstand the intention of my I-D draft-pettersen-cookie-v2 , and my presentation at the BoF. The intention of the draft is to fix security and privacy issues in both the Netscape spec and RFC 2965 (the "cookie monster bug") by changing the domain and path semantics, so that the issues with Netscape and RFC 2965 cannot occur, and as a result obsoleting Netscape and RFC 2965 cookies. I have also posted two other drafts suggesting candidates for intermediate workarounds that I believe will reduce the problem in the existing specifications. For more information about the background please see my articles http://my.opera.com/yngve/blog/show.dml/267415 http://my.opera.com/yngve/blog/show.dml/388840 -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
- Re: HTTPBis BOF followup - should RFC 2965 (cooki… Alexey Melnikov
- Re: HTTPBis BOF followup - should RFC 2965 (cooki… Keith Moore
- Re: HTTPBis BOF followup - should RFC 2965 (cooki… Stefanos Harhalakis
- Re: HTTPBis BOF followup - should RFC 2965 (cooki… Yngve N. Pettersen (Developer Opera Software ASA)
- Re: HTTPBis BOF followup - should RFC 2965 (cooki… Alexey Melnikov