Re: [http-state] Is this an omission in the parser rules of draft-ietf-httpstate-cookie-21?

[Julian Reschke <julian.reschke@gmx.de>]

On 04.02.2011 04:12, Adam Barth wrote:
> On Thu, Feb 3, 2011 at 6:54 PM, Remy Lebeau<remy@lebeausoftware.org>  wrote:
>>
>> -------- Original Message --------
>> Subject: Re: [http-state] Is this an omission in the parser rules of
>> draft-ietf-httpstate-cookie-21?
>> From: Adam Barth<ietf@adambarth.com>
>> Date: Thu, February 03, 2011 12:18 pm
>> To: Remy Lebeau<remy@lebeausoftware.org>
>> Cc: http-state@ietf.org
>>
>>> It's not an omission.  The use of quotation mark for cookie values in
>>> RFC 2109 do not reflect how cookie behave in actual use.
>>
>> Just a minute ago, while logging in to Yahoo webmail, I noticed the
>> server issue a cookie that uses quotations, and my IE 8 webbrowser sent
>> back 3 cookies that used quotations.  See below.  Quotes in cookies are
>> a real-world possibility, so the draft should allow for their presence,
>> at least for user agents that parse cookies, if not in origin servers
>> that generate them.
>
> I should be more clear.  Quotation marks are not special characters in
> cookie values.  They have no effect on how cookies are processed.  Any
> use of quotation marks by servers is pure superstition, just like
> using a leading "." before the value of the Domain attribute.
 > ...

Which leaves us with two questions:

1) Should they be allowed by the grammar in Section 4?

2) This is a normative change. Shouldn't there be a section that 
explains what the normative differences compared to 2109 are?

Best regards, Julian