Re: [http-state] Is this an omission in the parser rules of draft-ietf-httpstate-cookie-21?
Julian Reschke <julian.reschke@gmx.de> Fri, 04 February 2011 08:25 UTC
Return-Path: <julian.reschke@gmx.de>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D71C83A6889 for <http-state@core3.amsl.com>; Fri, 4 Feb 2011 00:25:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.824
X-Spam-Level:
X-Spam-Status: No, score=-103.824 tagged_above=-999 required=5 tests=[AWL=-1.225, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W0ajw26+Dcxb for <http-state@core3.amsl.com>; Fri, 4 Feb 2011 00:25:23 -0800 (PST)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by core3.amsl.com (Postfix) with SMTP id 9E2B73A6881 for <http-state@ietf.org>; Fri, 4 Feb 2011 00:25:21 -0800 (PST)
Received: (qmail invoked by alias); 04 Feb 2011 08:28:45 -0000
Received: from p508FDB1C.dip.t-dialin.net (EHLO [192.168.178.33]) [80.143.219.28] by mail.gmx.net (mp026) with SMTP; 04 Feb 2011 09:28:45 +0100
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1+BmVorgJGBnSfr9/66z4WecRLfCiC7TYqJcuaoMb Y+Tok49eiquiJA
Message-ID: <4D4BB8B6.5070009@gmx.de>
Date: Fri, 04 Feb 2011 09:28:38 +0100
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: Adam Barth <ietf@adambarth.com>
References: <20110203195457.f00013ceab8fb1928885c5c172fbfd4a.d7bc172fae.wbe@email00.secureserver.net> <AANLkTim1rSdg_JmWhEihJROmN+uZABFcPtH-Ngup0WHF@mail.gmail.com>
In-Reply-To: <AANLkTim1rSdg_JmWhEihJROmN+uZABFcPtH-Ngup0WHF@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: http-state@ietf.org
Subject: Re: [http-state] Is this an omission in the parser rules of draft-ietf-httpstate-cookie-21?
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Feb 2011 08:25:24 -0000
On 04.02.2011 04:12, Adam Barth wrote: > On Thu, Feb 3, 2011 at 6:54 PM, Remy Lebeau<remy@lebeausoftware.org> wrote: >> >> -------- Original Message -------- >> Subject: Re: [http-state] Is this an omission in the parser rules of >> draft-ietf-httpstate-cookie-21? >> From: Adam Barth<ietf@adambarth.com> >> Date: Thu, February 03, 2011 12:18 pm >> To: Remy Lebeau<remy@lebeausoftware.org> >> Cc: http-state@ietf.org >> >>> It's not an omission. The use of quotation mark for cookie values in >>> RFC 2109 do not reflect how cookie behave in actual use. >> >> Just a minute ago, while logging in to Yahoo webmail, I noticed the >> server issue a cookie that uses quotations, and my IE 8 webbrowser sent >> back 3 cookies that used quotations. See below. Quotes in cookies are >> a real-world possibility, so the draft should allow for their presence, >> at least for user agents that parse cookies, if not in origin servers >> that generate them. > > I should be more clear. Quotation marks are not special characters in > cookie values. They have no effect on how cookies are processed. Any > use of quotation marks by servers is pure superstition, just like > using a leading "." before the value of the Domain attribute. > ... Which leaves us with two questions: 1) Should they be allowed by the grammar in Section 4? 2) This is a normative change. Shouldn't there be a section that explains what the normative differences compared to 2109 are? Best regards, Julian
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- [http-state] Is this an omission in the parser ru… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Julian Reschke
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Roy T. Fielding
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Peter Saint-Andre
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Peter Saint-Andre
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Roy T. Fielding
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Roy T. Fielding
- Re: [http-state] Is this an omission in the parse… Julian Reschke
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Julian Reschke
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Roy T. Fielding
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Dan Winship
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- [http-state] parser rules of draft-ietf-httpstate… Roy T. Fielding
- Re: [http-state] parser rules of draft-ietf-https… Peter Saint-Andre
- Re: [http-state] parser rules of draft-ietf-https… Roy T. Fielding
- Re: [http-state] parser rules of draft-ietf-https… Adam Barth
- Re: [http-state] parser rules of draft-ietf-https… Peter Saint-Andre
- Re: [http-state] parser rules of draft-ietf-https… Roy T. Fielding
- Re: [http-state] parser rules of draft-ietf-https… Remy Lebeau
- Re: [http-state] parser rules of draft-ietf-https… Adam Barth
- Re: [http-state] parser rules of draft-ietf-https… Roy T. Fielding
- Re: [http-state] parser rules of draft-ietf-https… Adam Barth
- Re: [http-state] parser rules of draft-ietf-https… Dan Winship
- Re: [http-state] parser rules of draft-ietf-https… Adam Barth
- Re: [http-state] parser rules of draft-ietf-https… Peter Saint-Andre