[http-state] [Errata Verified] RFC6265 (6093)
RFC Errata System <rfc-editor@rfc-editor.org> Wed, 12 February 2025 11:50 UTC
Return-Path: <wwwrun@rfcpa.rfc-editor.org>
X-Original-To: http-state@ietfa.amsl.com
Delivered-To: http-state@ietfa.amsl.com
Received: from mail.ietf.org (ietfa.amsl.com [50.223.129.194]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPSA id 4362BC14F5EA; Wed, 12 Feb 2025 03:50:22 -0800 (PST)
Received: from rfcpa.rfc-editor.org (unknown [167.172.21.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FF75C14F5E5; Wed, 12 Feb 2025 03:50:22 -0800 (PST)
Received: by rfcpa.rfc-editor.org (Postfix, from userid 461) id 922FF23E262; Wed, 12 Feb 2025 03:50:21 -0800 (PST)
To: toraritte@gmail.com, abarth@eecs.berkeley.edu
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20250212115021.922FF23E262@rfcpa.rfc-editor.org>
Date: Wed, 12 Feb 2025 03:50:21 -0800
Message-ID-Hash: ZYIVROCHOKXCQM4ZTTMEFH2KSIW7DLLH
X-Message-ID-Hash: ZYIVROCHOKXCQM4ZTTMEFH2KSIW7DLLH
X-MailFrom: wwwrun@rfcpa.rfc-editor.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-http-state.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: francesca.palombini@ericsson.com, iesg@ietf.org, http-state@ietf.org, iana@iana.org, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [http-state] [Errata Verified] RFC6265 (6093)
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-state/1m8Bj44qYk7yNspi68MItEUFlSI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-state>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Owner: <mailto:http-state-owner@ietf.org>
List-Post: <mailto:http-state@ietf.org>
List-Subscribe: <mailto:http-state-join@ietf.org>
List-Unsubscribe: <mailto:http-state-leave@ietf.org>
The following errata report has been verified for RFC6265, "HTTP State Management Mechanism". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6093 -------------------------------------- Status: Verified Type: Technical Reported by: Attila Gulyas <toraritte@gmail.com> Date Reported: 2020-04-12 Verified by: Francesca Palombini (IESG) Section: 3 Original Text ------------- Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field. The usual mechanism for folding HTTP headers fields (i.e., as defined in [RFC2616]) might change the semantics of the Set-Cookie header field because the %x2C (",") character is used by Set-Cookie in a way that conflicts with such folding. Corrected Text -------------- Origin servers SHOULD NOT combine multiple Set-Cookie header fields into a single header field. The usual mechanism for combining HTTP headers fields (i.e., as defined in [RFC2616]) might change the semantics of the Set-Cookie header field because the %x2C (",") character is used by Set-Cookie in a way that conflicts with such actions. Notes ----- RFC 6265 currently uses the verb "folding" when it refers to combining multiple header fields into one, which is ambiguous in the context of the HTTP/1 specs (both by RFC2616 and RFC 7230) where "folding" consistently refers to line folding, and the verb "combine" is used to describe merging same headers. Having a light HTTP knowledge, I naively started looking up "folding" in the HTTP specs, and was immediately confused by the results, others will probably be as well (especially is English is not their native tongue). Examples to prove this consistency: + RFC 2616, Section 4.2, Message Headers, but searching for the for the word "combine" will bring up special cases. + RFC 7230, Section 3.2.2, Field Order + RFC 2616, Section 2.2, Basic Rules + RFC 7230, Section 3.2.4, Field Parsing Thank you! -------------------------------------- RFC6265 (draft-ietf-httpstate-cookie-23) -------------------------------------- Title : HTTP State Management Mechanism Publication Date : April 2011 Author(s) : A. Barth Category : PROPOSED STANDARD Source : HTTP State Management Mechanism Stream : IETF Verifying Party : IESG
- [http-state] [Errata Verified] RFC6265 (6093) RFC Errata System