Re: [http-state] {Dangerous Content?} I-D Action:draft-ietf-httpstate-cookie-03.txt

Achim Hoffmann <ah@securenet.de> Tue, 23 February 2010 07:52 UTC

Return-Path: <ah@securenet.de>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA43528C25D for <http-state@core3.amsl.com>; Mon, 22 Feb 2010 23:52:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.04
X-Spam-Level:
X-Spam-Status: No, score=-2.04 tagged_above=-999 required=5 tests=[AWL=0.209, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g2Qujc2n+3B8 for <http-state@core3.amsl.com>; Mon, 22 Feb 2010 23:52:46 -0800 (PST)
Received: from munich.securenet.de (munich.securenet.de [82.135.17.200]) by core3.amsl.com (Postfix) with ESMTP id E4C8528C252 for <http-state@ietf.org>; Mon, 22 Feb 2010 23:52:45 -0800 (PST)
Received: from oxee.securenet.de (unknown [10.30.18.40]) by munich.securenet.de (Postfix) with ESMTP id 5877C27191 for <http-state@ietf.org>; Tue, 23 Feb 2010 08:54:47 +0100 (CET)
Received: by oxee.securenet.de (Postfix, from userid 65534) id 438BC140202A; Tue, 23 Feb 2010 08:54:47 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by oxee.securenet.de (Postfix) with ESMTP id 981D81402027 for <http-state@ietf.org>; Tue, 23 Feb 2010 08:54:46 +0100 (CET)
Received: from oxee.securenet.de ([127.0.0.1]) by localhost (oxee.securenet.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25355-06 for <http-state@ietf.org>; Tue, 23 Feb 2010 08:54:46 +0100 (CET)
Received: from [10.30.18.9] (krakatau.securenet.de [10.30.18.9]) by oxee.securenet.de (Postfix) with ESMTP id 73217140242E for <http-state@ietf.org>; Tue, 23 Feb 2010 08:54:46 +0100 (CET)
Message-ID: <4B8389C3.1080903@securenet.de>
Date: Tue, 23 Feb 2010 08:54:43 +0100
From: Achim Hoffmann <ah@securenet.de>
Organization: SecureNet
User-Agent: who">cares?
MIME-Version: 1.0
To: http-state@ietf.org
References: <20100213080001.D07A03A73C7@core3.amsl.com>
In-Reply-To: <20100213080001.D07A03A73C7@core3.amsl.com>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: Open-Xchange Express amavisd-new at oxee.securenet.de
Subject: Re: [http-state] {Dangerous Content?} I-D Action:draft-ietf-httpstate-cookie-03.txt
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2010 07:52:47 -0000

The section
  5.4.  The Cookie Header
      2.  Sort the cookie-list in the following order:

seems to be incmplete (missing the [TODO: ...] comment :)

Should I comment on that in detail in the other thread?
  Subject: [http-state] Summary of discussion of Ticket 5 (Cookie ordering)

Achim

Internet-Drafts@ietf.org wrote on 13.02.2010 09:00:

> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the HTTP State Management Mechanism Working Group of the IETF.
> 
> 
> 	Title           : HTTP State Management Mechanism
> 	Author(s)       : A. Barth
> 	Filename        : draft-ietf-httpstate-cookie-03.txt
> 	Pages           : 29
> 	Date            : 2010-02-12
> 
> This document defines the HTTP Cookie and Set-Cookie headers.  These
> headers can be used by HTTP servers to store state on HTTP user
> agents, letting the servers maintain a stateful session over the
> mostly stateless HTTP protocol.  The cookie protocol has many
> historical infelicities and should be avoided for new applications of
> HTTP.
> 
> 
> NOTE: If you have suggestions for improving the draft, please send
> 
> email to http-state@ietf.org.  Suggestions with test cases are
> 
> especially appreciated.
> 
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-httpstate-cookie-03.txt
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 


Subject: [http-state] Summary of discussion of Ticket 5 (Cookie ordering)