Re: [http-state] cookie-date syntax and algorithm
Adam Barth <ietf@adambarth.com> Fri, 22 January 2010 17:33 UTC
Return-Path: <adam@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5464A3A6A76 for <http-state@core3.amsl.com>; Fri, 22 Jan 2010 09:33:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y1f+PmA5SBLn for <http-state@core3.amsl.com>; Fri, 22 Jan 2010 09:33:41 -0800 (PST)
Received: from mail-pw0-f50.google.com (mail-pw0-f50.google.com [209.85.160.50]) by core3.amsl.com (Postfix) with ESMTP id 67A5228C10C for <http-state@ietf.org>; Fri, 22 Jan 2010 09:33:41 -0800 (PST)
Received: by pwi20 with SMTP id 20so967802pwi.29 for <http-state@ietf.org>; Fri, 22 Jan 2010 09:33:33 -0800 (PST)
MIME-Version: 1.0
Received: by 10.142.249.40 with SMTP id w40mr2143826wfh.344.1264181611147; Fri, 22 Jan 2010 09:33:31 -0800 (PST)
In-Reply-To: <146d7afa1001220907y5c2fb324q668f8bb4ddf449bc@mail.gmail.com>
References: <146d7afa1001220907y5c2fb324q668f8bb4ddf449bc@mail.gmail.com>
From: Adam Barth <ietf@adambarth.com>
Date: Fri, 22 Jan 2010 09:33:11 -0800
Message-ID: <7789133a1001220933s2f45aacbh3d437fc6485db2c5@mail.gmail.com>
To: "NARUSE, Yui" <yui.naruse@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: http-state@ietf.org
Subject: Re: [http-state] cookie-date syntax and algorithm
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2010 17:33:42 -0000
On Fri, Jan 22, 2010 at 9:07 AM, NARUSE, Yui <yui.naruse@gmail.com> wrote: > I sent this from naruse@airemix.jp but it seems not accepted, > so I post this again. > > Anyway, > draft-ietf-httpstate-cookie-02 says in 4.1.1. Syntax, > > cookie-date = <rfc1123-date, as defined in RFC 2616> > > But you know, cookie-date is not rfc1123-date. > It's a original exotic date format. > > rfc1123-date = <Wdy, DD Mon YYYY HH:MM:SS GMT> > rfc850-date = <Weekday, DD-Mon-YYYY HH:MM:SS GMT> > asctime-date = <Wdy, Month dd HH:MM:SS YYYY> > cookie-date = <Wdy, DD-Mon-YYYY HH:MM:SS GMT> ; not RFC 2822 > > Current description causes misunderstanding. If you read the requirements in Section 4.1.1, you'll see that we recommend (but do not require) servers use this syntax. User agents are required to process the exotic format. > = 5.1.1. Dates > > Why it needs such a complex definition? This complex definition is required so that user agents can interoperate with servers that send dates in exotic formats. > Its demerit is clear in ticket #7. Ticket 7 is about testing. We're aiming to test everything in the spec. > It seems to intend to change cookie-date from current exotic format > to exact rfc-1123-date or something in future, but why? We're recommending that servers use a sane date format even though user agents are required to process insane date formats. This advice appears sound to me. > Recently, many specs are using ISO 8601 Date and Time format (or other > related specs). > So formats they really needed are only exotic and ISO 8601. > Current algorithm make things too complex but still can't express timezone. > So I object this. As distasteful as we might find the exotic date format, it's a sad reality that user agents encounter insane dates on a regular bases. Unlike some of the other instances where I push for precise error handling, in this case, we have ample examples of servers sending insane dates. To wit: http://github.com/abarth/http-state/blob/master/notes/2009-08-11-Dan-Winship.txt To respond to your statement with a finer point: user agents who use ISO 8601 dates will be unable to interoperate with a large number of servers. Therefore, the ISO 8601 dates are unacceptable for our purpose here. Adam
- [http-state] cookie-date syntax and algorithm NARUSE, Yui
- Re: [http-state] cookie-date syntax and algorithm Adam Barth