Re: [http-state] Whether to recommend the cookie protocol (was Re: I-D Action:draft-ietf-httpstate-cookie-04.txt)
Blake Frantz <bfrantz@cisecurity.org> Wed, 24 February 2010 03:21 UTC
Return-Path: <bfrantz@cisecurity.org>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0DB0628C1D6 for <http-state@core3.amsl.com>; Tue, 23 Feb 2010 19:21:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.307
X-Spam-Level:
X-Spam-Status: No, score=-3.307 tagged_above=-999 required=5 tests=[AWL=-1.042, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0PzeoLFHlYbl for <http-state@core3.amsl.com>; Tue, 23 Feb 2010 19:21:29 -0800 (PST)
Received: from smtp127.dfw.emailsrvr.com (smtp127.dfw.emailsrvr.com [67.192.241.127]) by core3.amsl.com (Postfix) with ESMTP id 7AF3E3A8427 for <http-state@ietf.org>; Tue, 23 Feb 2010 19:21:25 -0800 (PST)
Received: from relay12.relay.dfw.mlsrvr.com (localhost [127.0.0.1]) by relay12.relay.dfw.mlsrvr.com (SMTP Server) with ESMTP id D6B3A2080413; Tue, 23 Feb 2010 22:23:29 -0500 (EST)
Received: from smtp192.mex07a.mlsrvr.com (smtp192.mex07a.mlsrvr.com [67.192.133.192]) by relay12.relay.dfw.mlsrvr.com (SMTP Server) with ESMTPS id C96A22080323; Tue, 23 Feb 2010 22:23:29 -0500 (EST)
Received: from 34093-MBX-C03.mex07a.mlsrvr.com ([192.168.1.67]) by 207041-HUB06.mex07a.mlsrvr.com ([192.168.1.201]) with mapi; Tue, 23 Feb 2010 21:23:29 -0600
From: Blake Frantz <bfrantz@cisecurity.org>
To: Adam Barth <ietf@adambarth.com>, Anne van Kesteren <annevk@opera.com>
Date: Tue, 23 Feb 2010 21:23:25 -0600
Thread-Topic: Whether to recommend the cookie protocol (was Re: [http-state] I-D Action:draft-ietf-httpstate-cookie-04.txt)
Thread-Index: Acq0/NllpDQQ2zcVQSajsY9xbsLpAwAAes2A
Message-ID: <4C374A2653EB5E43AF886CE70DFC567213CEF5CE46@34093-MBX-C03.mex07a.mlsrvr.com>
References: <5c4444771002231855s36391fdfgd30a1ebc57722915@mail.gmail.com>
In-Reply-To: <5c4444771002231855s36391fdfgd30a1ebc57722915@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] Whether to recommend the cookie protocol (was Re: I-D Action:draft-ietf-httpstate-cookie-04.txt)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2010 03:21:30 -0000
> -----Original Message----- > From: Adam Barth [mailto:ietf@adambarth.com] > Sent: Tuesday, February 23, 2010 6:55 PM > To: Anne van Kesteren; Blake Frantz > Cc: http-state > Subject: Whether to recommend the cookie protocol (was Re: [http-state] > I-D Action:draft-ietf-httpstate-cookie-04.txt) > > On Tue, Feb 23, 2010 at 9:15 AM, Blake Frantz <bfrantz@cisecurity.org> > wrote: > > Similarly, the top of section '7.1 General Recommendations' states: > > > > "The cookie protocol is NOT RECOMMENDED for new applications". > > > > This statement may require the same clarification as the one noted by > Anne. > > What clarification do you have in mind? Keep in mind that we're > writing this document for the long term. Just because we don't have > an alternative in mind doesn't mean we won't have better options in > the future. > > Would you really recommend that new applications of HTTP use cookies? > The point of confusion for me in: "The cookie protocol is NOT RECOMMENDED for new applications" was the ambiguity of the word "application". Until you mentioned SIP, I interpreted "application" as a "web application" that I would interact with via my browser. Perhaps the following will help prevent other readers from doing the same as I did: "The cookie protocol is NOT RECOMMENDED for maintaining state in new protocols that operate over HTTP." B
- [http-state] Whether to recommend the cookie prot… Adam Barth
- Re: [http-state] Whether to recommend the cookie … Blake Frantz
- Re: [http-state] Whether to recommend the cookie … Adam Barth
- Re: [http-state] Whether to recommend the cookie … Peter Saint-Andre
- Re: [http-state] Whether to recommend the cookie … Adam Barth
- Re: [http-state] Whether to recommend the cookie … Julian Reschke
- Re: [http-state] Whether to recommend the cookie … Maciej Stachowiak
- Re: [http-state] Whether to recommend the cookie … Adam Barth
- Re: [http-state] Whether to recommend the cookie … David Morris
- Re: [http-state] Whether to recommend the cookie … Adam Barth
- Re: [http-state] Whether to recommend the cookie … David Morris
- Re: [http-state] Whether to recommend the cookie … Adam Barth
- Re: [http-state] Whether to recommend the cookie … David Morris
- Re: [http-state] Whether to recommend the cookie … Adam Barth
- Re: [http-state] Whether to recommend the cookie … Peter Saint-Andre
- Re: [http-state] Whether to recommend the cookie … Adam Barth
- Re: [http-state] Whether to recommend the cookie … Peter Saint-Andre
- Re: [http-state] Whether to recommend the cookie … Achim Hoffmann