IETF Logo Mail Archive

Re: [http-state] Make draft-abarth-cookie-06 a working group item?

Daniel Stenberg <daniel@haxx.se> Mon, 14 December 2009 23:33 UTC

Return-Path: <daniel@haxx.se>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A016C3A659A for <http-state@core3.amsl.com>; Mon, 14 Dec 2009 15:33:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.336
X-Spam-Level:
X-Spam-Status: No, score=-4.336 tagged_above=-999 required=5 tests=[AWL=-2.087, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MlDnwdnPQ16t for <http-state@core3.amsl.com>; Mon, 14 Dec 2009 15:33:56 -0800 (PST)
Received: from giant.haxx.se (giant.haxx.se [83.168.254.42]) by core3.amsl.com (Postfix) with ESMTP id 3D3173A67C2 for <http-state@ietf.org>; Mon, 14 Dec 2009 15:33:56 -0800 (PST)
Received: from giant.haxx.se (giant.haxx.se [83.168.254.42]) by giant.haxx.se (8.14.3/8.14.3/Debian-9) with ESMTP id nBENXdkx026089; Tue, 15 Dec 2009 00:33:39 +0100
Date: Tue, 15 Dec 2009 00:33:39 +0100
From: Daniel Stenberg <daniel@haxx.se>
X-X-Sender: dast@giant.haxx.se
To: Adam Barth <ietf@adambarth.com>
In-Reply-To: <7789133a0912112045m14a83eam40603f1afa588a94@mail.gmail.com>
Message-ID: <alpine.DEB.2.00.0912150025090.24780@tvnag.unkk.fr>
References: <7789133a0912111441t38d8142frecfc149e2d8464fd@mail.gmail.com> <alpine.DEB.2.00.0912120005060.16918@tvnag.unkk.fr> <7789133a0912111604q2a9edcf7g1bfb394cfd4d4eae@mail.gmail.com> <7789133a0912112045m14a83eam40603f1afa588a94@mail.gmail.com>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] Make draft-abarth-cookie-06 a working group item?
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2009 23:33:57 -0000

On Fri, 11 Dec 2009, Adam Barth wrote:

> Is this text clearer?
>
> NOTE: If the server supplies Set-Cookie headers that conform to the grammar 
> in this section, then the user agent will return a Cookie header that 
> conforms to the grammar above.  However, if the user agent receives a 
> Set-Cookie header that deviates from the grammar in this section, the 
> requirements in the next section might cause the user agent to return a 
> Cookie header that deviates from the preceding grammar.

They way I read this is still like this:

If a server violates the spec and sends something that isn't a valid cookie, 
the server should expect that the client *too* may violate the spec and send 
something non-conformant back.

... and I have trouble accepting that we include in the spec that server may 
or will violate the spec and it even seems to say that a client is then fine 
to accept such illegal cookies and continue as if they were valid and even 
send them back in subsequent requests!

Invalid headers are wrong, they should be treated as protocol errors and the 
world will be a much better place if clients IGNORE such cookies instead of 
trying hard to obey.

If invalid headers are so common that we need to document them especially, 
then we must change the spec so that they are in fact valid instead as we are 
here to document existing practises and not an imaginary protocol that isn't 
in fact used by most implementations.

-- 

  / daniel.haxx.se

v2.23.0 | Report a Bug | By Email