Re: [http-state] draft-ietf-httpstate-cookie-05 posted

Adam Barth <ietf@adambarth.com> Mon, 15 March 2010 19:40 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 45A153A6991 for <http-state@core3.amsl.com>; Mon, 15 Mar 2010 12:40:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f8OwKnLkaGeL for <http-state@core3.amsl.com>; Mon, 15 Mar 2010 12:40:28 -0700 (PDT)
Received: from mail-pv0-f172.google.com (mail-pv0-f172.google.com [74.125.83.172]) by core3.amsl.com (Postfix) with ESMTP id 7081A3A696F for <http-state@ietf.org>; Mon, 15 Mar 2010 12:40:28 -0700 (PDT)
Received: by pvh1 with SMTP id 1so1151369pvh.31 for <http-state@ietf.org>; Mon, 15 Mar 2010 12:40:33 -0700 (PDT)
Received: by 10.141.139.11 with SMTP id r11mr6336311rvn.26.1268682033251; Mon, 15 Mar 2010 12:40:33 -0700 (PDT)
Received: from mail-pv0-f172.google.com (mail-pv0-f172.google.com [74.125.83.172]) by mx.google.com with ESMTPS id 22sm286169pzk.5.2010.03.15.12.40.32 (version=SSLv3 cipher=RC4-MD5); Mon, 15 Mar 2010 12:40:32 -0700 (PDT)
Received: by pvh1 with SMTP id 1so1151353pvh.31 for <http-state@ietf.org>; Mon, 15 Mar 2010 12:40:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.143.25.20 with SMTP id c20mr2301669wfj.86.1268682031453; Mon, 15 Mar 2010 12:40:31 -0700 (PDT)
In-Reply-To: <009401cac476$eb8c83c0$c2a58b40$@com>
References: <5c4444771003071050r3475798co95cc192d1f2e8190@mail.gmail.com> <op.u9dpzpdoqrq7tp@acorna> <5c4444771003101823u25842652o33b49b2be81f4cfc@mail.gmail.com> <alpine.DEB.2.00.1003112201360.25452@tvnag.unkk.fr> <op.u9feulgkqrq7tp@acorna> <009401cac476$eb8c83c0$c2a58b40$@com>
From: Adam Barth <ietf@adambarth.com>
Date: Mon, 15 Mar 2010 12:40:11 -0700
Message-ID: <5c4444771003151240h61a87c3fp9a1649d1163111ce@mail.gmail.com>
To: "Paul E. Jones" <paulej@packetizer.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: Daniel Stenberg <daniel@haxx.se>, http-state <http-state@ietf.org>
Subject: Re: [http-state] draft-ietf-httpstate-cookie-05 posted
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Mar 2010 19:40:29 -0000

On Mon, Mar 15, 2010 at 12:37 PM, Paul E. Jones <paulej@packetizer.com> wrote:
> The rollover definitely occurs in 2038 if using a signed 32-bit integer to
> keep track of seconds since Jan 1, 1070.  However, I would recommend not
> inserting language like this into the spec, because it assumes a certain
> implementation.  Dates in the cookie spec themselves are not subject to this
> issue, after all.
>
> Didn't user agents already take this into consideration?  One could convert
> dates to a string format like "2010-03-15T19:32:00Z" or simply use a 64-bit
> integer similar to the Unix time_t type.  In any case, we should separate
> the protocol from implementation, and there's nothing preventing one from
> developing a user agent that handles the year 3054 if we so desired.  There
> will likely always be a maximum year supported by a user agent and, if the
> expiration date exceeds that year, I would assume that the user agent will
> apply the maximum expiration time it supports.

User agents are required to handle these cases gracefully.  The
language we're considering is a recommendation for servers to improve
interoperability with some existing user agents that don't handle this
case gracefully.

Adam