IETF Logo Mail Archive

Re: [http-state] Welcome to http-state

"Blake Frantz" <bfrantz@cisecurity.org> Mon, 12 January 2009 23:44 UTC

Return-Path: <http-state-bounces@ietf.org>
X-Original-To: http-state-archive@ietf.org
Delivered-To: ietfarch-http-state-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 810DF3A68CC; Mon, 12 Jan 2009 15:44:16 -0800 (PST)
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 81FA73A68CC for <http-state@core3.amsl.com>; Mon, 12 Jan 2009 15:44:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MRyCimMAps6Z for <http-state@core3.amsl.com>; Mon, 12 Jan 2009 15:44:14 -0800 (PST)
Received: from Nexus.cisecurity.org (nexus.cisecurity.org [128.121.47.218]) by core3.amsl.com (Postfix) with ESMTP id C3BBF3A67C0 for <http-state@ietf.org>; Mon, 12 Jan 2009 15:44:14 -0800 (PST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 12 Jan 2009 18:43:55 -0500
Message-ID: <120206B6A348CA498C70E738A2E963514C0CDC@Nexus.cisecurity.lan>
In-Reply-To: <op.unn1bhjxqrq7tp@nimisha.oslo.opera.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [http-state] Welcome to http-state
Thread-Index: Acl1BvWa678PG1MTQPO7aeRn54mYSQAAyjXA
References: <49679299.6060703@corry.biz><120206B6A348CA498C70E738A2E963514C0CCC@Nexus.cisecurity.lan><7789133a0901121159u1da01de8w77edd52913857358@mail.gmail.com><120206B6A348CA498C70E738A2E963514C0CD2@Nexus.cisecurity.lan><7789133a0901121359p635972bod78e7a46a29c1a8b@mail.gmail.com> <op.unn1bhjxqrq7tp@nimisha.oslo.opera.com>
From: Blake Frantz <bfrantz@cisecurity.org>
To: Discuss HTTP State Management Mechanism <http-state@ietf.org>
Subject: Re: [http-state] Welcome to http-state
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Discuss HTTP State Management Mechanism <http-state@ietf.org>
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: http-state-bounces@ietf.org
Errors-To: http-state-bounces@ietf.org

> Please note that RFC2965 already have such integrity checking through
the  
> $Domain, $Path and $Port attributes.

It's my understanding that these attributes are used to determine where
the user agent should send the cookie to, not make decisions on where an
existing cookie can be overwritten from. Parity between these polices
("send cookie to" and "write cookie from") would probably be best.

Blake
_______________________________________________
http-state mailing list
http-state@ietf.org
https://www.ietf.org/mailman/listinfo/http-state

v2.23.0 | Report a Bug | By Email