[http-state] [Errata Rejected] RFC6265 (6719)
RFC Errata System <rfc-editor@rfc-editor.org> Wed, 12 February 2025 11:53 UTC
Return-Path: <wwwrun@rfcpa.rfc-editor.org>
X-Original-To: http-state@ietfa.amsl.com
Delivered-To: http-state@ietfa.amsl.com
Received: from mail.ietf.org (ietfa.amsl.com [50.223.129.194]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPSA id EC1EDC14F706; Wed, 12 Feb 2025 03:53:47 -0800 (PST)
Received: from rfcpa.rfc-editor.org (unknown [167.172.21.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9DADC14F6A8; Wed, 12 Feb 2025 03:53:47 -0800 (PST)
Received: by rfcpa.rfc-editor.org (Postfix, from userid 461) id 5212A23E262; Wed, 12 Feb 2025 03:53:47 -0800 (PST)
To: philip@gladstonefamily.net, abarth@eecs.berkeley.edu
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20250212115347.5212A23E262@rfcpa.rfc-editor.org>
Date: Wed, 12 Feb 2025 03:53:47 -0800
Message-ID-Hash: IP45KLQSTIAESF23NYVLYTPUTCU5QDQT
X-Message-ID-Hash: IP45KLQSTIAESF23NYVLYTPUTCU5QDQT
X-MailFrom: wwwrun@rfcpa.rfc-editor.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-http-state.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: francesca.palombini@ericsson.com, iesg@ietf.org, http-state@ietf.org, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [http-state] [Errata Rejected] RFC6265 (6719)
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-state/8aENcGX6Ien2iXYlTNBuzLkX2ig>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-state>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Owner: <mailto:http-state-owner@ietf.org>
List-Post: <mailto:http-state@ietf.org>
List-Subscribe: <mailto:http-state-join@ietf.org>
List-Unsubscribe: <mailto:http-state-leave@ietf.org>
The following errata report has been rejected for RFC6265, "HTTP State Management Mechanism". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6719 -------------------------------------- Status: Rejected Type: Technical Reported by: Philip Gladstone <philip@gladstonefamily.net> Date Reported: 2021-10-22 Rejected by: Francesca Palombini (IESG) Section: 4.1.1 Original Text ------------- max-age-av = "Max-Age=" non-zero-digit *DIGIT Corrected Text -------------- max-age-av = "Max-Age=" non-negative-integer non-negative-integer = zero-digit / (non-zero-digit *DIGIT) zero-digit = %x30 Notes ----- In section 5.2.2, there is the following text on the value of the max-age: > Let delta-seconds be the attribute-value converted to an integer. > > If delta-seconds is less than or equal to zero (0), let expiry-time > be the earliest representable date and time. If max-age is an integer greater than 0, then the entire sentence is meaningless. It is a common practice to use max-age=0 to expire a cookie immediately. I think that the ABNF is incorrect. However, I don't see any reason to permit negative values. --VERIFIER NOTES-- User agents and Servers have different requirements and a UA is expected to be able to handle a wider range of inputs than the well-behaved profile for Servers that is defined in Section 4. This erratum is analogous to https://www.rfc-editor.org/errata/eid3430 which was likewise rejected. -------------------------------------- RFC6265 (draft-ietf-httpstate-cookie-23) -------------------------------------- Title : HTTP State Management Mechanism Publication Date : April 2011 Author(s) : A. Barth Category : PROPOSED STANDARD Source : HTTP State Management Mechanism Stream : IETF Verifying Party : IESG
- [http-state] [Errata Rejected] RFC6265 (6719) RFC Errata System