Re: [http-state] SCS I-D document

Adam Barth <ietf@adambarth.com> Tue, 22 February 2011 22:16 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7D3D73A692C for <http-state@core3.amsl.com>; Tue, 22 Feb 2011 14:16:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.842
X-Spam-Level:
X-Spam-Status: No, score=-2.842 tagged_above=-999 required=5 tests=[AWL=0.135, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OjtrZekLev2I for <http-state@core3.amsl.com>; Tue, 22 Feb 2011 14:16:03 -0800 (PST)
Received: from mail-wy0-f194.google.com (mail-wy0-f194.google.com [74.125.82.194]) by core3.amsl.com (Postfix) with ESMTP id 597833A6920 for <http-state@ietf.org>; Tue, 22 Feb 2011 14:16:03 -0800 (PST)
Received: by wye20 with SMTP id 20so359525wye.1 for <http-state@ietf.org>; Tue, 22 Feb 2011 14:16:47 -0800 (PST)
Received: by 10.227.9.222 with SMTP id m30mr2911023wbm.211.1298413007538; Tue, 22 Feb 2011 14:16:47 -0800 (PST)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id u9sm25555wbg.6.2011.02.22.14.16.46 (version=SSLv3 cipher=OTHER); Tue, 22 Feb 2011 14:16:46 -0800 (PST)
Received: by iwl42 with SMTP id 42so4720061iwl.31 for <http-state@ietf.org>; Tue, 22 Feb 2011 14:16:45 -0800 (PST)
Received: by 10.231.37.197 with SMTP id y5mr2464917ibd.180.1298413005163; Tue, 22 Feb 2011 14:16:45 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.215.67 with HTTP; Tue, 22 Feb 2011 14:16:15 -0800 (PST)
In-Reply-To: <6B225A95-E14E-4178-AF98-689C3161A584@koanlogic.com>
References: <6B225A95-E14E-4178-AF98-689C3161A584@koanlogic.com>
From: Adam Barth <ietf@adambarth.com>
Date: Tue, 22 Feb 2011 14:16:15 -0800
Message-ID: <AANLkTinYuzfqGLVvGh-O2TxnVhwVRiOurPS-72B+KQz2@mail.gmail.com>
To: tho <tho@koanlogic.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: http-state@ietf.org
Subject: Re: [http-state] SCS I-D document
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Feb 2011 22:16:05 -0000

Thanks for the draft.  I'm not sure I quite understood what problem
this protocol addresses or how it addresses that problem.  Maybe
including some example protocol traces with an explanation of what's
going on would be helpful?  For example,
<http://tools.ietf.org/html/draft-ietf-httpstate-cookie-22#section-3.1>
shows some example uses of the cookie protocol.

Adam


On Tue, Feb 22, 2011 at 12:22 PM, tho <tho@koanlogic.com>; wrote:
> Hello all,
>
> we have just uploaded the following I-D:
>
> http://www.ietf.org/id/draft-secure-cookie-session-protocol-00.txt
>
> The draft describes a tiny cryptographic protocol layered on top of cookies, that can be used to handle session state in cases where the origin server doesn't want to, or simply can't, use local storage.
>
> It targets web server applications deployed on embedded devices with small or no disk, as well as distributed/parallel web apps that could benefit from the lack of a centralized data store or some other peering mechanism to maintain clients' state.
>
> We were wondering if the draft could be taken as a working item by the http-state WG, in which case we're available to drive the related editing, implementation and interoperability activities.
>
> In this respect, we've implemented a beta version of the protocol in one of our products, and are currently working on a reference implementation which will be licensed as Public Domain, BSD or GPL'd software, depending on the linked crypto toolkit.
>
> The source code can be found at http://github.com/koanlogic/libscs and is open to contribution from anyone who wants to join: we have just setup the libscs-dev mailing list (http://koanlogic.com/cgi-bin/mailman/listinfo/libscs-dev) to coordinate the code development.
>
> Any comment is very welcome !
>
> t.
> _______________________________________________
> http-state mailing list
> http-state@ietf.org
> https://www.ietf.org/mailman/listinfo/http-state
>