[http-state] PROTO Publication Request for draft-ietf-httpstate-cookie
=JeffH <Jeff.Hodges@KingsMountain.com> Thu, 18 November 2010 20:45 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C808E28C10C for <http-state@core3.amsl.com>; Thu, 18 Nov 2010 12:45:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.915
X-Spam-Level:
X-Spam-Status: No, score=-101.915 tagged_above=-999 required=5 tests=[AWL=0.350, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jQvGw3SqL3Z1 for <http-state@core3.amsl.com>; Thu, 18 Nov 2010 12:45:26 -0800 (PST)
Received: from cpoproxy3-pub.bluehost.com (cpoproxy3-pub.bluehost.com [67.222.54.6]) by core3.amsl.com (Postfix) with SMTP id 25D3B28C10A for <http-state@ietf.org>; Thu, 18 Nov 2010 12:45:26 -0800 (PST)
Received: (qmail 22653 invoked by uid 0); 18 Nov 2010 20:46:14 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy3.bluehost.com with SMTP; 18 Nov 2010 20:46:14 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kingsmountain.com; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:Content-Type:Content-Transfer-Encoding:X-Identified-User; b=RHRdxzeYL7f56uytAIsAr4kYDmKmxeIqDWIc4+dALnU1fCKIhiMNYdIDNxK23lrVFzjUGqTM4TjtISckz8yN7TT+lFArMDpFmUuN5U53NyL8uVssrx/pJcTok5Lf2Iy+;
Received: from outbound4.ebay.com ([216.113.168.128] helo=[10.244.136.47]) by box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1PJBMz-0000O9-DF; Thu, 18 Nov 2010 13:46:13 -0700
Message-ID: <4CE59094.1020504@KingsMountain.com>
Date: Thu, 18 Nov 2010 12:46:12 -0800
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20101027)
MIME-Version: 1.0
To: Peter Saint-Andre <stpeter@stpeter.im>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Cc: IETF HTTP State WG <http-state@ietf.org>
Subject: [http-state] PROTO Publication Request for draft-ietf-httpstate-cookie
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2010 20:45:27 -0000
Document Shepherd Write-Up for http://tools.ietf.org/html/draft-ietf-httpstate-cookie-18 "HTTP State Management Mechanism" (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? The Document Shepherd is Jeff Hodges. The document has been reviewed and is ready for forwarding to IESG for publication. (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document had one official WG Last Call, and has been revised and re-reviewed several times since issuance of WG Last Call. It received considerable review from working group participants, several of whom are implementors of the (sub)protocol. Commenters include (in no particular order) Dan Witte, Daniel Stenberg, Bjoern Hoehrmann, Julian Reschke, Anne van Kesteren, Roy T. Fielding, Mark Pauley, Yngve Nysaeter Pettersen, Bil Corry, Dan Winship, and others. The Document Shepherd does not have concerns about the depth or breadth of the reviews. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization or XML? The document should undergo the usual Gen-ART and secdir reviews. Otherwise the Document Shepherd does not have concerns over the level and breadth of review for this document. This is a moderate length document although with some involved algorithms -- schedules for external reviews should keep that in mind. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue. The document shepherd has no concerns with this document. There have been no IPR disclosures on this document. Disclosure number 1199 was filed on RFC2965. This spec will obsolete RFC2965 and requests that RFC2965 and RFC2109 be re-classified as Historic. This draft borrows from RFC2109 and so asserts pre-RFC5378 IPR boilerplate. (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? Among the people currently active in the WG there is a wide consensus behind the document. No objections have been raised to this version of the document. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) Nobody has threatened an appeal or otherwise indicated extreme discontent. (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See the Internet-Drafts Checklist and http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type and URI type reviews? idnits 2.12.05 returns a few other warnings that do not appear to be substantive. The Document Shepherd believes that the document contains all needed information. (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. The draft contains both normative and informative references. The draft contains a normative reference to an obsoleted specification, RFC3490, and an annotation is given in its References entry pointing back to the text where this is explicitly explained (in Section 6.3). This is due to the intricacies of referencing IDNA{2008,2003}, of which this document is a test case by virtue of being one of the first to do so. Otherwise the draft normatively references only standards-track RFCs. The draft contains informative references to both RFC2109 and RFC2965 (the latter obsoletes the former) because RFC2109 more closely resembles (but doesn't actually specify) how HTTP cookies are implemented and utilized on today's Internet, and references to both are necessary to accurately convey the present state, and history, of cookie standardization. The draft contains informative references to three non-IETF documents. (1.i) Has the Document Shepherd verified that the document IANA consideration section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC5226]. If the document describes an Expert Review process has Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during the IESG Evaluation? The draft contains a non-empty IANA Considerations section, and the Document Shepherd believes that it properly references the appropriate registry and properly specifies new entries in that registry. (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? The draft contains various ABNF stanzas which were checked via <http://tools.ietf.org/tools/bap/abnf.cgi> which reported "No errors during parsing." (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up? Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary Relevant content can frequently be found in the abstract and/or introduction of the document. If not, this may be an indication that there are deficiencies in the abstract or introduction. This document defines the HTTP Cookie and Set-Cookie HTTP header fields as they are presently utilized on the Internet. Although these headers were previously specified by RFC 2109, which is obsoleted by RFC2965, those specifications do not accurately reflect actual usage. These header fields can be used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol. This specification defines a well-behaved profile of in-the-wild Cookie and Set-Cookie header usage for servers, and describes the full cookie syntax and semantics for user agents. The intention is to realistically support backwards compatibility with current practice (and accurately specify such) while encouraging servers and web applications to normalize to more standardized behavior. Because this specification provides the first complete and accurate documentation of cookies as they are used on the Internet, it requests the following actions of the RFC Editor: (1) obsolete RFC 2965; (2) change the status of RFC 2109 to Historic; (3) change the status of RFC 2965 to Historic. Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? There is strong consensus in the working group to publish this document. There were concerns raised with respect to the differing presentation modalities (declarative versus algorithmic) between the specification of server-side behavior and user agent behavior, although the WG worked through those issues. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? The HTTP cookie sub-protocol as specified in the draft is widely implemented in todays major browsers. Some existing servers implement something close to or the same as the draft's "server reqirements" while others emit various variations which the "user agent requirements" are designed to handle. Various browser implementors participated in the working group, as well as some server-side implementors. HTTPbis editors also participated. Without this specification, cookies as presently utilized on the Internet are effectively un-specified. With this specification, an implementor will be able to craft a new user agent or server that will interoperate with other presently deployed HTTP-speaking cookie-employing entities. ### idnits 2.12.05 tmp/draft-ietf-httpstate-cookie-18.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see http://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to http://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to http://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document has a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. Does it really need the disclaimer? -- The document date (November 9, 2010) is 9 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3490 (Obsoleted by RFC 5890, RFC 5891) -- Obsolete informational reference (is this intentional?): RFC 2109 (Obsoleted by RFC 2965) Summary: 1 error (**), 0 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- ### end