[http-state] [Errata Verified] RFC6265 (7604)
RFC Errata System <rfc-editor@rfc-editor.org> Wed, 12 February 2025 11:54 UTC
Return-Path: <wwwrun@rfcpa.rfc-editor.org>
X-Original-To: http-state@ietfa.amsl.com
Delivered-To: http-state@ietfa.amsl.com
Received: from mail.ietf.org (ietfa.amsl.com [50.223.129.194]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPSA id D7566C14F5EA; Wed, 12 Feb 2025 03:54:29 -0800 (PST)
Received: from rfcpa.rfc-editor.org (unknown [167.172.21.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3D21C14F5E5; Wed, 12 Feb 2025 03:54:29 -0800 (PST)
Received: by rfcpa.rfc-editor.org (Postfix, from userid 461) id 3FAE623E262; Wed, 12 Feb 2025 03:54:29 -0800 (PST)
To: tedz2usa@gmail.com, abarth@eecs.berkeley.edu
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20250212115429.3FAE623E262@rfcpa.rfc-editor.org>
Date: Wed, 12 Feb 2025 03:54:29 -0800
Message-ID-Hash: S6PIST5VLPDT3U7CSOBN53LLTRRFJTUZ
X-Message-ID-Hash: S6PIST5VLPDT3U7CSOBN53LLTRRFJTUZ
X-MailFrom: wwwrun@rfcpa.rfc-editor.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-http-state.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: francesca.palombini@ericsson.com, iesg@ietf.org, http-state@ietf.org, iana@iana.org, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [http-state] [Errata Verified] RFC6265 (7604)
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-state/H4wJ9rsMFmn6PdJHWybsCivjQMo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-state>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Owner: <mailto:http-state-owner@ietf.org>
List-Post: <mailto:http-state@ietf.org>
List-Subscribe: <mailto:http-state-join@ietf.org>
List-Unsubscribe: <mailto:http-state-leave@ietf.org>
The following errata report has been verified for RFC6265, "HTTP State Management Mechanism". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7604 -------------------------------------- Status: Verified Type: Technical Reported by: Ted Zhu <tedz2usa@gmail.com> Date Reported: 2023-08-15 Verified by: Francesca Palombini (IESG) Section: 3. Overview Original Text ------------- User agents MAY ignore Set-Cookie headers contained in responses with 100-level status codes but MUST process Set-Cookie headers contained in other responses (including responses with 400- and 500-level status codes). Corrected Text -------------- Cookie-enabled user agents MAY ignore Set-Cookie headers contained in responses with 100-level status codes but MUST process Set-Cookie headers contained in other responses (including responses with 400- and 500-level status codes). Notes ----- The concern is that the sentence in its original form may be read to mean that all conforming user agents MUST process Set-Cookie headers contained in non 100-level responses, when, differing behavior is allowed as described in sections 5.2 and 7.2: Section 5.2, paragraph 1: "When a user agent receives a Set-Cookie header field in an HTTP response, the user agent MAY ignore the Set-Cookie header field in its entirety." Section 7.2, paragraph 2: "When cookies are disabled, ... the user agent MUST NOT process Set-Cookie headers in inbound HTTP responses." The suggested correction is one possible way to alleviate this erratum concern. However, the erratum author does not know if this is the most optimal disambiguation method. -------------------------------------- RFC6265 (draft-ietf-httpstate-cookie-23) -------------------------------------- Title : HTTP State Management Mechanism Publication Date : April 2011 Author(s) : A. Barth Category : PROPOSED STANDARD Source : HTTP State Management Mechanism Stream : IETF Verifying Party : IESG
- [http-state] [Errata Verified] RFC6265 (7604) RFC Errata System