Re: [http-state] parser rules of draft-ietf-httpstate-cookie-22
"Roy T. Fielding" <fielding@gbiv.com> Thu, 24 February 2011 22:21 UTC
Return-Path: <fielding@gbiv.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 07EB73A685A for <http-state@core3.amsl.com>; Thu, 24 Feb 2011 14:21:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rRQl6B4xL9ge for <http-state@core3.amsl.com>; Thu, 24 Feb 2011 14:21:08 -0800 (PST)
Received: from homiemail-a31.g.dreamhost.com (caiajhbdcahe.dreamhost.com [208.97.132.74]) by core3.amsl.com (Postfix) with ESMTP id E6DF93A6826 for <http-state@ietf.org>; Thu, 24 Feb 2011 14:21:08 -0800 (PST)
Received: from homiemail-a31.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a31.g.dreamhost.com (Postfix) with ESMTP id 68172202044; Thu, 24 Feb 2011 14:21:59 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gbiv.com; h=subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to; q=dns; s=gbiv.com; b=DQyEcmN9Bv7GFntb NHI2RV0N/ayyJjLFBYcCxl2c2pAu4ZpBcU9s1Qe2+W9eiGj7pzGwcjzeul8MUJvG Hyh3MiuEnQvR2vys7Hql934b2+J8t4npLEF/st079zHQSXbCXKY7l4e9b01wDqKu 9uueodXJpSBn7qG3MMel2cZF2FI=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gbiv.com; h=subject :mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=gbiv.com; bh=WtNjSXpHidUOOF1a44GwmIywlj8=; b=x49lE0EEadvYev1Bs1j7KxTP/rm5 3lg4/butnDPw+wLUz8rmuBNhfXwVblDEUC+oCfcj/9hs2z2phdyknRZufMr8/clw fTmIGVfxuV1aIz2Lb1mAPrQhUIT8Ud/GMzPZ1cLoWK4pdgwd6cvoxAL6ovJahJ8Z XsniD7LMcQtstPE=
Received: from [192.168.1.84] (99-21-208-82.lightspeed.irvnca.sbcglobal.net [99.21.208.82]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: fielding@gbiv.com) by homiemail-a31.g.dreamhost.com (Postfix) with ESMTPSA id BC42A202043; Thu, 24 Feb 2011 14:21:58 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: "Roy T. Fielding" <fielding@gbiv.com>
In-Reply-To: <AANLkTim18Lu-_8+OB_oXyRK_x6aPV++m2=ZgnahNSLvK@mail.gmail.com>
Date: Thu, 24 Feb 2011 14:21:58 -0800
Content-Transfer-Encoding: 7bit
Message-Id: <D2187615-4E0C-4C3B-B5C7-A0A8CCD9FA0F@gbiv.com>
References: <20110204184735.26023.qmail@mm01.prod.mesa1.secureserver.net> <AANLkTi=qBVkGwMHqAidtwP5_A8pPrF-Y9MV4jgYS5_QM@mail.gmail.com> <7384878F-C44A-42A4-9694-1BB1C18AA5E6@gbiv.com> <AANLkTinFq7bE_e3SSgdjuFvZ8hGn1xy4Hc1VKwc=vp1D@mail.gmail.com> <49225418-A1AF-4299-8C4F-2E608D34265D@gbiv.com> <AANLkTimrJF3LFR4t4j=U2L33kFh+wf-R=sjjwexcmyPi@mail.gmail.com> <26240DE2-4DD3-4863-81B1-635D34BA4AE4@gbiv.com> <AANLkTikzB=VORtn7xiG2JY8ymTjk4epC9huZTC-s0nzq@mail.gmail.com> <4D5AEE94.6010303@gmx.de> <AANLkTimkmZ99qDcXB6=-PGtXq6WQ7+RSreRwsBAHryEj@mail.gmail.com> <DA7A626A-9613-4A49-8A46-8096F7F465B4@gbiv.com> <AANLkTi=aX26NgDx3J0zk6a6H-Fg-9hyuBhfwvVW5nBiH@mail.gmail.com> <AANLkTinnySHEXvaQSxoUAKNaPWThDWdJwnhvCdVfa5Vr@mail.gmail.com> <1E7DE6DF-864A-48AF-B9A3-698DEF4B3B2D@gbiv.com> <4D6590F4.6010505@stpeter.im> <94DA5CF6-88AB-43BD-99AE-921BCA98C7A3@gbiv.com> <AANLkTikxOBCgiAwvg3z2DwyHtJXhTK1=6ipTo16csKr9@mail.gmail.com> <4D66C718.3000300@stpeter.im> <1CE31B7F-5D95-4CFE-B9A1-FBCC9461E472@ gbiv.com> <AANLkTim18Lu-_8+OB_oXyRK_x6aPV++m2=ZgnahNSLvK@mail.gmail.com>
To: Adam Barth <ietf@adambarth.com>
X-Mailer: Apple Mail (2.1082)
Cc: http-state State WG <http-state@ietf.org>
Subject: Re: [http-state] parser rules of draft-ietf-httpstate-cookie-22
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Feb 2011 22:21:11 -0000
On Feb 24, 2011, at 1:50 PM, Adam Barth wrote: > On Thu, Feb 24, 2011 at 1:31 PM, Roy T. Fielding <fielding@gbiv.com> wrote: >> If we would like to limit the use of DQUOTE to how it was limited >> in prior RFCs (matching outer pair), then I suggest >> >> cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE ) >> cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-7E >> >> since that does cover all current usage that I am aware of and >> doesn't allow for odd usages of DQUOTE that might be misinterpreted >> by parsers that did not implement the Netscape spec but did >> implement one of the RFCs. > > DQUOTE is a cargo cult. Matching DQUOTEs, as above, are less > problematic although they do have interoperability problems. For > example, some user agents will incorrectly parse > > Set-Cookie: foo="bar\"; Secure > > (allowed by the grammar above) and will not interpret this header as > containing a Secure cookie. If you insist on DQUOTE, we'll probably > be better off excluding %x5C from cookie-octet. Right, that's because the RFCs allowed backslash quoting by referring to the quoted-string production of HTTP. Given the choice, I'd rather lose backslash than DQUOTE. I haven't seen any Windows pathnames included in cookie values and sending such data would be unwise. Excluding %x5C should be okay. cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE ) cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E ; ASCII characters excluding CTLs, whitespace, ; DQUOTE, comma, semicolon, and backslash ....Roy
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- [http-state] Is this an omission in the parser ru… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Julian Reschke
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Roy T. Fielding
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Peter Saint-Andre
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Peter Saint-Andre
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Roy T. Fielding
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Roy T. Fielding
- Re: [http-state] Is this an omission in the parse… Julian Reschke
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Julian Reschke
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Roy T. Fielding
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Adam Barth
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- Re: [http-state] Is this an omission in the parse… Dan Winship
- Re: [http-state] Is this an omission in the parse… Remy Lebeau
- [http-state] parser rules of draft-ietf-httpstate… Roy T. Fielding
- Re: [http-state] parser rules of draft-ietf-https… Peter Saint-Andre
- Re: [http-state] parser rules of draft-ietf-https… Roy T. Fielding
- Re: [http-state] parser rules of draft-ietf-https… Adam Barth
- Re: [http-state] parser rules of draft-ietf-https… Peter Saint-Andre
- Re: [http-state] parser rules of draft-ietf-https… Roy T. Fielding
- Re: [http-state] parser rules of draft-ietf-https… Remy Lebeau
- Re: [http-state] parser rules of draft-ietf-https… Adam Barth
- Re: [http-state] parser rules of draft-ietf-https… Roy T. Fielding
- Re: [http-state] parser rules of draft-ietf-https… Adam Barth
- Re: [http-state] parser rules of draft-ietf-https… Dan Winship
- Re: [http-state] parser rules of draft-ietf-https… Adam Barth
- Re: [http-state] parser rules of draft-ietf-https… Peter Saint-Andre