Re: [http-state] Ticket 11: Character encoding for non-ASCII cookies values
Adam Barth <ietf@adambarth.com> Wed, 03 March 2010 05:47 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B544A3A7EE4 for <http-state@core3.amsl.com>; Tue, 2 Mar 2010 21:47:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K-mb8n9nmnfB for <http-state@core3.amsl.com>; Tue, 2 Mar 2010 21:47:00 -0800 (PST)
Received: from mail-yx0-f188.google.com (mail-yx0-f188.google.com [209.85.210.188]) by core3.amsl.com (Postfix) with ESMTP id BB9023A7A40 for <http-state@ietf.org>; Tue, 2 Mar 2010 21:46:56 -0800 (PST)
Received: by yxe26 with SMTP id 26so587220yxe.29 for <http-state@ietf.org>; Tue, 02 Mar 2010 21:46:55 -0800 (PST)
Received: by 10.90.40.4 with SMTP id n4mr2097177agn.44.1267595215059; Tue, 02 Mar 2010 21:46:55 -0800 (PST)
Received: from mail-iw0-f179.google.com (mail-iw0-f179.google.com [209.85.223.179]) by mx.google.com with ESMTPS id 21sm4855716iwn.3.2010.03.02.21.46.52 (version=SSLv3 cipher=RC4-MD5); Tue, 02 Mar 2010 21:46:53 -0800 (PST)
Received: by iwn9 with SMTP id 9so1195407iwn.17 for <http-state@ietf.org>; Tue, 02 Mar 2010 21:46:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.143.148 with SMTP id v20mr424839ibu.14.1267595212132; Tue, 02 Mar 2010 21:46:52 -0800 (PST)
In-Reply-To: <4BF4ABE3-7699-4D75-9E3C-48871CBA13E8@gbiv.com>
References: <5c4444771003021624qc0b00cet27e348cb6d023b08@mail.gmail.com> <4BF4ABE3-7699-4D75-9E3C-48871CBA13E8@gbiv.com>
From: Adam Barth <ietf@adambarth.com>
Date: Tue, 02 Mar 2010 21:46:32 -0800
Message-ID: <5c4444771003022146h1e4dfc3fi4196b5697725ebc3@mail.gmail.com>
To: "Roy T. Fielding" <fielding@gbiv.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] Ticket 11: Character encoding for non-ASCII cookies values
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2010 05:47:01 -0000
On Tue, Mar 2, 2010 at 5:08 PM, Roy T. Fielding <fielding@gbiv.com> wrote: > On Mar 2, 2010, at 4:24 PM, Adam Barth wrote: >> The draft treats the cookie values as opaque octets throughout for use >> on the wire. I've added a SHOULD-level requirement to use a UTF8 when >> converting the octets to characters (e.g., for use in the user agent's >> user interface). >> >> Given that the encoding issue doesn't appear to affect >> interoperability on the wire, I think a SHOULD-level recommendation is >> appropriate here. If specific APIs (e.g., document.cookie) have more >> specific needs, they can add additional requirements. >> >> Thoughts? > > I think that is fine if it is made clear that UTF-8 is only applicable > after the field value is extracted from the rest of the message. I.e., > the HTTP parser must be ASCII-based and thus not vulnerable to > invalid Unicode byte sequences. Hopefully that should be clear in the draft. The encoding is mention at the end of the serialization section (which is two sections after the parsing section). Adam
- [http-state] Ticket 11: Character encoding for no… Adam Barth
- Re: [http-state] Ticket 11: Character encoding fo… Dan Witte
- Re: [http-state] Ticket 11: Character encoding fo… Roy T. Fielding
- Re: [http-state] Ticket 11: Character encoding fo… Adam Barth
- Re: [http-state] Ticket 11: Character encoding fo… Achim Hoffmann
- Re: [http-state] Ticket 11: Character encoding fo… Adam Barth
- Re: [http-state] Ticket 11: Character encoding fo… Mark Pauley
- Re: [http-state] Ticket 11: Character encoding fo… Daniel Stenberg
- Re: [http-state] Ticket 11: Character encoding fo… Adam Barth
- Re: [http-state] Ticket 11: Character encoding fo… Adam Barth
- Re: [http-state] Ticket 11: Character encoding fo… Daniel Stenberg
- Re: [http-state] Ticket 11: Character encoding fo… Mark Pauley
- Re: [http-state] Ticket 11: Character encoding fo… Adam Barth
- Re: [http-state] Ticket 11: Character encoding fo… Mark Pauley
- Re: [http-state] Ticket 11: Character encoding fo… Adam Barth
- Re: [http-state] Ticket 11: Character encoding fo… Adam Barth
- Re: [http-state] Ticket 11: Character encoding fo… Mark Pauley
- Re: [http-state] Ticket 11: Character encoding fo… Daniel Stenberg
- Re: [http-state] Ticket 11: Character encoding fo… Adam Barth
- Re: [http-state] Ticket 11: Character encoding fo… Adam Barth