Re: [http-state] comments on http-state charter
=JeffH <Jeff.Hodges@KingsMountain.com> Mon, 17 August 2009 23:03 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 938943A6F54 for <http-state@core3.amsl.com>; Mon, 17 Aug 2009 16:03:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5q3VNcM+Kksj for <http-state@core3.amsl.com>; Mon, 17 Aug 2009 16:03:12 -0700 (PDT)
Received: from outbound-mail-105.bluehost.com (outbound-mail-105.bluehost.com [69.89.18.5]) by core3.amsl.com (Postfix) with SMTP id 9DD563A6F4A for <http-state@ietf.org>; Mon, 17 Aug 2009 16:03:12 -0700 (PDT)
Received: (qmail 16886 invoked by uid 0); 17 Aug 2009 23:03:17 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by outboundproxy3.bluehost.com with SMTP; 17 Aug 2009 23:03:17 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kingsmountain.com; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding:X-Identified-User; b=uTj4oY5zMrNUuFfkrYb5VO/6P5zw3n/bnig6I0CoiS2KIUiDm3L+mynFBVZlsCOe1L3aXdtg8BYxBoi4flpNO13sG3iN4ZxBpng7IldSUIFY8tEDX0bnY0LlUAqAqbd+;
Received: from outbound4.ebay.com ([216.113.168.128] helo=[10.244.48.61]) by box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1MdBET-0007ze-FU for http-state@ietf.org; Mon, 17 Aug 2009 17:03:17 -0600
Message-ID: <4A89E1C2.3030500@KingsMountain.com>
Date: Mon, 17 Aug 2009 16:03:30 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Thunderbird 1.5.0.14ubu (X11/20080306)
MIME-Version: 1.0
To: HTTP State <http-state@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Subject: Re: [http-state] comments on http-state charter
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2009 23:03:13 -0000
Bil Corry wrote on Mon, 10 Aug 2009 15:35:57 -0500 (13:35 PDT): > Thank you for the suggestions, I've (mostly) incorporated them. Below is the > latest draft of the charter -- super, thanks. > I've purposely left off the WG task of > creating new features for cookies and instead made the focus of the WG to > only document existing cookie behavior. This is based on the feedback I've > seen so far and I think it'll help keep us from getting distracted. agreed. > Also, I > think it'll be challenging to add new features until we have a spec that > enumerates existing behavior. However, rather than having to form the WG > again to address new features, we could allow the WG to elect to tackle new > features at a future date -- perhaps after the bulk of the work for the > primary task is completed. yes, the working group can be re-chartered at a later date. minor comments on the latest charter draft below. thanks, =JeffH > Charter: HTTP State Management Mechanism (http-state) WG > > Last Modified: 2008-08-10 > > Mailing Lists: > General Discussion: http-state@ietf.org > To Subscribe: https://www.ietf.org/mailman/listinfo/http-state > Archive: http://www.ietf.org/mail-archive/web/http-state/current/maillist.html > Alternative Archive: http://groups.google.com/group/http-state > > Description of Working Group: > > The HTTP State Management Mechanism (aka Cookies) was originally > created by Netscape Communications in their informal Netscape cookie > specification ("cookie_spec.html"), from which formal specifications > RFC 2109 and RFC 2965 evolved. The formal specifications, however, > were never fully implemented in practice; RFC 2109, in addition to > cookie_spec.html, more closely resemble real-world implementations > than RFC 2965, even though RFC 2965 officially obsoletes the former. > Compounding the problem are undocumented features (such as HTTPOnly), > and widely varying behaviors among real-world implementations. ^ cite.. http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies ..here? > The working group will create a new RFC that obsoletes RFC 2965 and > specifies Cookies as they are actually used in existing > implementations and deployments. Where differences exist among the > most common implementations, the working group will document the > variations and provide a recommended choice for new implementations. ^ updates and > This will also allow existing implementations to improve ^^^^^ facilitate > interoperability if they so choose. > > The following specifications, RFCs and Internet-Drafts should be ^ documents, > considered: > * cookie_spec.html - Netscape Cookie Specification > http://web.archive.org/web/20070805052634/http://wp.netscape.com/newsref/std/cookie_spec.html * Browser Security Handbook http://code.google.com/p/browsersec/wiki/Main > * RFC 2109 - HTTP State Management Mechanism (Obsoleted by RFC 2965) > http://tools.ietf.org/html/rfc2109 > * RFC 2964 - Use of HTTP State Management > http://tools.ietf.org/html/rfc2964 > * RFC 2965 - HTTP State Management Mechanism (Obsoletes RFC 2109) > http://tools.ietf.org/html/rfc2965 > * Widely Implemented - HTTPOnly > http://www.owasp.org/index.php/HTTPOnly > > Goals and Milestones: > TBD --- end
- [http-state] comments on http-state charter =JeffH
- Re: [http-state] comments on http-state charter Leif Johansson
- Re: [http-state] comments on http-state charter Bil Corry
- Re: [http-state] comments on http-state charter Julian Reschke
- Re: [http-state] comments on http-state charter Bil Corry
- Re: [http-state] comments on http-state charter =JeffH
- Re: [http-state] comments on http-state charter Bil Corry
- Re: [http-state] comments on http-state charter Julian Reschke
- Re: [http-state] comments on http-state charter Yngve N. Pettersen
- Re: [http-state] comments on http-state charter Adam Barth
- Re: [http-state] comments on http-state charter =JeffH
- Re: [http-state] comments on http-state charter Yngve Nysaeter Pettersen
- Re: [http-state] comments on http-state charter Adam Barth
- Re: [http-state] comments on http-state charter Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [http-state] comments on http-state charter Adam Barth