IETF Logo Mail Archive

Re: [http-state] cake and session stealing

"Thomson, Martin" <Martin.Thomson@andrew.com> Tue, 27 July 2010 09:20 UTC

Return-Path: <Martin.Thomson@andrew.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ED9203A6A91 for <http-state@core3.amsl.com>; Tue, 27 Jul 2010 02:20:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.197
X-Spam-Level:
X-Spam-Status: No, score=-3.197 tagged_above=-999 required=5 tests=[AWL=-0.598, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hpkjRLz0z606 for <http-state@core3.amsl.com>; Tue, 27 Jul 2010 02:20:35 -0700 (PDT)
Received: from csmailgw1.commscope.com (csmailgw1.commscope.com [198.135.207.244]) by core3.amsl.com (Postfix) with ESMTP id 115453A6A67 for <http-state@ietf.org>; Tue, 27 Jul 2010 02:20:35 -0700 (PDT)
Received: from [10.86.20.103] ([10.86.20.103]:349 "EHLO ACDCE7HC2.commscope.com") by csmailgw1.commscope.com with ESMTP id S28712283Ab0G0JU4 (ORCPT <rfc822; http-state@ietf.org>); Tue, 27 Jul 2010 04:20:56 -0500
Received: from SISPE7HC2.commscope.com (10.97.4.13) by ACDCE7HC2.commscope.com (10.86.20.103) with Microsoft SMTP Server (TLS) id 8.1.436.0; Tue, 27 Jul 2010 04:20:56 -0500
Received: from SISPE7MB1.commscope.com ([fe80::9d82:a492:85e3:a293]) by SISPE7HC2.commscope.com ([fe80::58c3:2447:f977:57c3%10]) with mapi; Tue, 27 Jul 2010 17:20:53 +0800
From: "Thomson, Martin" <Martin.Thomson@andrew.com>
To: Adam Barth <ietf@adambarth.com>
Date: Tue, 27 Jul 2010 17:23:05 +0800
Thread-Topic: cake and session stealing
Thread-Index: Acsta2Udm1MGMdcIQ4KzgSrNjrX8/AAAX8FQ
Message-ID: <8B0A9FCBB9832F43971E38010638454F03EB773754@SISPE7MB1.commscope.com>
References: <8B0A9FCBB9832F43971E38010638454F03EB773659@SISPE7MB1.commscope.com> <AANLkTi=2y+EDtyer3vn-eX8j-ao0U9jGnS-PDirqSojB@mail.gmail.com> <8B0A9FCBB9832F43971E38010638454F03EB773720@SISPE7MB1.commscope.com> <AANLkTikB-Xn-t-_0pHoY+9eWZueAUyXLfnd5cF=mJO9G@mail.gmail.com> <8B0A9FCBB9832F43971E38010638454F03EB77373E@SISPE7MB1.commscope.com> <AANLkTimEMK2O5ZMR1HR3gRTX6H8bwmifKVQ4FvPQxotu@mail.gmail.com> <8B0A9FCBB9832F43971E38010638454F03EB77374D@SISPE7MB1.commscope.com> <AANLkTi=dZ-9NsNGFyOaqQDUFkJZ3JKV024PpsGm=qg8s@mail.gmail.com>
In-Reply-To: <AANLkTi=dZ-9NsNGFyOaqQDUFkJZ3JKV024PpsGm=qg8s@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-BCN: Meridius 1000 Version 3.4 on csmailgw1.commscope.com
X-BCN-Sender: Martin.Thomson@andrew.com
Cc: "http-state@ietf.org" <http-state@ietf.org>
Subject: Re: [http-state] cake and session stealing
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2010 09:20:36 -0000

OK, thanks Adam.

I'm happy.  I'll say what (I think) EKR did: it's not a terrible idea.  It could work.

Obviously, the tracking thing needs a bit more consideration, and the self-signed cert option (which sounds like a cool idea) will require server changes, but those are secondary problems.

--Martin

v2.23.0 | Report a Bug | By Email