[http-state] [Errata Held for Document Update] RFC6265 (8242)
RFC Errata System <rfc-editor@rfc-editor.org> Tue, 14 January 2025 15:32 UTC
Return-Path: <wwwrun@rfcpa.rfc-editor.org>
X-Original-To: http-state@ietf.org
Delivered-To: http-state@ietfa.amsl.com
Received: from rfcpa.rfc-editor.org (unknown [167.172.21.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B8D7C169434; Tue, 14 Jan 2025 07:32:43 -0800 (PST)
Received: by rfcpa.rfc-editor.org (Postfix, from userid 461) id CA9D91C9741; Tue, 14 Jan 2025 07:32:42 -0800 (PST)
To: vladimir.gorej@gmail.com, abarth@eecs.berkeley.edu
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20250114153242.CA9D91C9741@rfcpa.rfc-editor.org>
Date: Tue, 14 Jan 2025 07:32:42 -0800
Message-ID-Hash: BPLNWUVETJC43F27AOJG7ECWCKRR4N3R
X-Message-ID-Hash: BPLNWUVETJC43F27AOJG7ECWCKRR4N3R
X-MailFrom: wwwrun@rfcpa.rfc-editor.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-http-state.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: orie@transmute.industries, iesg@ietf.org, http-state@ietf.org, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [http-state] [Errata Held for Document Update] RFC6265 (8242)
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-state/YS8mDFpZjWZOvuE9p5K0wRFIk6s>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-state>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Owner: <mailto:http-state-owner@ietf.org>
List-Post: <mailto:http-state@ietf.org>
List-Subscribe: <mailto:http-state-join@ietf.org>
List-Unsubscribe: <mailto:http-state-leave@ietf.org>
The following errata report has been held for document update for RFC6265, "HTTP State Management Mechanism". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8242 -------------------------------------- Status: Held for Document Update Type: Technical Reported by: Vladimír Gorej <vladimir.gorej@gmail.com> Date Reported: 2025-01-06 Held by: Orie Steele (IESG) Section: 4.1.1 Original Text ------------- cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE ) Corrected Text -------------- cookie-value = ( DQUOTE *cookie-octet DQUOTE ) / *cookie-octet Notes ----- Many parsers process ABNF alternatives left-to-right and do not backtrack if an alternative partially matches but ultimately fails. This is why placing *cookie-octet first can cause issues. The quoted pattern ( DQUOTE *cookie-octet DQUOTE ) is more specific than the unquoted pattern *cookie-octet. Placing it first ensures that the parser prioritizes correctly. Quoted values are matched as a whole first. If the value isn’t quoted, the parser safely falls back to checking for unquoted *cookie-octet. -------------------------------------- RFC6265 (draft-ietf-httpstate-cookie-23) -------------------------------------- Title : HTTP State Management Mechanism Publication Date : April 2011 Author(s) : A. Barth Category : PROPOSED STANDARD Source : HTTP State Management Mechanism Stream : IETF Verifying Party : IESG
- [http-state] [Errata Held for Document Update] RF… RFC Errata System