Re: [http-state] Is this an omission in the parser rules of draft-ietf-httpstate-cookie-21?

Julian Reschke <julian.reschke@gmx.de> Tue, 15 February 2011 20:44 UTC

Return-Path: <julian.reschke@gmx.de>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 73F6C3A6DC1 for <http-state@core3.amsl.com>; Tue, 15 Feb 2011 12:44:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.355
X-Spam-Level:
X-Spam-Status: No, score=-103.355 tagged_above=-999 required=5 tests=[AWL=-0.756, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KjcxRBiYgNoY for <http-state@core3.amsl.com>; Tue, 15 Feb 2011 12:44:57 -0800 (PST)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by core3.amsl.com (Postfix) with SMTP id 470F23A6D63 for <http-state@ietf.org>; Tue, 15 Feb 2011 12:44:56 -0800 (PST)
Received: (qmail invoked by alias); 15 Feb 2011 20:45:21 -0000
Received: from mail.greenbytes.de (EHLO [192.168.1.138]) [217.91.35.233] by mail.gmx.net (mp054) with SMTP; 15 Feb 2011 21:45:21 +0100
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1/2P0ts9Ov211UqzHiftgxceDMMLTaEr51tlMxK5T lN2YmHeuI+g2DX
Message-ID: <4D5AE5DB.70402@gmx.de>
Date: Tue, 15 Feb 2011 21:45:15 +0100
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: "Roy T. Fielding" <fielding@gbiv.com>
References: <20110204184735.26023.qmail@mm01.prod.mesa1.secureserver.net> <AANLkTi=qBVkGwMHqAidtwP5_A8pPrF-Y9MV4jgYS5_QM@mail.gmail.com> <7384878F-C44A-42A4-9694-1BB1C18AA5E6@gbiv.com> <AANLkTinFq7bE_e3SSgdjuFvZ8hGn1xy4Hc1VKwc=vp1D@mail.gmail.com> <49225418-A1AF-4299-8C4F-2E608D34265D@gbiv.com> <AANLkTimrJF3LFR4t4j=U2L33kFh+wf-R=sjjwexcmyPi@mail.gmail.com> <26240DE2-4DD3-4863-81B1-635D34BA4AE4@gbiv.com>
In-Reply-To: <26240DE2-4DD3-4863-81B1-635D34BA4AE4@gbiv.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: http-state@ietf.org
Subject: Re: [http-state] Is this an omission in the parser rules of draft-ietf-httpstate-cookie-21?
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Feb 2011 20:44:58 -0000

On 15.02.2011 21:29, Roy T. Fielding wrote:
> ...
> Why are you arguing against this?  You are adamant about
> supporting the above syntax in browsers, for the same reasons,
> and there is no harm in supporting the complete Netscape syntax
> in the server grammar.
> ...

Indeed.

If this spec wants to describe cookies-as-used, there's little reason to 
disallow certain cookies when they do interop today, and are not harmful 
with respect to security.

Best regards, Julian