Re: [http-state] Comments on draft-ietf-httpstate-cookie-08.txt (1 - 4.1.2.)
Adam Barth <ietf@adambarth.com> Mon, 31 May 2010 16:26 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0D7393A689B for <http-state@core3.amsl.com>; Mon, 31 May 2010 09:26:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.822
X-Spam-Level:
X-Spam-Status: No, score=-0.822 tagged_above=-999 required=5 tests=[AWL=0.555, BAYES_50=0.001, FM_FORGED_GMAIL=0.622, GB_I_LETTER=-2]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BgzJyNjWE2Ns for <http-state@core3.amsl.com>; Mon, 31 May 2010 09:26:25 -0700 (PDT)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by core3.amsl.com (Postfix) with ESMTP id 7BFCD3A687B for <http-state@ietf.org>; Mon, 31 May 2010 09:26:25 -0700 (PDT)
Received: by vws15 with SMTP id 15so823973vws.31 for <http-state@ietf.org>; Mon, 31 May 2010 09:26:10 -0700 (PDT)
Received: by 10.224.78.104 with SMTP id j40mr1778336qak.251.1275323169224; Mon, 31 May 2010 09:26:09 -0700 (PDT)
Received: from mail-yw0-f182.google.com (mail-yw0-f182.google.com [209.85.211.182]) by mx.google.com with ESMTPS id f5sm1617693qcg.8.2010.05.31.09.26.05 (version=SSLv3 cipher=RC4-MD5); Mon, 31 May 2010 09:26:05 -0700 (PDT)
Received: by ywh12 with SMTP id 12so3518332ywh.19 for <http-state@ietf.org>; Mon, 31 May 2010 09:26:04 -0700 (PDT)
Received: by 10.151.28.14 with SMTP id f14mr5442311ybj.398.1275323164383; Mon, 31 May 2010 09:26:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.147.66 with HTTP; Mon, 31 May 2010 09:25:44 -0700 (PDT)
In-Reply-To: <lbb706tqebunfropg9o1teehms9fu5aq53@hive.bjoern.hoehrmann.de>
References: <f5jqv5pu3oksmjndegd5a329gp40opqsr5@hive.bjoern.hoehrmann.de> <AANLkTin2dZ3v681D2W4yZEHhnc_0G8mAQRsMA8ZQ6wWF@mail.gmail.com> <g13rv59fpsefi1jhuuuds4evqqc8baia7o@hive.bjoern.hoehrmann.de> <AANLkTimUXR0FI3D3KKZ2rOO2QEEGReKlRBCY5ZanwL24@mail.gmail.com> <lbb706tqebunfropg9o1teehms9fu5aq53@hive.bjoern.hoehrmann.de>
From: Adam Barth <ietf@adambarth.com>
Date: Mon, 31 May 2010 09:25:44 -0700
Message-ID: <AANLkTinmliI2Sp0hU0m0IqzWpEpACeNLbW_Q_KeQnJ-O@mail.gmail.com>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: http-state@ietf.org
Subject: Re: [http-state] Comments on draft-ietf-httpstate-cookie-08.txt (1 - 4.1.2.)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 May 2010 16:26:27 -0000
On Mon, May 31, 2010 at 6:54 AM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote: > * Adam Barth wrote: >>>>> In section 2.2 the imported rules should be phrased as grammar to make >>>>> them easer to scan and read, i.e., e.g. >>>>> >>>>> ALPHA =<as defined in ...> ; A-Z / a-z >>>>> ... >>>> >>>> I looked a bunch of RFCs and this didn't appear to be that common. >>>> I'd be happy to do this if you can show me three relatively recent >>>> RFCs that use this pattern. >>> >>> Adam is right; not expanding the RFC 5234 base rules is quite common. >> >>Ok. I've left these as is. > > Assuming Julian's point is about the "A-Z" comment above, that is not my > concern at all. The current text already has expansions, but they are > misleading (for example, it calls `ALPHA` just "letters", but there are > many letters that `ALPHA` does not include). I am fine with omitting the > current expansions alltogether, but would prefer using ABNF syntax as > above, regardless of the "; A-Z / a-z" comment, as that is more readable > and a convention the document uses elsewhere. This text comes verbatim from HTTPbis: http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-09#section-1.2 Is there a better role model that I should follow? >>> Drawing attention to the obvious should be avoided as readers would have >>> to expend additional effort to confirm that what is being pointed out is >>> indeed obvious -- and not some subtlety they've missed -- for no gain. >>> If a specification replaces two older ones based on implementation ex- >>> perience, then it is obvious that the older specifications do not re- >>> flect current practise equally well. >> >>Hopefully the added citation to Kristol's missive should suffice. The >>old spec are actively harmful. This text is meant to reassure the >>reader that we're contrite for our previous sins and are trying to do >>no harm in this document. > > I do not believe that is sufficient. I believe I've explained why I > think the current formulation is inadequate and I've made suggestions > how to rephrase it. If you have no suggestions how to rephrase it in a > manner we can agree on, I am happy to raise this issue again during IETF > review, perhaps others have some suggestions. Ok. I stand by the current text as factually accurate. >>> In the context of "hosts" the term "canonicalized" is overloaded with >>> definitions, RFC 1123 for example defines it quite differently than >>> draft-ietf-httpstate-cookie-08.txt. >> >>I've changed the text to define a "canonicalized string", which should >>emphasize that the name of the formal parameter is irrelevant. > > I will revisit this later. > >>> Further, the permissable range of values for `request-host` is larger >>> than the apparent domain of the draft's `canonicalized` "function". >>> For instance, the "host" can be an IP-Literal, but you cannot apply >>> the ToASCII function to those -- they are outside its domain. >> >>Ok. Well, I'm happy to write whatever you like in that part of the >>spec. The point is we need the puny code version of the host name. >>When I wrote that before, someone complained that I couldn't use the >>words "puny code" in that way, so I adopted the text they recommend. >>Now I'm told that I can't use the text they gave me. >> >>This text is really trying to accomplish a very simply task, which is >>to obtain the lower case, puny code version of a host name from a URL. >> In code, this is as simple as writing "url->host()". Let me know >>what the magic phase is, and I'm happy to appease. > > I am happy to make a suggestion once there is a proper definition for > `request-host`. Here's the definition of request-host: [[ <t>The terms request-host and request-uri refer to the values the user agent would send to the server as, respectively, the host (but not port) and the absoluteURI (http_URL) of the HTTP Request-Line.</t> ]] Is that definition improper? What would a superior definition be? > If you start from a resource identifier, this will most > likely need a condition (if it is non-ascii and represents an IDN, then > transform into the IDNA encoding) and an exception handler (if trans- > formation fails, then...; I do not know what is to happen in that case > though). We need to start with an HTTP request. >>>[ABNF vs RFC 2616 grammar differences] > >>Would you prefer that line said something else to clarify that we >>really mean the ABNF notation of RFC5234 as opposed to something else? >> Would you like that text copy/pasted to every location where we use >>an ABNF grammar? I'm happy to review a diff to the spec. > > Copying the rfc1123-date grammar from draft-ietf-httpbis-p1-messaging-09 > into an appendix would probably be the best solution as differences with > case-sensitivity and white space would then no longer be a source of > confusion. Otherwise there simply should be a reminder that the grammar > notation is different from RFC 2616 and care must be taken to apply the > right rules for imported symbols. I've add the following text near the use of 1123-date: [[ sane-cookie-date = <rfc1123-date, as defined in RFC 2616> ; Note that RFC 2616 uses a different grammatical notation ; than this document (which uses ABNF from RFC5234). ]] Hopefully that addresses your concerns. Adam
- [http-state] Comments on draft-ietf-httpstate-coo… Bjoern Hoehrmann
- Re: [http-state] Comments on draft-ietf-httpstate… Adam Barth
- Re: [http-state] Comments on draft-ietf-httpstate… Bjoern Hoehrmann
- Re: [http-state] Comments on draft-ietf-httpstate… Daniel Stenberg
- Re: [http-state] Comments on draft-ietf-httpstate… Bjoern Hoehrmann
- Re: [http-state] Comments on draft-ietf-httpstate… Adam Barth
- Re: [http-state] Comments on draft-ietf-httpstate… Bjoern Hoehrmann
- Re: [http-state] Comments on draft-ietf-httpstate… Adam Barth
- Re: [http-state] Comments on draft-ietf-httpstate… Julian Reschke
- Re: [http-state] Comments on draft-ietf-httpstate… Bjoern Hoehrmann
- Re: [http-state] Comments on draft-ietf-httpstate… Adam Barth
- Re: [http-state] Comments on draft-ietf-httpstate… Bjoern Hoehrmann
- Re: [http-state] Comments on draft-ietf-httpstate… Adam Barth
- [http-state] BNF notation differences, was: Comme… Julian Reschke
- Re: [http-state] BNF notation differences, was: C… Bjoern Hoehrmann
- Re: [http-state] BNF notation differences, was: C… Adam Barth
- Re: [http-state] BNF notation differences, was: C… Adam Barth
- [http-state] ABNF prose productions, was: BNF not… Julian Reschke
- Re: [http-state] BNF notation differences, was: C… Julian Reschke