Re: [http-state] Ticket 11: Character encoding for non-ASCII cookies values

Adam Barth <ietf@adambarth.com> Wed, 03 March 2010 23:15 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D471728C169 for <http-state@core3.amsl.com>; Wed, 3 Mar 2010 15:15:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kc7xtWpPMQxs for <http-state@core3.amsl.com>; Wed, 3 Mar 2010 15:15:01 -0800 (PST)
Received: from mail-qy0-f201.google.com (mail-qy0-f201.google.com [209.85.221.201]) by core3.amsl.com (Postfix) with ESMTP id 2A5923A8BB3 for <http-state@ietf.org>; Wed, 3 Mar 2010 15:14:59 -0800 (PST)
Received: by qyk39 with SMTP id 39so1476117qyk.22 for <http-state@ietf.org>; Wed, 03 Mar 2010 15:14:57 -0800 (PST)
Received: by 10.224.81.148 with SMTP id x20mr4832281qak.311.1267658083290; Wed, 03 Mar 2010 15:14:43 -0800 (PST)
Received: from mail-iw0-f189.google.com (mail-iw0-f189.google.com [209.85.223.189]) by mx.google.com with ESMTPS id 2sm17926936qwi.21.2010.03.03.15.14.41 (version=SSLv3 cipher=RC4-MD5); Wed, 03 Mar 2010 15:14:42 -0800 (PST)
Received: by iwn27 with SMTP id 27so1621020iwn.5 for <http-state@ietf.org>; Wed, 03 Mar 2010 15:14:41 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.144.201 with SMTP id a9mr92569ibv.69.1267658081001; Wed, 03 Mar 2010 15:14:41 -0800 (PST)
In-Reply-To: <CB794A2E-2F2F-4CE4-8B15-BBE1A1E1B50F@apple.com>
References: <5c4444771003021624qc0b00cet27e348cb6d023b08@mail.gmail.com> <CB794A2E-2F2F-4CE4-8B15-BBE1A1E1B50F@apple.com>
From: Adam Barth <ietf@adambarth.com>
Date: Wed, 3 Mar 2010 15:14:20 -0800
Message-ID: <5c4444771003031514i1822f370p45a8f2fba957d594@mail.gmail.com>
To: Mark Pauley <mpauley@apple.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] Ticket 11: Character encoding for non-ASCII cookies values
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2010 23:15:09 -0000

On Wed, Mar 3, 2010 at 9:27 AM, Mark Pauley <mpauley@apple.com> wrote:
> Yes, CFNetwork (the component responsible for cookie handling in Safari) currently drops any cookies created with non-ascii values.
>
> In the future, we ought to treat these as opaque octets.  However, the current cookie spec would lead me to believe that we should reject any cookies that contain control characters, which would be most non-ascii UTF-8 sequences, right?

That's not the intent of the current draft.  May I ask what leads you
to believe that?

Adam