Re: [http-state] Updated draft
Daniel Stenberg <daniel@haxx.se> Mon, 17 August 2009 17:40 UTC
Return-Path: <daniel@haxx.se>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EC6E93A6CCE for <http-state@core3.amsl.com>; Mon, 17 Aug 2009 10:40:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[AWL=-0.550, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HTLyD9l0+NmZ for <http-state@core3.amsl.com>; Mon, 17 Aug 2009 10:40:17 -0700 (PDT)
Received: from kluster1.contactor.se (kluster1.contactor.se [91.191.140.11]) by core3.amsl.com (Postfix) with ESMTP id A71FF3A6F1F for <http-state@ietf.org>; Mon, 17 Aug 2009 10:40:16 -0700 (PDT)
Received: from linux2.contactor.se (linux2.contactor.se [91.191.140.14]) by kluster1.contactor.se (8.13.8/8.13.8/Debian-3) with ESMTP id n7HHeG3o002387; Mon, 17 Aug 2009 19:40:16 +0200
Date: Mon, 17 Aug 2009 19:40:16 +0200
From: Daniel Stenberg <daniel@haxx.se>
X-X-Sender: dast@linux2.contactor.se
To: Adam Barth <ietf@adambarth.com>
In-Reply-To: <7789133a0908170853r5a81b84cu1308049256f51d2c@mail.gmail.com>
Message-ID: <alpine.DEB.2.00.0908171905040.24390@yvahk2.pbagnpgbe.fr>
References: <7789133a0908151008p35ff30e6w2761368fe70d41a6@mail.gmail.com> <alpine.DEB.2.00.0908152250410.18461@yvahk2.pbagnpgbe.fr> <7789133a0908151642w47c1dbf1x48268e657b0d71cc@mail.gmail.com> <alpine.DEB.2.00.0908161440520.25988@yvahk2.pbagnpgbe.fr> <7789133a0908161032l2265ce5fg966c434f1b05aa64@mail.gmail.com> <alpine.DEB.2.00.0908161952060.13789@yvahk2.pbagnpgbe.fr> <7789133a0908161131s5741d457q812b5e4213452054@mail.gmail.com> <alpine.DEB.2.00.0908162035140.13789@yvahk2.pbagnpgbe.fr> <4A889417.9020709@gmail.com> <alpine.DEB.2.00.0908170929100.22132@yvahk2.pbagnpgbe.fr> <7789133a0908170853r5a81b84cu1308049256f51d2c@mail.gmail.com>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] Updated draft
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2009 17:40:18 -0000
On Mon, 17 Aug 2009, Adam Barth wrote: > You're exactly right that servers are extremely fragile, especially with > regards to the cookie header. However, they won't break due to variations > in sort order issues because all the major browsers use the same sort order! If the path names aren't of identical lengths, yes. But Safari does it differently if they are - if I understood your mail correctly. And lots of cookies are bound to have the same path lengths. > There's a clear cost to not specifying the sort order: new implementations > that follow the spec will behave differently than all the major browsers. > However, you haven't articulated a reason why we ought not to specify the > sort order. My reason is quite simply because lots of existing "cookie clients" and "cookie servers" have no sorting at all. By saying sorting is necessary for cookie compliance, lots of client implementations are thus effectively made broken. This for an effect very few sites care about to the extent that I wasn't even aware of it until just a few days ago. I would MUCH rather that we claim those few rare server sides non-compliant. We would then have a section explaining that some broken sites would in the past depend on this sorted behavior that no spec ever mandated. I would claim that the share of HTTP clients that don't sort (this way) is larger than the share of HTTP sites that insist on cookies being sorted. But I don't have any numbers to back this up. But I'll drop this subject for now. -- / daniel.haxx.se
- [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Dan Winship
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Bil Corry
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Julian Reschke
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Bil Corry
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Julian Reschke
- Re: [http-state] Updated draft Anne van Kesteren
- Re: [http-state] Updated draft Julian Reschke
- Re: [http-state] Updated draft Adam Barth
- Re: [http-state] Updated draft Daniel Stenberg
- Re: [http-state] Updated draft Dan Winship
- Re: [http-state] Updated draft Anne van Kesteren
- Re: [http-state] Updated draft Daniel Stenberg