Re: [http-state] Updated draft

Adam Barth <ietf@adambarth.com> Mon, 17 August 2009 18:50 UTC

Return-Path: <adam@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0B36F3A6B24 for <http-state@core3.amsl.com>; Mon, 17 Aug 2009 11:50:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.796
X-Spam-Level:
X-Spam-Status: No, score=-1.796 tagged_above=-999 required=5 tests=[AWL=0.181, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GbiI4eswXz1x for <http-state@core3.amsl.com>; Mon, 17 Aug 2009 11:50:54 -0700 (PDT)
Received: from mail-vw0-f196.google.com (mail-vw0-f196.google.com [209.85.212.196]) by core3.amsl.com (Postfix) with ESMTP id 456CF3A6A4A for <http-state@ietf.org>; Mon, 17 Aug 2009 11:50:54 -0700 (PDT)
Received: by vws34 with SMTP id 34so2775304vws.31 for <http-state@ietf.org>; Mon, 17 Aug 2009 11:50:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.103.135 with SMTP id k7mr5190973vco.59.1250535057099; Mon, 17 Aug 2009 11:50:57 -0700 (PDT)
In-Reply-To: <alpine.DEB.2.00.0908171905040.24390@yvahk2.pbagnpgbe.fr>
References: <7789133a0908151008p35ff30e6w2761368fe70d41a6@mail.gmail.com> <alpine.DEB.2.00.0908161440520.25988@yvahk2.pbagnpgbe.fr> <7789133a0908161032l2265ce5fg966c434f1b05aa64@mail.gmail.com> <alpine.DEB.2.00.0908161952060.13789@yvahk2.pbagnpgbe.fr> <7789133a0908161131s5741d457q812b5e4213452054@mail.gmail.com> <alpine.DEB.2.00.0908162035140.13789@yvahk2.pbagnpgbe.fr> <4A889417.9020709@gmail.com> <alpine.DEB.2.00.0908170929100.22132@yvahk2.pbagnpgbe.fr> <7789133a0908170853r5a81b84cu1308049256f51d2c@mail.gmail.com> <alpine.DEB.2.00.0908171905040.24390@yvahk2.pbagnpgbe.fr>
From: Adam Barth <ietf@adambarth.com>
Date: Mon, 17 Aug 2009 11:50:37 -0700
Message-ID: <7789133a0908171150q4775ef90m3753536426e3f781@mail.gmail.com>
To: Daniel Stenberg <daniel@haxx.se>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] Updated draft
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2009 18:50:55 -0000

On Mon, Aug 17, 2009 at 10:40 AM, Daniel Stenberg<daniel@haxx.se> wrote:
> My reason is quite simply because lots of existing "cookie clients" and
> "cookie servers" have no sorting at all. By saying sorting is necessary for
> cookie compliance, lots of client implementations are thus effectively made
> broken.

I don't see why that matters.  I can sit in my basement and write 1000
cookie implementations that no one uses and it doesn't matter whether
we declare them non-compliant.

> This for an effect very few sites care about to the extent that I wasn't
> even aware of it until just a few days ago. I would MUCH rather that we
> claim those few rare server sides non-compliant. We would then have a
> section explaining that some broken sites would in the past depend on this
> sorted behavior that no spec ever mandated.

These site are non-complaint.  We're discussing the user agent
conformance section.  User agents need to know how to deal with broken
sites in an interoperable manner.

If you like, we can add a requirement to the server conformance
section admonishing servers not to depend on this behavior.

> I would claim that the share of HTTP clients that don't sort (this way) is
> larger than the share of HTTP sites that insist on cookies being sorted. But
> I don't have any numbers to back this up.

Comparing those quantities is irrelevant.

> But I'll drop this subject for now.

Ok.

Adam