IETF Logo Mail Archive

Re: [http-state] draft-ietf-httpstate-cookie-09 algorithm descriptions

Bjoern Hoehrmann <derhoermi@gmx.net> Sat, 17 July 2010 01:53 UTC

Return-Path: <derhoermi@gmx.net>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 994293A6407 for <http-state@core3.amsl.com>; Fri, 16 Jul 2010 18:53:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.346
X-Spam-Level:
X-Spam-Status: No, score=-1.346 tagged_above=-999 required=5 tests=[AWL=1.254, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rqIEOdj8cTzN for <http-state@core3.amsl.com>; Fri, 16 Jul 2010 18:53:48 -0700 (PDT)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id 9C30A3A6AE8 for <http-state@ietf.org>; Fri, 16 Jul 2010 18:53:47 -0700 (PDT)
Received: (qmail invoked by alias); 17 Jul 2010 01:53:58 -0000
Received: from dslb-094-223-187-140.pools.arcor-ip.net (EHLO hive) [94.223.187.140] by mail.gmx.net (mp028) with SMTP; 17 Jul 2010 03:53:58 +0200
X-Authenticated: #723575
X-Provags-ID: V01U2FsdGVkX18UotJ3DScUykLwTNX+ONrIzARKj2OX0KpM2rdY/x MAKeqcUIwm6qgT
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Julian Reschke <julian.reschke@gmx.de>
Date: Sat, 17 Jul 2010 03:53:57 +0200
Message-ID: <fk2246lv3fr2oh8bmeu4ikdvi38i1qj3m7@hive.bjoern.hoehrmann.de>
References: <4C3DB808.2060106@gmx.de> <AANLkTim2wZceufDwd8EPaqv6rhl1wXrUaolX0mxmGRQZ@mail.gmail.com> <4C3EFD4C.2070201@gmx.de> <AANLkTikB0WdJmUOFPw8fuy9eT6k9EYYiN04_StjeXqSb@mail.gmail.com> <4C3F38E5.1030403@gmx.de>
In-Reply-To: <4C3F38E5.1030403@gmx.de>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Y-GMX-Trusted: 0
Cc: "http-state@ietf.org" <http-state@ietf.org>
Subject: Re: [http-state] draft-ietf-httpstate-cookie-09 algorithm descriptions
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jul 2010 01:53:49 -0000

* Julian Reschke wrote:
>[Sending one Cookie header is better than sending no Cookie header?]

I agree with what Julian said on that.

>>>>> Also, do we have any evidence that servers actually use UTF-8 here?
>>>>
>>>> Nope.
>>>
>>> So maybe this statement should be dropped.
>>
>> That's been my opinion from the beginning.  However, you'll have to
>> convince the folks in the working group who advocated for this text to
>> be added.
>
>So please speak up...

We have octets in the Set-Cookie and Cookie headers and we have Unicode
code points in the `document.cookie` attribute. There needs to be a spe-
cification how to map between the octets and the code points or one that
makes that unnecessary or clearly point out that this is undefined.

The other day I used Wireshark to capture all traffic generated when my
http://cutycapt.sf.net/ tool loaded the Alexa top 1000 web sites, and
there was not a single instance where non-ASCII octets occured in either
the Cookie or Set-Cookie header in HTTP messages.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/

v2.23.0 | Report a Bug | By Email