Re: [http-state] Conformance classes
Dan Winship <dan.winship@gmail.com> Wed, 16 December 2009 20:58 UTC
Return-Path: <dan.winship@gmail.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 98E223A6A03 for <http-state@core3.amsl.com>; Wed, 16 Dec 2009 12:58:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O0lHDi5Z6hvg for <http-state@core3.amsl.com>; Wed, 16 Dec 2009 12:58:18 -0800 (PST)
Received: from mysterion.org (mysterion.org [69.25.196.35]) by core3.amsl.com (Postfix) with ESMTP id A3F263A67EC for <http-state@ietf.org>; Wed, 16 Dec 2009 12:58:18 -0800 (PST)
Received: from x61.home.mysterion.org (155.99.117.91.static.mundo-r.com [91.117.99.155]) by mysterion.org (Postfix) with ESMTPA id 8B26C802AE; Wed, 16 Dec 2009 15:58:01 -0500 (EST)
Message-ID: <4B294986.8090100@gmail.com>
Date: Wed, 16 Dec 2009 21:56:38 +0100
From: Dan Winship <dan.winship@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4pre) Gecko/20090922 Fedora/3.0-3.9.b4.fc12 Thunderbird/3.0b4
MIME-Version: 1.0
To: Daniel Stenberg <daniel@haxx.se>
References: <7789133a0912141541n70180adchba637f96ae4daf8d@mail.gmail.com> <D99C38DD-B5DD-4D2F-842B-3CEBBC04E6B1@gbiv.com> <7789133a0912141924o48eccb5dme494f02df5c564f3@mail.gmail.com> <9FB343AF-838B-468B-8ED5-C3F8B7A4C8A9@gbiv.com> <7789133a0912142339r1b9fba24k231fd24a165040f@mail.gmail.com> <D6082C37-3553-48A1-BFB9-2788DE2F91B8@gbiv.com> <7789133a0912150121u5567d076ue2f95496ea05ce03@mail.gmail.com> <4EC7C553-2D72-456C-BF41-DCD010E99DED@gbiv.com> <7789133a0912151213r1f469154x4ca2ffe7e9920d58@mail.gmail.com> <alpine.DEB.2.00.0912152219340.20887@tvnag.unkk.fr> <7789133a0912151358i1d7e48b2s2b125e51884d87c3@mail.gmail.com> <alpine.DEB.2.00.0912152303410.20887@tvnag.unkk.fr> <188647A0-5178-4069-A6A7-D16997112F73@apple.com> <alpine.DEB.2.00.0912161355170.21529@tvnag.unkk.fr>
In-Reply-To: <alpine.DEB.2.00.0912161355170.21529@tvnag.unkk.fr>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] Conformance classes
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2009 20:58:19 -0000
On 12/16/2009 02:51 PM, Daniel Stenberg wrote:
> I don't necessarily think that incoming must match outgoing, but if a
> client is supposed to accept incoming Set-Cookie: headers given a
> certain format, then that format is the legal one.
The asymmetry in incoming vs outgoing is to deal with the fact that we
know there are lots of bad servers out there, and there will almost
certainly continue to be lots of bad servers out there after we publish
the new spec, and so we want to explain to good clients how to deal with
bad servers, but we don't want to encourage servers to be bad.
That is, (as I see it) we're trying to define (a) a nice, clean grammar
and semantics, and (b) a gross, nasty client-side processing model, such
that:
1. If a server sends out Set-Cookie headers that conform to the
nice grammar, and makes only the assumptions that are supported
by the nice semantics, then we believe that that server will be
compatible with essentially all cookie-handling HTTP clients,
*even if those clients don't use the gross, nasty processing
model*.
2. If a client uses the gross, nasty processing model, then we
believe that that client will be compatible with essentially all
cookie-sending HTTP servers, *even if those servers don't use
the nice, clean grammar and semantics*.
Another reason to want a clean grammar is that people might want to cite
our new cookie RFC in the future (eg, if draft-broyer-http-cookie-auth
or something like it gets started up again), and we want them to be
citing something sane, not "cookies have names except when they don't,
and here are the 17,000 date formats you should know how to parse". (We
can even say explicitly that protocols that build on top of our spec
MUST conform to the nice grammar and MUST NOT assume that clients will
follow the nasty processing model.)
As far as the rest of the spec goes, I think I'm fine now with having
the nasty processing model be free of MUSTs and SHOULDs. It's not
necessarily *the* cookie-processing model, it's just *a*
cookie-processing model--one that we recommend because it's very good at
dealing with lots of different broken servers, but if you don't care
about all of those broken servers then you don't need to use all of the
rules.
-- Dan
- [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Roy T. Fielding
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Maciej Stachowiak
- Re: [http-state] Conformance classes Roy T. Fielding
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Maciej Stachowiak
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Julian Reschke
- Re: [http-state] Conformance classes Roy T. Fielding
- Re: [http-state] Conformance classes Maciej Stachowiak
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Maciej Stachowiak
- Re: [http-state] Conformance classes Julian Reschke
- Re: [http-state] Conformance classes David Morris
- Re: [http-state] Conformance classes Maciej Stachowiak
- Re: [http-state] Conformance classes Dan Witte
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Roy T. Fielding
- Re: [http-state] Conformance classes Maciej Stachowiak
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Daniel Stenberg
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Daniel Stenberg
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Roy T. Fielding
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Roy T. Fielding
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes David Morris
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Roy T. Fielding
- Re: [http-state] Conformance classes Maciej Stachowiak
- Re: [http-state] Conformance classes Daniel Stenberg
- Re: [http-state] Conformance classes Julian Reschke
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Daniel Stenberg
- Re: [http-state] Conformance classes Dan Winship