Re: [http-state] Conformance classes
Dan Winship <dan.winship@gmail.com> Wed, 16 December 2009 20:58 UTC
Return-Path: <dan.winship@gmail.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 98E223A6A03 for <http-state@core3.amsl.com>; Wed, 16 Dec 2009 12:58:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O0lHDi5Z6hvg for <http-state@core3.amsl.com>; Wed, 16 Dec 2009 12:58:18 -0800 (PST)
Received: from mysterion.org (mysterion.org [69.25.196.35]) by core3.amsl.com (Postfix) with ESMTP id A3F263A67EC for <http-state@ietf.org>; Wed, 16 Dec 2009 12:58:18 -0800 (PST)
Received: from x61.home.mysterion.org (155.99.117.91.static.mundo-r.com [91.117.99.155]) by mysterion.org (Postfix) with ESMTPA id 8B26C802AE; Wed, 16 Dec 2009 15:58:01 -0500 (EST)
Message-ID: <4B294986.8090100@gmail.com>
Date: Wed, 16 Dec 2009 21:56:38 +0100
From: Dan Winship <dan.winship@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4pre) Gecko/20090922 Fedora/3.0-3.9.b4.fc12 Thunderbird/3.0b4
MIME-Version: 1.0
To: Daniel Stenberg <daniel@haxx.se>
References: <7789133a0912141541n70180adchba637f96ae4daf8d@mail.gmail.com> <D99C38DD-B5DD-4D2F-842B-3CEBBC04E6B1@gbiv.com> <7789133a0912141924o48eccb5dme494f02df5c564f3@mail.gmail.com> <9FB343AF-838B-468B-8ED5-C3F8B7A4C8A9@gbiv.com> <7789133a0912142339r1b9fba24k231fd24a165040f@mail.gmail.com> <D6082C37-3553-48A1-BFB9-2788DE2F91B8@gbiv.com> <7789133a0912150121u5567d076ue2f95496ea05ce03@mail.gmail.com> <4EC7C553-2D72-456C-BF41-DCD010E99DED@gbiv.com> <7789133a0912151213r1f469154x4ca2ffe7e9920d58@mail.gmail.com> <alpine.DEB.2.00.0912152219340.20887@tvnag.unkk.fr> <7789133a0912151358i1d7e48b2s2b125e51884d87c3@mail.gmail.com> <alpine.DEB.2.00.0912152303410.20887@tvnag.unkk.fr> <188647A0-5178-4069-A6A7-D16997112F73@apple.com> <alpine.DEB.2.00.0912161355170.21529@tvnag.unkk.fr>
In-Reply-To: <alpine.DEB.2.00.0912161355170.21529@tvnag.unkk.fr>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] Conformance classes
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2009 20:58:19 -0000
On 12/16/2009 02:51 PM, Daniel Stenberg wrote: > I don't necessarily think that incoming must match outgoing, but if a > client is supposed to accept incoming Set-Cookie: headers given a > certain format, then that format is the legal one. The asymmetry in incoming vs outgoing is to deal with the fact that we know there are lots of bad servers out there, and there will almost certainly continue to be lots of bad servers out there after we publish the new spec, and so we want to explain to good clients how to deal with bad servers, but we don't want to encourage servers to be bad. That is, (as I see it) we're trying to define (a) a nice, clean grammar and semantics, and (b) a gross, nasty client-side processing model, such that: 1. If a server sends out Set-Cookie headers that conform to the nice grammar, and makes only the assumptions that are supported by the nice semantics, then we believe that that server will be compatible with essentially all cookie-handling HTTP clients, *even if those clients don't use the gross, nasty processing model*. 2. If a client uses the gross, nasty processing model, then we believe that that client will be compatible with essentially all cookie-sending HTTP servers, *even if those servers don't use the nice, clean grammar and semantics*. Another reason to want a clean grammar is that people might want to cite our new cookie RFC in the future (eg, if draft-broyer-http-cookie-auth or something like it gets started up again), and we want them to be citing something sane, not "cookies have names except when they don't, and here are the 17,000 date formats you should know how to parse". (We can even say explicitly that protocols that build on top of our spec MUST conform to the nice grammar and MUST NOT assume that clients will follow the nasty processing model.) As far as the rest of the spec goes, I think I'm fine now with having the nasty processing model be free of MUSTs and SHOULDs. It's not necessarily *the* cookie-processing model, it's just *a* cookie-processing model--one that we recommend because it's very good at dealing with lots of different broken servers, but if you don't care about all of those broken servers then you don't need to use all of the rules. -- Dan
- [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Roy T. Fielding
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Maciej Stachowiak
- Re: [http-state] Conformance classes Roy T. Fielding
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Maciej Stachowiak
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Julian Reschke
- Re: [http-state] Conformance classes Roy T. Fielding
- Re: [http-state] Conformance classes Maciej Stachowiak
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Maciej Stachowiak
- Re: [http-state] Conformance classes Julian Reschke
- Re: [http-state] Conformance classes David Morris
- Re: [http-state] Conformance classes Maciej Stachowiak
- Re: [http-state] Conformance classes Dan Witte
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Roy T. Fielding
- Re: [http-state] Conformance classes Maciej Stachowiak
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Daniel Stenberg
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Daniel Stenberg
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Roy T. Fielding
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Roy T. Fielding
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes David Morris
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Roy T. Fielding
- Re: [http-state] Conformance classes Maciej Stachowiak
- Re: [http-state] Conformance classes Daniel Stenberg
- Re: [http-state] Conformance classes Julian Reschke
- Re: [http-state] Conformance classes Adam Barth
- Re: [http-state] Conformance classes Daniel Stenberg
- Re: [http-state] Conformance classes Dan Winship