Re: [http-state] draft-ietf-httpstate-cookie-09 algorithm descriptions
Adam Barth <ietf@adambarth.com> Sat, 17 July 2010 17:10 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 02B503A68F3 for <http-state@core3.amsl.com>; Sat, 17 Jul 2010 10:10:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.737
X-Spam-Level:
X-Spam-Status: No, score=-1.737 tagged_above=-999 required=5 tests=[AWL=0.240, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SQD-kH+EGgwb for <http-state@core3.amsl.com>; Sat, 17 Jul 2010 10:10:54 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 281673A6885 for <http-state@ietf.org>; Sat, 17 Jul 2010 10:10:54 -0700 (PDT)
Received: by iwn38 with SMTP id 38so3439079iwn.31 for <http-state@ietf.org>; Sat, 17 Jul 2010 10:11:06 -0700 (PDT)
Received: by 10.231.203.15 with SMTP id fg15mr2278473ibb.187.1279386665540; Sat, 17 Jul 2010 10:11:05 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id h8sm15594520ibk.9.2010.07.17.10.11.04 (version=SSLv3 cipher=RC4-MD5); Sat, 17 Jul 2010 10:11:04 -0700 (PDT)
Received: by iwn38 with SMTP id 38so3439052iwn.31 for <http-state@ietf.org>; Sat, 17 Jul 2010 10:11:03 -0700 (PDT)
Received: by 10.231.14.137 with SMTP id g9mr2618957iba.183.1279386663455; Sat, 17 Jul 2010 10:11:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.143.145 with HTTP; Sat, 17 Jul 2010 10:10:43 -0700 (PDT)
In-Reply-To: <fk2246lv3fr2oh8bmeu4ikdvi38i1qj3m7@hive.bjoern.hoehrmann.de>
References: <4C3DB808.2060106@gmx.de> <AANLkTim2wZceufDwd8EPaqv6rhl1wXrUaolX0mxmGRQZ@mail.gmail.com> <4C3EFD4C.2070201@gmx.de> <AANLkTikB0WdJmUOFPw8fuy9eT6k9EYYiN04_StjeXqSb@mail.gmail.com> <4C3F38E5.1030403@gmx.de> <fk2246lv3fr2oh8bmeu4ikdvi38i1qj3m7@hive.bjoern.hoehrmann.de>
From: Adam Barth <ietf@adambarth.com>
Date: Sat, 17 Jul 2010 10:10:43 -0700
Message-ID: <AANLkTimR7gCad2Sc2bCk5TzuHOE2458Vlex1gS9oypno@mail.gmail.com>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "http-state@ietf.org" <http-state@ietf.org>
Subject: Re: [http-state] draft-ietf-httpstate-cookie-09 algorithm descriptions
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jul 2010 17:10:56 -0000
On Fri, Jul 16, 2010 at 6:53 PM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote: > * Julian Reschke wrote: >>[Sending one Cookie header is better than sending no Cookie header?] > > I agree with what Julian said on that. > >>>>>> Also, do we have any evidence that servers actually use UTF-8 here? >>>>> >>>>> Nope. >>>> >>>> So maybe this statement should be dropped. >>> >>> That's been my opinion from the beginning. However, you'll have to >>> convince the folks in the working group who advocated for this text to >>> be added. >> >>So please speak up... > > We have octets in the Set-Cookie and Cookie headers and we have Unicode > code points in the `document.cookie` attribute. There needs to be a spe- > cification how to map between the octets and the code points or one that > makes that unnecessary or clearly point out that this is undefined. > > The other day I used Wireshark to capture all traffic generated when my > http://cutycapt.sf.net/ tool loaded the Alexa top 1000 web sites, and > there was not a single instance where non-ASCII octets occured in either > the Cookie or Set-Cookie header in HTTP messages. Indeed. This is the very definition of a tempest in a teapot. 1) This doesn't occur in practice. 2) If it did occur, it would only be observable via an API that is not contained in this document. 3) If such APIs care, they can define how to translate octets to characters. 4) We give a hint to the folks defining those APIs so they'll hopefully do something reasonable. I don't see that there's anything more for us to do here. Adam
- [http-state] draft-ietf-httpstate-cookie-09 algor… Julian Reschke
- Re: [http-state] draft-ietf-httpstate-cookie-09 a… Adam Barth
- Re: [http-state] draft-ietf-httpstate-cookie-09 a… Julian Reschke
- Re: [http-state] draft-ietf-httpstate-cookie-09 a… Adam Barth
- Re: [http-state] draft-ietf-httpstate-cookie-09 a… Julian Reschke
- Re: [http-state] draft-ietf-httpstate-cookie-09 a… Bjoern Hoehrmann
- Re: [http-state] draft-ietf-httpstate-cookie-09 a… Adam Barth
- Re: [http-state] draft-ietf-httpstate-cookie-09 a… Adam Barth
- Re: [http-state] draft-ietf-httpstate-cookie-09 a… Peter Saint-Andre