Re: [http-state] Is this an omission in the parser rules of draft-ietf-httpstate-cookie-21?

"Remy Lebeau" <remy@lebeausoftware.org> Sat, 05 February 2011 00:20 UTC

Return-Path: <remy@lebeausoftware.org>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 203F33A6802 for <http-state@core3.amsl.com>; Fri, 4 Feb 2011 16:20:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4-VFyqxTWAx2 for <http-state@core3.amsl.com>; Fri, 4 Feb 2011 16:20:35 -0800 (PST)
Received: from smtpoutwbe01.prod.mesa1.secureserver.net (smtpoutwbe01.prod.mesa1.secureserver.net [208.109.78.112]) by core3.amsl.com (Postfix) with SMTP id 1FA893A67D1 for <http-state@ietf.org>; Fri, 4 Feb 2011 16:20:34 -0800 (PST)
Received: (qmail 27463 invoked from network); 5 Feb 2011 00:24:00 -0000
Received: from unknown (HELO mm02.prod.mesa1.secureserver.net) (208.109.138.2) by smtpoutwbe01.prod.mesa1.secureserver.net with SMTP; 5 Feb 2011 00:24:00 -0000
Received: (qmail 1839 invoked by uid 99); 5 Feb 2011 00:24:00 -0000
Message-ID: <20110205002400.1838.qmail@mm02.prod.mesa1.secureserver.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_0188ccfc4adb5fd94c63a383bc4ba471"
Message_ID: <20110204172400.f00013ceab8fb1928885c5c172fbfd4a.809d4e4026.wbe@mobilemail.secureserver.net>
From: "Remy Lebeau" <remy@lebeausoftware.org>
To: ietf@adambarth.com, http-state@ietf.org
Date: Fri, 04 Feb 2011 17:24:00 -0700
X-Originating-IP: 76.93.119.83
Subject: Re: [http-state] Is this an omission in the parser rules of draft-ietf-httpstate-cookie-21?
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Feb 2011 00:20:36 -0000

-------- Original Message --------
Subject: Re: [http-state] Is this an omission in the parser rules of
draft-ietf-httpstate-cookie-21?
From: Adam Barth <ietf@adambarth.com>;
Date: Fri, February 04, 2011 11:29 am
To: "Roy T. Fielding" <fielding@gbiv.com>;
Cc: Remy Lebeau <remy@lebeausoftware.org>;, http-state@ietf.org

> The grammar is not used for parsing.  Parsing
> is defined in Section 5, not Section 4.

Section 5 describes how to parse Set-Cookie headers. RFC 2109 grammer
(and real-world use, which you seem to deny exists) for Set-Cookie
headers specifically defines both cookie values and attribute values as
being a "value" type, which is defined as follows:

   value           =       word
   word            =       token | quoted-string

Why can't Section 5 be updated to allow parsing of quoted-string values?
They ARE in use in the real world! They ARE NOT opaque in attribute
values. They are grammar elements that some servers really do use, and
should be parsed as such. I think Section 5 needs to adopt RFC 2109's
definition of the "value" and/or "word" type, instead of using "token"
exclusively.