Re: [http-state] Updated draft

Adam Barth <ietf@adambarth.com> Mon, 17 August 2009 15:55 UTC

Return-Path: <adam@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7DA283A6E76 for <http-state@core3.amsl.com>; Mon, 17 Aug 2009 08:55:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.708
X-Spam-Level:
X-Spam-Status: No, score=-1.708 tagged_above=-999 required=5 tests=[AWL=0.019, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, URIBL_GREY=0.25]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WtHZkdfVfIte for <http-state@core3.amsl.com>; Mon, 17 Aug 2009 08:55:50 -0700 (PDT)
Received: from mail-vw0-f196.google.com (mail-vw0-f196.google.com [209.85.212.196]) by core3.amsl.com (Postfix) with ESMTP id E3D583A6B38 for <http-state@ietf.org>; Mon, 17 Aug 2009 08:55:49 -0700 (PDT)
Received: by vws34 with SMTP id 34so2668524vws.31 for <http-state@ietf.org>; Mon, 17 Aug 2009 08:55:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.103.135 with SMTP id k7mr4874353vco.59.1250524552357; Mon, 17 Aug 2009 08:55:52 -0700 (PDT)
In-Reply-To: <alpine.DEB.2.00.0908170929100.22132@yvahk2.pbagnpgbe.fr>
References: <7789133a0908151008p35ff30e6w2761368fe70d41a6@mail.gmail.com> <alpine.DEB.2.00.0908152250410.18461@yvahk2.pbagnpgbe.fr> <7789133a0908151642w47c1dbf1x48268e657b0d71cc@mail.gmail.com> <alpine.DEB.2.00.0908161440520.25988@yvahk2.pbagnpgbe.fr> <7789133a0908161032l2265ce5fg966c434f1b05aa64@mail.gmail.com> <alpine.DEB.2.00.0908161952060.13789@yvahk2.pbagnpgbe.fr> <7789133a0908161131s5741d457q812b5e4213452054@mail.gmail.com> <alpine.DEB.2.00.0908162035140.13789@yvahk2.pbagnpgbe.fr> <4A889417.9020709@gmail.com> <alpine.DEB.2.00.0908170929100.22132@yvahk2.pbagnpgbe.fr>
From: Adam Barth <ietf@adambarth.com>
Date: Mon, 17 Aug 2009 08:53:59 -0700
Message-ID: <7789133a0908170853r5a81b84cu1308049256f51d2c@mail.gmail.com>
To: Daniel Stenberg <daniel@haxx.se>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: http-state <http-state@ietf.org>
Subject: Re: [http-state] Updated draft
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2009 15:55:51 -0000

On Mon, Aug 17, 2009 at 12:37 AM, Daniel Stenberg<daniel@haxx.se> wrote:
> Yes, but similar to how the cookie definition covers what we estimate to be
> 99.6% of the cookie sites (for the 'expires' date format), we would cover a
> similar percentage of sites by not specifying the sort order.

The difference is specifying a robust date parser is very difficult
whereas specifying the sort order for the Cookie header is quite
simple.

> You both are claiming that only because the major browsers do something for
> 0.[something]% of the servers we need to have it specified while I would
> argue that it is enough for the spec to cover 99.[something]%.

Although 99% sounds like good coverage, we should keep in mind that
the 101rst most popular site (according to Alexa) is tagged.com, which
Alexa describes as "one of the top social networking sites in the
world."  In reality, browsers must be compatible with much more than
99% of we sites.

In fact, I think we should aim for 99.999% compatibility.  Although, I
would be happy if we're actually able to achieve 99.99%.  If you run
the numbers for a reasonable amount of daily browser usage, you can
actually use the browser for a reasonable amount of time before you
run into compatibility issues at that level.

> If sites depend on the exact sort order of one of these browsers, they could
> also easily break because the subtle differences in sort order they use so
> thus none of the browsers could claim to be 100% covering since they differ
> in implementations.

You're exactly right that servers are extremely fragile, especially
with regards to the cookie header.  However, they won't break due to
variations in sort order issues because all the major browsers use the
same sort order!

> But sure, let's leave this for now. I still won't agree that sort order
> should be defined until someone can come up with a good reason why it is
> there in the first place, or can present at least a small amount of actual
> server side users that break if this sorting isn't done.

There's a clear cost to not specifying the sort order: new
implementations that follow the spec will behave differently than all
the major browsers.  However, you haven't articulated a reason why we
ought not to specify the sort order.

Adam