[http-state] [Technical Errata Reported] RFC6265 (7604)
RFC Errata System <rfc-editor@rfc-editor.org> Tue, 15 August 2023 12:30 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: http-state@ietfa.amsl.com
Delivered-To: http-state@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00B2AC15155B for <http-state@ietfa.amsl.com>; Tue, 15 Aug 2023 05:30:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.468
X-Spam-Level:
X-Spam-Status: No, score=-4.468 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_SOFTFAIL=0.732, SPF_SOFTFAIL=0.665, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B1uQQTXHzN98 for <http-state@ietfa.amsl.com>; Tue, 15 Aug 2023 05:30:27 -0700 (PDT)
Received: from rfcpa.amsl.com (unknown [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EDBDC14CE45 for <http-state@ietf.org>; Tue, 15 Aug 2023 05:30:27 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 0BD71E7C4C; Tue, 15 Aug 2023 05:30:27 -0700 (PDT)
To: abarth@eecs.berkeley.edu, superuser@gmail.com, francesca.palombini@ericsson.com, Jeff.Hodges@kingsmountain.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: tedz2usa@gmail.com, http-state@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20230815123027.0BD71E7C4C@rfcpa.amsl.com>
Date: Tue, 15 Aug 2023 05:30:27 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-state/jmfvelzXOQxw3ybM9BW4-o4XbjM>
Subject: [http-state] [Technical Errata Reported] RFC6265 (7604)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-state/>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2023 12:30:32 -0000
The following errata report has been submitted for RFC6265, "HTTP State Management Mechanism". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7604 -------------------------------------- Type: Technical Reported by: Ted Zhu <tedz2usa@gmail.com> Section: 3. Overview Original Text ------------- User agents MAY ignore Set-Cookie headers contained in responses with 100-level status codes but MUST process Set-Cookie headers contained in other responses (including responses with 400- and 500-level status codes). Corrected Text -------------- Cookie-enabled user agents MAY ignore Set-Cookie headers contained in responses with 100-level status codes but MUST process Set-Cookie headers contained in other responses (including responses with 400- and 500-level status codes). Notes ----- The concern is that the sentence in its original form may be read to mean that all conforming user agents MUST process Set-Cookie headers contained in non 100-level responses, when, differing behavior is allowed as described in sections 5.2 and 7.2: Section 5.2, paragraph 1: "When a user agent receives a Set-Cookie header field in an HTTP response, the user agent MAY ignore the Set-Cookie header field in its entirety." Section 7.2, paragraph 2: "When cookies are disabled, ... the user agent MUST NOT process Set-Cookie headers in inbound HTTP responses." The suggested correction is one possible way to alleviate this erratum concern. However, the erratum author does not know if this is the most optimal disambiguation method. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6265 (draft-ietf-httpstate-cookie-23) -------------------------------------- Title : HTTP State Management Mechanism Publication Date : April 2011 Author(s) : A. Barth Category : PROPOSED STANDARD Source : HTTP State Management Mechanism Area : Applications Stream : IETF Verifying Party : IESG
- [http-state] [Technical Errata Reported] RFC6265 … RFC Errata System