Re: [http-state] draft-ietf-httpstate-cookie-05 posted

"Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com> Mon, 15 March 2010 00:01 UTC

Return-Path: <yngve@opera.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D6D313A68B0 for <http-state@core3.amsl.com>; Sun, 14 Mar 2010 17:01:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.372
X-Spam-Level:
X-Spam-Status: No, score=-6.372 tagged_above=-999 required=5 tests=[AWL=0.227, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9J1SM6DnMr1q for <http-state@core3.amsl.com>; Sun, 14 Mar 2010 17:01:35 -0700 (PDT)
Received: from smtp.opera.com (smtp.opera.com [213.236.208.81]) by core3.amsl.com (Postfix) with ESMTP id 656F63A6807 for <http-state@ietf.org>; Sun, 14 Mar 2010 17:01:01 -0700 (PDT)
Received: from acorna.oslo.opera.com (pat-tdc.opera.com [213.236.208.22]) (authenticated bits=0) by smtp.opera.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o2F012CS014489 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 15 Mar 2010 00:01:06 GMT
Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes
To: http-state <http-state@ietf.org>, "Adam Barth" <ietf@adambarth.com>
References: <5c4444771003071050r3475798co95cc192d1f2e8190@mail.gmail.com>
Date: Mon, 15 Mar 2010 01:00:57 +0100
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
Organization: Opera Software AS
Message-ID: <op.u9k0zvitqrq7tp@acorna.oslo.opera.com>
In-Reply-To: <5c4444771003071050r3475798co95cc192d1f2e8190@mail.gmail.com>
User-Agent: Opera Mail/10.50 (Win32)
Subject: Re: [http-state] draft-ietf-httpstate-cookie-05 posted
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Mar 2010 00:01:36 -0000

On Sun, 07 Mar 2010 19:50:57 +0100, Adam Barth <ietf@adambarth.com> wrote:

> My understanding is that Monday is the deadline for uploading I-Ds
> before IETF77.  I've uploaded the latest version of the draft:
>
> http://www.ietf.org/id/draft-ietf-httpstate-cookie-05.txt
>
> If you're going to IETF77, this is the version of the draft that we'll
> be discussing.  Looking forward to seeing many of you there.

Yet another possible issue, not sure if it has been mentioned in the group  
before (I have discussed it with others off-list):

* cookie-name should not be allowed to start with "$". I would prefer a  
MUST NOT, but a SHOULD NOT might be sufficient.

Given that the $-prefix has long been chosen for use in Version 1+ cookies  
(the syntax is also included in RFC 2109) this rule should be included to  
inform site administrators about this use in future versions, and that  
their use of such names could cause problems.

I am aware of at least a few servers that have used cookie names that  
start with "$", the major cluster of them being located around one  
specific US-state.

-- 
Sincerely,
Yngve N. Pettersen

********************************************************************
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************