Re: [http-state] parser rules of draft-ietf-httpstate-cookie-22

"Roy T. Fielding" <fielding@gbiv.com> Thu, 24 February 2011 01:00 UTC

Return-Path: <fielding@gbiv.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DA7DC3A6997 for <http-state@core3.amsl.com>; Wed, 23 Feb 2011 17:00:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JsH22a09HX0q for <http-state@core3.amsl.com>; Wed, 23 Feb 2011 17:00:59 -0800 (PST)
Received: from homiemail-a33.g.dreamhost.com (mailbigip.dreamhost.com [208.97.132.5]) by core3.amsl.com (Postfix) with ESMTP id E909C3A6960 for <http-state@ietf.org>; Wed, 23 Feb 2011 17:00:58 -0800 (PST)
Received: from homiemail-a33.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a33.g.dreamhost.com (Postfix) with ESMTP id 3B0CE594059; Wed, 23 Feb 2011 17:01:47 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gbiv.com; h=subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to; q=dns; s=gbiv.com; b=cq3aE93hjEikpI1s tCcINqZVHIPe5qT83rj2NwIPH5dr0WPg3YAnOtNmZvtdLzXqbhd1z641cl3uiNm2 VfF8A8DtqCiZ0hxXm1G1fFddh6P+Da+BHRsUmDpLi9SUcEjlD7r3b19I5lyUV0Ji EtFcCroRwD+LtzOkOipJnQF1o2c=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gbiv.com; h=subject :mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=gbiv.com; bh=byXRUw6HZIPetYTLjGSVJKAtc+U=; b=uzAguupHVZySYOakRB309Ax/RgQz PEInsLNXN3PaZcU0mkiRMhPYasd87t4miBaG/h+Sle1IYDEz3Zn89dY/7BLPtpX1 B/BaANP3IYGddaK2WtVQgnWHbTMkm6K99sw+Rnl/kDZwBRn3XOmZtuPQd57gYnqy S/QN5dKIaQNlnu0=
Received: from kiwi.corp.day.com (wsip-98-189-13-228.oc.oc.cox.net [98.189.13.228]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: fielding@gbiv.com) by homiemail-a33.g.dreamhost.com (Postfix) with ESMTPSA id 03887594058; Wed, 23 Feb 2011 17:01:46 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset=us-ascii
From: "Roy T. Fielding" <fielding@gbiv.com>
In-Reply-To: <4D6590F4.6010505@stpeter.im>
Date: Wed, 23 Feb 2011 17:01:51 -0800
Content-Transfer-Encoding: 7bit
Message-Id: <94DA5CF6-88AB-43BD-99AE-921BCA98C7A3@gbiv.com>
References: <20110204184735.26023.qmail@mm01.prod.mesa1.secureserver.net> <AANLkTi=qBVkGwMHqAidtwP5_A8pPrF-Y9MV4jgYS5_QM@mail.gmail.com> <7384878F-C44A-42A4-9694-1BB1C18AA5E6@gbiv.com> <AANLkTinFq7bE_e3SSgdjuFvZ8hGn1xy4Hc1VKwc=vp1D@mail.gmail.com> <49225418-A1AF-4299-8C4F-2E608D34265D@gbiv.com> <AANLkTimrJF3LFR4t4j=U2L33kFh+wf-R=sjjwexcmyPi@mail.gmail.com> <26240DE2-4DD3-4863-81B1-635D34BA4AE4@gbiv.com> <AANLkTikzB=VORtn7xiG2JY8ymTjk4epC9huZTC-s0nzq@mail.gmail.com> <4D5AEE94.6010303@gmx.de> <AANLkTimkmZ99qDcXB6=-PGtXq6WQ7+RSreRwsBAHryEj@mail.gmail.com> <DA7A626A-9613-4A49-8A46-8096F7F465B4@gbiv.com> <AANLkTi=aX26NgDx3J0zk6a6H-Fg-9hyuBhfwvVW5nBiH@mail.gmail.com> <AANLkTinnySHEXvaQSxoUAKNaPWThDWdJwnhvCdVfa5Vr@mail.gmail.com> <1E7DE6DF-864A-48AF-B9A3-698DEF4B3B2D@gbiv.com> <4D6590F4.6010505@stpeter.im>
To: Peter Saint-Andre <stpeter@stpeter.im>
X-Mailer: Apple Mail (2.1082)
Cc: http-state <http-state@ietf.org>, iesg@iesg.org
Subject: Re: [http-state] parser rules of draft-ietf-httpstate-cookie-22
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Feb 2011 01:01:00 -0000

On Feb 23, 2011, at 2:57 PM, Peter Saint-Andre wrote:
> On 2/23/11 3:07 PM, Roy T. Fielding wrote:
> 
> <snip/>
> 
>> Therefore, I would like you to change the ABNF so that it
>> reflects the reality of (Set-)Cookie usage on the Internet,
>> for the same reason that you have insisted the algorithm
>> for user agent parsing reflects reality.  Changing the ABNF
>> to include base64 does not do that -- it is just another
>> fantasy production that differs from all prior specs of
>> the cookie algorithm.  Changing it to
>> 
>> cookie-value      = %x21-2B / %x2D-3A / %x3C-7E / %x80-FF
>> 
>> or just the minimum
>> 
>> cookie-value      = %x21-2B / %x2D-3A / %x3C-7E
> 
> Hi Roy,
> 
> The latter seems fine, and in conversation with Adam he indicated to me
> that he would not object to such a change.

Okay by me.

> However, I see no reason to include characters from the Unicode range
> U+0080 to U+00FF in cookie-value. Among other reasons, characters above
> U-00A1 would introduce the need for internationalization considerations
> of the kind that have derailed many a standardization effort (e.g., in
> Unicode U+00BE undergoes compatibility decomposition). Let's avoid that
> can of worms if at all possible...

According to the cookie protocol, the value is not characters:
they are just opaque octets.  Generally speaking, i18n considerations
do not apply to opaque OCTETs, though I have no reason to object to such
an exclusion because it is consistent with httpbis recommendation to
avoid the use of %x80-FF in any HTTP header fields.  I do not know
of any use in practice.

....Roy