Re: [http-state] {Dangerous Content?} I-D Action:draft-ietf-httpstate-cookie-03.txt

Adam Barth <ietf@adambarth.com> Tue, 23 February 2010 16:07 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 60D9628C2D6 for <http-state@core3.amsl.com>; Tue, 23 Feb 2010 08:07:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.877
X-Spam-Level:
X-Spam-Status: No, score=-1.877 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JgLJLciMzXQV for <http-state@core3.amsl.com>; Tue, 23 Feb 2010 08:07:42 -0800 (PST)
Received: from mail-yx0-f188.google.com (mail-yx0-f188.google.com [209.85.210.188]) by core3.amsl.com (Postfix) with ESMTP id 411EA28C2B2 for <http-state@ietf.org>; Tue, 23 Feb 2010 08:07:42 -0800 (PST)
Received: by yxe26 with SMTP id 26so568544yxe.29 for <http-state@ietf.org>; Tue, 23 Feb 2010 08:09:44 -0800 (PST)
Received: by 10.150.2.2 with SMTP id 2mr306406ybb.227.1266941383953; Tue, 23 Feb 2010 08:09:43 -0800 (PST)
Received: from mail-iw0-f191.google.com (mail-iw0-f191.google.com [209.85.223.191]) by mx.google.com with ESMTPS id 20sm285221yxe.3.2010.02.23.08.09.41 (version=SSLv3 cipher=RC4-MD5); Tue, 23 Feb 2010 08:09:42 -0800 (PST)
Received: by iwn29 with SMTP id 29so2338304iwn.31 for <http-state@ietf.org>; Tue, 23 Feb 2010 08:09:41 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.167.135 with SMTP id q7mr224292iby.84.1266941381089; Tue, 23 Feb 2010 08:09:41 -0800 (PST)
In-Reply-To: <4B8389C3.1080903@securenet.de>
References: <20100213080001.D07A03A73C7@core3.amsl.com> <4B8389C3.1080903@securenet.de>
From: Adam Barth <ietf@adambarth.com>
Date: Tue, 23 Feb 2010 08:09:21 -0800
Message-ID: <5c4444771002230809u11efe9dbj7032a8a8a2b73745@mail.gmail.com>
To: Achim Hoffmann <ah@securenet.de>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: http-state@ietf.org
Subject: Re: [http-state] {Dangerous Content?} I-D Action:draft-ietf-httpstate-cookie-03.txt
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2010 16:07:43 -0000

I'm not sure I understand your message.  We haven't agreed what the
text of that section should say yet.  We're tracking the issue with
http://trac.tools.ietf.org/wg/httpstate/trac/ticket/5.  The TODOs are
for things I can do myself (e.g., adding examples).

Adam


On Mon, Feb 22, 2010 at 11:54 PM, Achim Hoffmann <ah@securenet.de> wrote:
> The section
>  5.4.  The Cookie Header
>      2.  Sort the cookie-list in the following order:
>
> seems to be incmplete (missing the [TODO: ...] comment :)
>
> Should I comment on that in detail in the other thread?
>  Subject: [http-state] Summary of discussion of Ticket 5 (Cookie ordering)
>
> Achim
>
> Internet-Drafts@ietf.org wrote on 13.02.2010 09:00:
>
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>> This draft is a work item of the HTTP State Management Mechanism Working Group of the IETF.
>>
>>
>>       Title           : HTTP State Management Mechanism
>>       Author(s)       : A. Barth
>>       Filename        : draft-ietf-httpstate-cookie-03.txt
>>       Pages           : 29
>>       Date            : 2010-02-12
>>
>> This document defines the HTTP Cookie and Set-Cookie headers.  These
>> headers can be used by HTTP servers to store state on HTTP user
>> agents, letting the servers maintain a stateful session over the
>> mostly stateless HTTP protocol.  The cookie protocol has many
>> historical infelicities and should be avoided for new applications of
>> HTTP.
>>
>>
>> NOTE: If you have suggestions for improving the draft, please send
>>
>> email to http-state@ietf.org.  Suggestions with test cases are
>>
>> especially appreciated.
>>
>> A URL for this Internet-Draft is:
>> http://www.ietf.org/internet-drafts/draft-ietf-httpstate-cookie-03.txt
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>
>
> Subject: [http-state] Summary of discussion of Ticket 5 (Cookie ordering)
>
> _______________________________________________
> http-state mailing list
> http-state@ietf.org
> https://www.ietf.org/mailman/listinfo/http-state
>