[http-state] Goals for the UA conformance section (was Re: Updated draft)
Adam Barth <ietf@adambarth.com> Tue, 18 August 2009 07:28 UTC
Return-Path: <adam@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 036613A6A03 for <http-state@core3.amsl.com>; Tue, 18 Aug 2009 00:28:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.81
X-Spam-Level:
X-Spam-Status: No, score=-1.81 tagged_above=-999 required=5 tests=[AWL=0.167, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NNjOxdn4kLXU for <http-state@core3.amsl.com>; Tue, 18 Aug 2009 00:28:12 -0700 (PDT)
Received: from mail-vw0-f196.google.com (mail-vw0-f196.google.com [209.85.212.196]) by core3.amsl.com (Postfix) with ESMTP id 665FA3A6A90 for <http-state@ietf.org>; Tue, 18 Aug 2009 00:28:12 -0700 (PDT)
Received: by vws34 with SMTP id 34so3115639vws.31 for <http-state@ietf.org>; Tue, 18 Aug 2009 00:28:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.6.70 with SMTP id 6mr6202202vcy.73.1250580492156; Tue, 18 Aug 2009 00:28:12 -0700 (PDT)
From: Adam Barth <ietf@adambarth.com>
Date: Tue, 18 Aug 2009 00:27:52 -0700
Message-ID: <7789133a0908180027n644d8abcxc2327b6f2f6a475f@mail.gmail.com>
To: Daniel Stenberg <daniel@haxx.se>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: http-state <http-state@ietf.org>
Subject: [http-state] Goals for the UA conformance section (was Re: Updated draft)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2009 07:28:14 -0000
Daniel, I feel like we're having a some trouble communicating here. Maybe we have different goals for the user agent conformance section. Here is my goal: * If I were to implement a new user agent as prescribed by the user agent conformance section, that user agent would interoperate well with existing servers. Ideally, we would know precisely what compatibility trade-offs we're making with each decision by knowing how many servers would break if we made a different decision. In practice, that's difficult to measure, so we look at popular user agents to estimate how servers behave. In this case, the vast majority of user agents by usage / popularity / market share (to wit, Internet Explorer, Firefox, Safari, Chrome, and Opera) all behave the same way: they sort cookies in descending order of path length. If I were to implement a new user agent today, I would certainly match these implementations and sort the header in the same way. Therefore, it seems clear that's what the user agent conformance section should say. Do you have a different goal for the user agent conformance section? Adam On Tue, Aug 18, 2009 at 12:13 AM, Daniel Stenberg<daniel@haxx.se> wrote: > On Mon, 17 Aug 2009, Dan Winship wrote: > >>> I've browsed the Cookie: code for curl, wget, libsoup, pavuk, lftp and >>> aria2. If I didn't miss anything, none of these cookie implementations >>> sort the cookies as the browsers. >> >> You missed this in soup-cookie-jar.c: >> >> /* FIXME: sort? */ > > Actually I didn't. It instead convinced me that libsoup doesn't sort which > was what I was curious about (and you hadn't mentioned). So I could in no > time whip up six (6!) HTTP clients that support cookies that don't sort them > in the Cookie: header. I think taken together they do represent a fair > amount of current usage. > > FIXMEs or TODOs can be fixed in future releases for most software, that > doesn't really change what is in use today, right now. > >> Be liberal in what you accept (clients MUST accept all date formats, >> servers MUST accept cookies in any order) and conservative in what you send >> (clients MUST send cookies in the recommended order, servers MUST send dates >> in the recommended format). > > I think that servers MUST accept them in any order, but clients only SHOULD > send them sorted like that (path len first then creation date). > > Uhm, come to think of it on the matter of creation dates: the older > Firefox/Mozilla/Netscape cookie file format doesn't save the creation dates > of cookies, only expiration dates. So surely they won't be able to send > cookies in the correct order after a restart? > > -- > > / daniel.haxx.se >
- [http-state] Goals for the UA conformance section… Adam Barth
- Re: [http-state] Goals for the UA conformance sec… Daniel Stenberg
- Re: [http-state] Goals for the UA conformance sec… Anne van Kesteren
- Re: [http-state] Goals for the UA conformance sec… Daniel Stenberg
- Re: [http-state] Goals for the UA conformance sec… Julian Reschke
- Re: [http-state] Goals for the UA conformance sec… Anne van Kesteren
- Re: [http-state] Goals for the UA conformance sec… Dan Winship
- Re: [http-state] Goals for the UA conformance sec… Julian Reschke
- Re: [http-state] Goals for the UA conformance sec… Anne van Kesteren
- Re: [http-state] Goals for the UA conformance sec… Adam Barth
- Re: [http-state] Goals for the UA conformance sec… Bil Corry
- [http-state] Charter feedback Anne van Kesteren
- Re: [http-state] Goals for the UA conformance sec… Ian Hickson
- Re: [http-state] Goals for the UA conformance sec… Ian Hickson
- Re: [http-state] Goals for the UA conformance sec… Daniel Stenberg
- Re: [http-state] Goals for the UA conformance sec… Dan Winship
- Re: [http-state] Goals for the UA conformance sec… Daniel Stenberg
- Re: [http-state] Goals for the UA conformance sec… Adam Barth
- Re: [http-state] Goals for the UA conformance sec… Dan Winship