IETF Logo Mail Archive

[http-state] Goals for the UA conformance section (was Re: Updated draft)

Adam Barth <ietf@adambarth.com> Tue, 18 August 2009 07:28 UTC

Return-Path: <adam@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 036613A6A03 for <http-state@core3.amsl.com>; Tue, 18 Aug 2009 00:28:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.81
X-Spam-Level:
X-Spam-Status: No, score=-1.81 tagged_above=-999 required=5 tests=[AWL=0.167, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NNjOxdn4kLXU for <http-state@core3.amsl.com>; Tue, 18 Aug 2009 00:28:12 -0700 (PDT)
Received: from mail-vw0-f196.google.com (mail-vw0-f196.google.com [209.85.212.196]) by core3.amsl.com (Postfix) with ESMTP id 665FA3A6A90 for <http-state@ietf.org>; Tue, 18 Aug 2009 00:28:12 -0700 (PDT)
Received: by vws34 with SMTP id 34so3115639vws.31 for <http-state@ietf.org>; Tue, 18 Aug 2009 00:28:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.6.70 with SMTP id 6mr6202202vcy.73.1250580492156; Tue, 18 Aug 2009 00:28:12 -0700 (PDT)
From: Adam Barth <ietf@adambarth.com>
Date: Tue, 18 Aug 2009 00:27:52 -0700
Message-ID: <7789133a0908180027n644d8abcxc2327b6f2f6a475f@mail.gmail.com>
To: Daniel Stenberg <daniel@haxx.se>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: http-state <http-state@ietf.org>
Subject: [http-state] Goals for the UA conformance section (was Re: Updated draft)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2009 07:28:14 -0000

Daniel, I feel like we're having a some trouble communicating here.
Maybe we have different goals for the user agent conformance section.
Here is my goal:

* If I were to implement a new user agent as prescribed by the user
agent conformance section, that user agent would interoperate well
with existing servers.

Ideally, we would know precisely what compatibility trade-offs we're
making with each decision by knowing how many servers would break if
we made a different decision.  In practice, that's difficult to
measure, so we look at popular user agents to estimate how servers
behave.

In this case, the vast majority of user agents by usage / popularity /
market share (to wit, Internet Explorer, Firefox, Safari, Chrome, and
Opera) all behave the same way: they sort cookies in descending order
of path length.  If I were to implement a new user agent today, I
would certainly match these implementations and sort the header in the
same way.  Therefore, it seems clear that's what the user agent
conformance section should say.

Do you have a different goal for the user agent conformance section?

Adam


On Tue, Aug 18, 2009 at 12:13 AM, Daniel Stenberg<daniel@haxx.se> wrote:
> On Mon, 17 Aug 2009, Dan Winship wrote:
>
>>> I've browsed the Cookie: code for curl, wget, libsoup, pavuk, lftp and
>>> aria2. If I didn't miss anything, none of these cookie implementations
>>> sort the cookies as the browsers.
>>
>> You missed this in soup-cookie-jar.c:
>>
>>        /* FIXME: sort? */
>
> Actually I didn't. It instead convinced me that libsoup doesn't sort which
> was what I was curious about (and you hadn't mentioned). So I could in no
> time whip up six (6!) HTTP clients that support cookies that don't sort them
> in the Cookie: header. I think taken together they do represent a fair
> amount of current usage.
>
> FIXMEs or TODOs can be fixed in future releases for most software, that
> doesn't really change what is in use today, right now.
>
>> Be liberal in what you accept (clients MUST accept all date formats,
>> servers MUST accept cookies in any order) and conservative in what you send
>> (clients MUST send cookies in the recommended order, servers MUST send dates
>> in the recommended format).
>
> I think that servers MUST accept them in any order, but clients only SHOULD
> send them sorted like that (path len first then creation date).
>
> Uhm, come to think of it on the matter of creation dates: the older
> Firefox/Mozilla/Netscape cookie file format doesn't save the creation dates
> of cookies, only expiration dates. So surely they won't be able to send
> cookies in the correct order after a restart?
>
> --
>
>  / daniel.haxx.se
>

v2.23.0 | Report a Bug | By Email