IETF Logo Mail Archive

Re: [http-state] The Domain attribute (was Re: I-D Action:draft-ietf-httpstate-cookie-20.txt)

"Paul E. Jones" <paulej@packetizer.com> Fri, 07 January 2011 02:11 UTC

Return-Path: <paulej@packetizer.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C2DA53A6DF7 for <http-state@core3.amsl.com>; Thu, 6 Jan 2011 18:11:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.149
X-Spam-Level:
X-Spam-Status: No, score=-2.149 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, J_CHICKENPOX_73=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mzYqvec9P1Ae for <http-state@core3.amsl.com>; Thu, 6 Jan 2011 18:11:17 -0800 (PST)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by core3.amsl.com (Postfix) with ESMTP id A5A753A6DD2 for <http-state@ietf.org>; Thu, 6 Jan 2011 18:11:17 -0800 (PST)
Received: from sydney (rrcs-98-101-155-83.midsouth.biz.rr.com [98.101.155.83]) (authenticated bits=0) by dublin.packetizer.com (8.14.2/8.14.2) with ESMTP id p072DGmH001169 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 6 Jan 2011 21:13:22 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1294366402; bh=Tfw2FGLqp3KW47CO69AuZiiXsOUOWZc80LnHa1ZL1ZE=; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type:Content-Transfer-Encoding; b=GoEp2EBSDzRdQOlVePRDVHeZ1ysbSgrWJKQ5ACbMx2vGZTbZqkjCDhQyE3DcBZcZk iIzoNuaDIrraVJN7oKz1Wh2OyNRM8KyXnKSBMjX2udv2pofkIklFSkGd/SG6BFsejL 6WrPAft/r3PzUu0+RjEKoCk+0VxmJDH8FIbKFLuI=
From: "Paul E. Jones" <paulej@packetizer.com>
To: 'Adam Barth' <ietf@adambarth.com>
References: <AANLkTinK+2sfe4UZLKF5G0MLrQ6es2BfTHwtT769sgSM@mail.gmail.com> <07d501cbadf0$31e13470$95a39d50$@packetizer.com> <AANLkTi=M7ZW2FGtV6okTOswiS3sQPM8O07xhF6ifMwVK@mail.gmail.com>
In-Reply-To: <AANLkTi=M7ZW2FGtV6okTOswiS3sQPM8O07xhF6ifMwVK@mail.gmail.com>
Date: Thu, 06 Jan 2011 21:13:07 -0500
Message-ID: <081f01cbae10$706f6750$514e35f0$@packetizer.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQOsylhA7Jc/U76u6c6ZWuz0pv934QKw1aHPAkTKXpKP2sHOEA==
Content-Language: en-us
Cc: http-state@ietf.org
Subject: Re: [http-state] The Domain attribute (was Re: I-D Action:draft-ietf-httpstate-cookie-20.txt)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2011 02:11:18 -0000

Adam,

> > The empty string is also used in this example:
> > Set-Cookie: lang=; Expires=Sun, 06 Nov 1994 08:49:37 GMT
> 
> Why is that?  The "lang" attribute has not been defined, so the valid
> values for the lang attribute certainly haven't been defined.
> 
> > For this reason, this might be another area where we need to consider
> > a syntax change:
> > cookie-pair       = cookie-name "=" cookie-value cookie-name       =
> > token cookie-value      = token | ""
> >                         ^^^^^
> 
> I would not recommend that servers send empty attribute values.
> That's just asking for interoperability problems.

But, "lang" is sent in the above example as an empty string.  Thus, this
should be the definition of "cookie-value":
cookie-value      = token | ""

As the text is current written, I think this is illegal:
Set-Cookie: lang=; Expires=Sun, 06 Nov 1994 08:49:37 GMT

> > In any case, I don't have a strong preference and if the group wants
> > to change the syntax.  That's OK.  It just seems allowing an empty
> > string for "Domain" is more consistent with the text than not.
> 
> More consistent with what text?  The text in the User Agent Requirements
> section is for user agents and not for servers.  You're talking about
> what's useful for syntax for servers to generate.  It's not useful for
> servers to generate empty Domain attributes.  Instead of generating an
> empty Domain attribute, they ought to simply omit the Domain attribute.

OK, that's a good argument. :-)

Paul

v2.23.0 | Report a Bug | By Email