Re: [http-state] Welcome to http-state
"Adam Barth" <ietf@adambarth.com> Mon, 12 January 2009 22:51 UTC
Return-Path: <http-state-bounces@ietf.org>
X-Original-To: http-state-archive@ietf.org
Delivered-To: ietfarch-http-state-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9EA1B3A67EA; Mon, 12 Jan 2009 14:51:10 -0800 (PST)
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B1F53A6835 for <http-state@core3.amsl.com>; Mon, 12 Jan 2009 14:51:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bBkmCHZpSn4Z for <http-state@core3.amsl.com>; Mon, 12 Jan 2009 14:51:09 -0800 (PST)
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.185]) by core3.amsl.com (Postfix) with ESMTP id 3F5643A67C0 for <http-state@ietf.org>; Mon, 12 Jan 2009 14:51:08 -0800 (PST)
Received: by nf-out-0910.google.com with SMTP id b11so2000625nfh.39 for <http-state@ietf.org>; Mon, 12 Jan 2009 14:50:53 -0800 (PST)
Received: by 10.210.16.17 with SMTP id 17mr11688242ebp.181.1231800652947; Mon, 12 Jan 2009 14:50:52 -0800 (PST)
Received: by 10.210.18.3 with HTTP; Mon, 12 Jan 2009 14:50:52 -0800 (PST)
Message-ID: <7789133a0901121450g6a721b73o9bee45e70079c05b@mail.gmail.com>
Date: Mon, 12 Jan 2009 14:50:52 -0800
From: Adam Barth <ietf@adambarth.com>
To: Discuss HTTP State Management Mechanism <http-state@ietf.org>
In-Reply-To: <496BC8A4.4080008@corry.biz>
MIME-Version: 1.0
Content-Disposition: inline
References: <49679299.6060703@corry.biz> <120206B6A348CA498C70E738A2E963514C0CCC@Nexus.cisecurity.lan> <7789133a0901121159u1da01de8w77edd52913857358@mail.gmail.com> <120206B6A348CA498C70E738A2E963514C0CD2@Nexus.cisecurity.lan> <7789133a0901121359p635972bod78e7a46a29c1a8b@mail.gmail.com> <496BC8A4.4080008@corry.biz>
X-Google-Sender-Auth: ebba15bf285c94fa
Subject: Re: [http-state] Welcome to http-state
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Discuss HTTP State Management Mechanism <http-state@ietf.org>
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: http-state-bounces@ietf.org
Errors-To: http-state-bounces@ietf.org
In taking to server operators, bandwidth was a major concern. There are lots of ways to fix this problem (and the similar sibling domain issue). We should aim for a solution that minimizes bandwidth. Adam On Mon, Jan 12, 2009 at 2:48 PM, Bil Corry <bil@corry.biz> wrote: > Adam Barth wrote on 1/12/2009 3:59 PM: >> The Cookie-Integrity header has two advantages over altering the >> semantics of Set-Cookie: > > I brought this up on the old list; what about using $Version instead? > > Something like: > > Set-Cookie: a=b; Version="3"; HTTPOnly; Secure > > which the browser responds: > > Cookie: $Version="3"; a=b; $Integrity="HTTPOnly,Secure" > > > Of course, we're reworking the cookie spec, so presumably we can choose a better method (which may be the Cookie-Integrity header). One idea I tossed around with Yngve was to repurpose Cookie2 (which only Opera currently supports) and make it the "new" cookie standard. Then it's just a matter of educating developers to use Cookie2 instead of Cookie (and makes discussion about the update easier). Because of the limited deployment of Cookie2, I'd imagine any backwards compatibility problems would be also limited. > > > - Bil > > _______________________________________________ > http-state mailing list > http-state@ietf.org > https://www.ietf.org/mailman/listinfo/http-state > _______________________________________________ http-state mailing list http-state@ietf.org https://www.ietf.org/mailman/listinfo/http-state
- [http-state] Welcome to http-state Bil Corry
- Re: [http-state] Welcome to http-state Daniel Stenberg
- Re: [http-state] Welcome to http-state Blake Frantz
- Re: [http-state] Welcome to http-state Adam Barth
- Re: [http-state] Welcome to http-state Blake Frantz
- Re: [http-state] Welcome to http-state Adam Barth
- Re: [http-state] Welcome to http-state Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [http-state] Welcome to http-state Bil Corry
- Re: [http-state] Welcome to http-state Adam Barth
- Re: [http-state] Welcome to http-state Adam Barth
- Re: [http-state] Welcome to http-state Daniel Stenberg
- Re: [http-state] Welcome to http-state Blake Frantz
- Re: [http-state] Welcome to http-state Adam Barth
- Re: [http-state] Welcome to http-state Blake Frantz
- Re: [http-state] Welcome to http-state Blake Frantz
- Re: [http-state] Welcome to http-state Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [http-state] Welcome to http-state Adam Barth
- Re: [http-state] Welcome to http-state Adam Barth
- Re: [http-state] Welcome to http-state Blake Frantz
- Re: [http-state] Welcome to http-state Dan Winship
- Re: [http-state] Welcome to http-state Blake Frantz
- Re: [http-state] Welcome to http-state Bil Corry