Re: [http-state] draft-ietf-httpstate-cookie-05 posted

[Adam Barth <ietf@adambarth.com>]

On Sun, Mar 14, 2010 at 5:00 PM, Yngve N. Pettersen (Developer Opera
Software ASA) <yngve@opera.com> wrote:
> On Sun, 07 Mar 2010 19:50:57 +0100, Adam Barth <ietf@adambarth.com> wrote:
>
>> My understanding is that Monday is the deadline for uploading I-Ds
>> before IETF77.  I've uploaded the latest version of the draft:
>>
>> http://www.ietf.org/id/draft-ietf-httpstate-cookie-05.txt
>>
>> If you're going to IETF77, this is the version of the draft that we'll
>> be discussing.  Looking forward to seeing many of you there.
>
> Yet another possible issue, not sure if it has been mentioned in the group
> before (I have discussed it with others off-list):
>
> * cookie-name should not be allowed to start with "$". I would prefer a MUST
> NOT, but a SHOULD NOT might be sufficient.

Do you mean that servers SHOULD NOT send cookie names that start with
$ or are you recommending some conformance requirement for user
agents?

Adam


> Given that the $-prefix has long been chosen for use in Version 1+ cookies
> (the syntax is also included in RFC 2109) this rule should be included to
> inform site administrators about this use in future versions, and that their
> use of such names could cause problems.
>
> I am aware of at least a few servers that have used cookie names that start
> with "$", the major cluster of them being located around one specific
> US-state.
>
> --
> Sincerely,
> Yngve N. Pettersen
>
> ********************************************************************
> Senior Developer                     Email: yngve@opera.com
> Opera Software ASA                   http://www.opera.com/
> Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
> ********************************************************************
>