IETF Logo Mail Archive

Re: [http-state] Comments on draft-ietf-httpstate-cookie-08.txt (4.1.2.2 - 5.2.6)

Daniel Stenberg <daniel@haxx.se> Sat, 29 May 2010 18:16 UTC

Return-Path: <daniel@haxx.se>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5F79D3A685A for <http-state@core3.amsl.com>; Sat, 29 May 2010 11:16:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.312
X-Spam-Level:
X-Spam-Status: No, score=-2.312 tagged_above=-999 required=5 tests=[AWL=-2.663, BAYES_50=0.001, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NqJyeaeyBtRu for <http-state@core3.amsl.com>; Sat, 29 May 2010 11:16:04 -0700 (PDT)
Received: from giant.haxx.se (giant.haxx.se [80.67.6.50]) by core3.amsl.com (Postfix) with ESMTP id C6D0E3A6873 for <http-state@ietf.org>; Sat, 29 May 2010 11:15:57 -0700 (PDT)
Received: from giant.haxx.se (dast@giant.haxx.se [80.67.6.50]) by giant.haxx.se (8.14.3/8.14.3/Debian-9.1) with ESMTP id o4TIFgdV016485; Sat, 29 May 2010 20:15:42 +0200
Date: Sat, 29 May 2010 20:15:42 +0200
From: Daniel Stenberg <daniel@haxx.se>
X-X-Sender: dast@giant.haxx.se
To: Bjoern Hoehrmann <derhoermi@gmx.net>
In-Reply-To: <hovvv5ph6ipqda3mm7rr9v2jo8pp59l2bn@hive.bjoern.hoehrmann.de>
Message-ID: <alpine.DEB.2.00.1005292008300.30662@tvnag.unkk.fr>
References: <hovvv5ph6ipqda3mm7rr9v2jo8pp59l2bn@hive.bjoern.hoehrmann.de>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-4.3.5 (giant.haxx.se [80.67.6.50]); Sat, 29 May 2010 20:15:42 +0200 (CEST)
Cc: http-state@ietf.org
Subject: Re: [http-state] Comments on draft-ietf-httpstate-cookie-08.txt (4.1.2.2 - 5.2.6)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 May 2010 18:16:09 -0000

On Fri, 28 May 2010, Bjoern Hoehrmann wrote:

> I doubt the draft should require implementations to use the "last" Date 
> header, there are plenty of HTTP implementations where that is not possible 
> as the headers are only accessible in folded form. Section 4.1.2.1 also 
> should be updated to clearly express that even though the expiry time is set 
> in an absolute form, it'll be handled as relative value, as that is rather 
> surprising.

I agree. I don't think we've discussed this properly on the list. (Or if we 
did I might've missed it.)

Why would the 'expires' attribute be treated relative like 5.2.1 describes? 
Expires is an absolute time, and I don't see why clients shouldn't try to use 
exactly that time in time comparisons. If the server/client clocks are off in 
any significant way, every response-with-cookies without Date: header would 
then be subject to flaws and I expect that a majority of cookie-sending server 
responses are done without Date:

I also would expect that lots of implmentations treat that time as an absolute 
and not a relative unconditionally.

Are the big-5 doing it this way?

-- 

  / daniel.haxx.se

v2.23.0 | Report a Bug | By Email