IETF Logo Mail Archive

Re: [http-state] [Technical Errata Reported] RFC6265 (3663)

Dave Thaler <dthaler@microsoft.com> Tue, 18 June 2013 00:45 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: http-state@ietfa.amsl.com
Delivered-To: http-state@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57F1421F9301 for <http-state@ietfa.amsl.com>; Mon, 17 Jun 2013 17:45:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.495
X-Spam-Level:
X-Spam-Status: No, score=-99.495 tagged_above=-999 required=5 tests=[AWL=-0.028, BAYES_00=-2.599, UNRESOLVED_TEMPLATE=3.132, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id toTFe05QXiYn for <http-state@ietfa.amsl.com>; Mon, 17 Jun 2013 17:45:50 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0240.outbound.protection.outlook.com [207.46.163.240]) by ietfa.amsl.com (Postfix) with ESMTP id 4690C21F8F7B for <http-state@ietf.org>; Mon, 17 Jun 2013 17:45:50 -0700 (PDT)
Received: from BY2FFO11FD008.protection.gbl (10.1.15.200) by BY2FFO11HUB022.protection.gbl (10.1.14.109) with Microsoft SMTP Server (TLS) id 15.0.707.0; Tue, 18 Jun 2013 00:45:48 +0000
Received: from TK5EX14HUBC103.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD008.mail.protection.outlook.com (10.1.14.159) with Microsoft SMTP Server (TLS) id 15.0.707.0 via Frontend Transport; Tue, 18 Jun 2013 00:45:48 +0000
Received: from tx2outboundpool.messaging.microsoft.com (157.54.51.112) by mail.microsoft.com (157.54.86.9) with Microsoft SMTP Server (TLS) id 14.3.136.1; Tue, 18 Jun 2013 00:45:48 +0000
Received: from mail127-tx2-R.bigfish.com (10.9.14.227) by TX2EHSOBE004.bigfish.com (10.9.40.24) with Microsoft SMTP Server id 14.1.225.23; Tue, 18 Jun 2013 00:45:14 +0000
Received: from mail127-tx2 (localhost [127.0.0.1]) by mail127-tx2-R.bigfish.com (Postfix) with ESMTP id F0C59180297 for <http-state@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Tue, 18 Jun 2013 00:45:14 +0000 (UTC)
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT004.namprd03.prod.outlook.com; R:internal; EFV:INT
X-SpamScore: -18
X-BigFish: PS-18(zz98dI9371Ic89bh542Izz1f42h1ee6h1de0h1fdah1202h1e76h1d1ah1d2ah1fc6hzz1033IL17326ah1954cbh8275bh8275dh1cd15eiz31h2a8h668h839h947hd24hf0ah1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h1ad9h1b0ah1d07h1d0ch1d2eh1d3fh1de9h1dfeh1dffh1e1dh17ej9a9j1155h)
Received-SPF: softfail (mail127-tx2: transitioning domain of microsoft.com does not designate 157.56.240.21 as permitted sender) client-ip=157.56.240.21; envelope-from=dthaler@microsoft.com; helo=BL2PRD0310HT004.namprd03.prod.outlook.com ; .outlook.com ;
X-Forefront-Antispam-Report-Untrusted: SFV:SKI; SFS:; DIR:OUT; SFP:; SCL:-1; SRVR:BY2PR03MB269; H:BY2PR03MB269.namprd03.prod.outlook.com; LANG:en;
Received: from mail127-tx2 (localhost.localdomain [127.0.0.1]) by mail127-tx2 (MessageSwitch) id 1371516313147312_32391; Tue, 18 Jun 2013 00:45:13 +0000 (UTC)
Received: from TX2EHSMHS013.bigfish.com (unknown [10.9.14.252]) by mail127-tx2.bigfish.com (Postfix) with ESMTP id 140C83E006F; Tue, 18 Jun 2013 00:45:13 +0000 (UTC)
Received: from BL2PRD0310HT004.namprd03.prod.outlook.com (157.56.240.21) by TX2EHSMHS013.bigfish.com (10.9.99.113) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 18 Jun 2013 00:45:12 +0000
Received: from BY2PR03MB269.namprd03.prod.outlook.com (10.242.37.11) by BL2PRD0310HT004.namprd03.prod.outlook.com (10.255.97.39) with Microsoft SMTP Server (TLS) id 14.16.324.0; Tue, 18 Jun 2013 00:45:11 +0000
Received: from BY2PR03MB269.namprd03.prod.outlook.com (10.242.37.11) by BY2PR03MB269.namprd03.prod.outlook.com (10.242.37.11) with Microsoft SMTP Server (TLS) id 15.0.702.21; Tue, 18 Jun 2013 00:45:08 +0000
Received: from BY2PR03MB269.namprd03.prod.outlook.com ([169.254.5.25]) by BY2PR03MB269.namprd03.prod.outlook.com ([169.254.5.25]) with mapi id 15.00.0702.005; Tue, 18 Jun 2013 00:45:08 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Bjoern Hoehrmann <derhoermi@gmx.net>, RFC Errata System <rfc-editor@rfc-editor.org>
Thread-Topic: [http-state] [Technical Errata Reported] RFC6265 (3663)
Thread-Index: AQHOa7sntVkCaDRzOU+sK+oTCvibR5k6oD8AgAABf9A=
Date: Tue, 18 Jun 2013 00:45:08 +0000
Message-ID: <9beb9558a94c434d84a0ccebfe4cc582@BY2PR03MB269.namprd03.prod.outlook.com>
References: <20130618002830.7DF236211A@rfc-editor.org> <7mavr8hhrqsfmcqt77181vqc3g3nl25s1d@hive.bjoern.hoehrmann.de>
In-Reply-To: <7mavr8hhrqsfmcqt77181vqc3g3nl25s1d@hive.bjoern.hoehrmann.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:1a:3:925:1d8f:38f:c47b]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OrganizationHeadersPreserved: BY2PR03MB269.namprd03.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%QTI.QUALCOMM.COM$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%KINGSMOUNTAIN.COM$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%COMPUTER.ORG$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%GMX.NET$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%RFC-EDITOR.ORG$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%EECS.BERKELEY.EDU$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-CrossPremisesHeadersPromoted: TK5EX14HUBC103.redmond.corp.microsoft.com
X-CrossPremisesHeadersFiltered: TK5EX14HUBC103.redmond.corp.microsoft.com
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(199002)(13464003)(377454002)(189002)(24454002)(15202345002)(6806003)(74706001)(76786001)(47976001)(33646001)(69226001)(74502001)(76576001)(76796001)(31966008)(74316001)(81342001)(44976003)(54316002)(81542001)(49866001)(56816003)(80022001)(77096001)(47776003)(47736001)(23756003)(46102001)(74366001)(59766001)(76482001)(56776001)(47446002)(65816001)(51856001)(53806001)(74876001)(50466002)(74662001)(77982001)(20776003)(79102001)(63696002)(4396001)(16676001)(50986001)(16601075002)(54356001)(24736002)(3826001)(18886065002); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB022; H:TK5EX14HUBC103.redmond.corp.microsoft.com; CLIP:131.107.125.37; RD:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 0881A7A935
X-Mailman-Approved-At: Wed, 19 Jun 2013 15:18:24 -0700
Cc: "http-state@ietf.org" <http-state@ietf.org>, "presnick@qti.qualcomm.com" <presnick@qti.qualcomm.com>, "barryleiba@computer.org" <barryleiba@computer.org>, "abarth@eecs.berkeley.edu" <abarth@eecs.berkeley.edu>
Subject: Re: [http-state] [Technical Errata Reported] RFC6265 (3663)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jun 2013 00:45:55 -0000

Thanks Bjoern.

Interesting, well in that case there may be an issue in the RFC 6265 algorithm for path matching.  
That's because it requires comparison for "identical" and "ab", "AB", "aB", and "Ab" are not "identical".

So 
http://www.example.com/%AB/foo
http://www.example.com/%ab/foo
http://www.example.com/%Ab/foo
http://www.example.com/%aB/foo

are all "equivalent" in the language of RFC 3986, but not "identical" and hence a cookie on one will not match the others.

It may still be worth having an errata noting the above issue, even if it's Hold For Document Update.

-Dave

-----Original Message-----
From: Bjoern Hoehrmann [mailto:derhoermi@gmx.net] 
Sent: Monday, June 17, 2013 5:36 PM
To: RFC Errata System
Cc: abarth@eecs.berkeley.edu; barryleiba@computer.org; presnick@qti.qualcomm.com; Jeff.Hodges@kingsmountain.com; Dave Thaler; http-state@ietf.org
Subject: Re: [http-state] [Technical Errata Reported] RFC6265 (3663)

* RFC Errata System wrote:
>Notes
>-----
>HEXDIG is defined in [RFC5234], Appendix B.1 as
>  HEXDIG         =  DIGIT / "A" / "B" / "C" / "D" / "E" / "F"
>Note that lower case a-f are not legal.

As per RFC 5234:

   NOTE:

      ABNF strings are case insensitive and the character set for these
      strings is US-ASCII.

   Hence:

         rulename = "abc"

   and:

         rulename = "aBc"

   will match "abc", "Abc", "aBc", "abC", "ABc", "aBC", "AbC", and
   "ABC".
--
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/

v2.23.0 | Report a Bug | By Email