Re: [http-state] non-ASCII cookie values (was Re: Closing Ticket 3: Public Suffixes)

Maciej Stachowiak <mjs@apple.com> Wed, 03 February 2010 09:52 UTC

Return-Path: <mjs@apple.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DD47C28C13E for <http-state@core3.amsl.com>; Wed, 3 Feb 2010 01:52:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.431
X-Spam-Level:
X-Spam-Status: No, score=-106.431 tagged_above=-999 required=5 tests=[AWL=0.168, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s6PM4kj9ZcwJ for <http-state@core3.amsl.com>; Wed, 3 Feb 2010 01:52:44 -0800 (PST)
Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23]) by core3.amsl.com (Postfix) with ESMTP id 0CA8C28C131 for <http-state@ietf.org>; Wed, 3 Feb 2010 01:52:43 -0800 (PST)
Received: from relay14.apple.com (relay14.apple.com [17.128.113.52]) by mail-out4.apple.com (Postfix) with ESMTP id A131089E71C1 for <http-state@ietf.org>; Wed, 3 Feb 2010 01:53:25 -0800 (PST)
X-AuditID: 11807134-b7cd9ae000001002-0a-4b69479521c8
Received: from et.apple.com (et.apple.com [17.151.62.12]) by relay14.apple.com (Apple SCV relay) with SMTP id DF.1A.04098.597496B4; Wed, 3 Feb 2010 01:53:25 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=us-ascii
Received: from [17.151.86.222] by et.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0KX900AXQFH0E310@et.apple.com> for http-state@ietf.org; Wed, 03 Feb 2010 01:53:25 -0800 (PST)
From: Maciej Stachowiak <mjs@apple.com>
In-reply-to: <7789133a1002030041o6a544ebbk47e65e131e6d64f3@mail.gmail.com>
Date: Wed, 03 Feb 2010 01:53:24 -0800
Message-id: <9BFA419A-2D73-4527-BD4B-3CA91E22FE33@apple.com>
References: <7789133a1002011014x5d587436j663a73bc92270a65@mail.gmail.com> <7789133a1002021737v2a50be07u3eea61a2fe870c79@mail.gmail.com> <4B6926FC.5030107@gmx.de> <67660F71-01A3-4B66-B546-B740A1314E49@apple.com> <7789133a1002022348h57a61611me73b95e110c72ea3@mail.gmail.com> <4B692D7C.900@gmx.de> <7789133a1002030006r1d9b1bech491fa7826587eaff@mail.gmail.com> <7789133a1002030008n4f4e294fn548c359133d7734b@mail.gmail.com> <4B692F9F.7040602@gmx.de> <F3D49FE1-4C8D-457A-B3B8-C3D539938E44@apple.com> <7789133a1002030041o6a544ebbk47e65e131e6d64f3@mail.gmail.com>
To: Adam Barth <ietf@adambarth.com>
X-Mailer: Apple Mail (2.1077)
X-Brightmail-Tracker: AAAAAQAAAZE=
Cc: http-state@ietf.org
Subject: Re: [http-state] non-ASCII cookie values (was Re: Closing Ticket 3: Public Suffixes)
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2010 09:52:45 -0000

On Feb 3, 2010, at 12:41 AM, Adam Barth wrote:

> On Wed, Feb 3, 2010 at 12:39 AM, Maciej Stachowiak <mjs@apple.com> wrote:
>> On Feb 3, 2010, at 12:11 AM, Julian Reschke wrote:
>>> Adam Barth wrote:
>>>> ...
>>>> Those cases being charset0001, charset0002, and charset0003.  One
>>>> possible explanation is that Safari rejects cookies that have
>>>> non-ASCII characters in their values.
>>>> ...
>>> 
>>> ...which I think is not really a bug, according to the specs.
>>> 
>>> Unless that affects Safari's interoperability, I'd strongly recommend to consider making this the recommended behavior.
>> 
>> I don't have information one way or another on this. I don't see any bugs that are obviously this issue, but it could be the cause of less obvious compatibility bugs. Perhaps the thing to do is a study to determine the frequency with which non-ASCII cookies are sent.
> 
> Do you see a particular benefit to dropping non-ASCII cookies?  I
> don't understand what we're trying to gain here.

I don't care much either way, and it would not be hard to change our implementation. I'm just trying to clarify the level of evidence we have on whether this affects compat. Other things being equal, I would prefer to see Safari change to match the other browsers.

I will note that Safari (and Mac OS) are pretty rarely used in some asian markets, such as China and India, so there could be issues we are unaware of. iPhone has significant penetration into some of those markets however.

Regards,
Maciej