Re: Call for Adoption: Cookie Incrementalism
Willy Tarreau <w@1wt.eu> Fri, 13 November 2020 05:26 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 538183A14F8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 12 Nov 2020 21:26:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.648
X-Spam-Level:
X-Spam-Status: No, score=-2.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lM4UKWG9Y2bu for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 12 Nov 2020 21:26:29 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDF3A3A14FD for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 12 Nov 2020 21:26:29 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1kdRYs-0006Ud-MK for ietf-http-wg-dist@listhub.w3.org; Fri, 13 Nov 2020 05:23:50 +0000
Resent-Date: Fri, 13 Nov 2020 05:23:50 +0000
Resent-Message-Id: <E1kdRYs-0006Ud-MK@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <w@1wt.eu>) id 1kdRYr-0006Tr-Eg for ietf-http-wg@listhub.w3.org; Fri, 13 Nov 2020 05:23:49 +0000
Received: from wtarreau.pck.nerim.net ([62.212.114.60] helo=1wt.eu) by mimas.w3.org with esmtp (Exim 4.92) (envelope-from <w@1wt.eu>) id 1kdRYp-0003cm-G3 for ietf-http-wg@w3.org; Fri, 13 Nov 2020 05:23:49 +0000
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 0AD5NS9k010587; Fri, 13 Nov 2020 06:23:28 +0100
Date: Fri, 13 Nov 2020 06:23:28 +0100
From: Willy Tarreau <w@1wt.eu>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Message-ID: <20201113052328.GC10375@1wt.eu>
References: <BE51D899-1C82-4E3A-A035-FD079CCBE333@mnot.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <BE51D899-1C82-4E3A-A035-FD079CCBE333@mnot.net>
User-Agent: Mutt/1.6.1 (2016-04-27)
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1kdRYp-0003cm-G3 1b89f68d92b7f0ee45684621a4c38465
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Call for Adoption: Cookie Incrementalism
Archived-At: <https://www.w3.org/mid/20201113052328.GC10375@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38215
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Fri, Nov 13, 2020 at 10:45:29AM +1100, Mark Nottingham wrote: > Those with good memories will recall that when we started RFC6265bis, we required significant changes to the specification to be backed by a separate I-D, so that we could judge consensus and implementation support for it separately. See: > https://lists.w3.org/Archives/Public/ietf-http-wg/2015OctDec/0165.html > > In the spirit of that, we have one more proposal for consideration: > https://tools.ietf.org/html/draft-west-cookie-incrementalism-01 Yes, I remember some of these points being discussed a while ago and I do support adoption as well. I also remember one idea that started being discussed along the points in this document which was to encourage browsers to delay posting very large (or numerous) cookies to slow down browsing on sites which abuse them. Having, say, half a second delay per kB would not hurt a login page requiring a full user context and a large cookie once, but would hurt sites using them on each and every page. Regards, Willy
- Re: Call for Adoption: Cookie Incrementalism Martin Thomson
- Call for Adoption: Cookie Incrementalism Mark Nottingham
- Re: Call for Adoption: Cookie Incrementalism Brad Lassey
- Re: Call for Adoption: Cookie Incrementalism Ian Swett
- Re: Call for Adoption: Cookie Incrementalism Willy Tarreau
- Re: Call for Adoption: Cookie Incrementalism Daniel Stenberg
- Re: Call for Adoption: Cookie Incrementalism Amos Jeffries
- Re: Call for Adoption: Cookie Incrementalism Lily Chen
- Re: Call for Adoption: Cookie Incrementalism David Benjamin
- Re: Call for Adoption: Cookie Incrementalism Mike Taylor
- Re: Call for Adoption: Cookie Incrementalism John Wilander
- Re: Call for Adoption: Cookie Incrementalism Tommy Pauly