IETF Logo Mail Archive

Re: Call for Adoption: Cookie Incrementalism

John Wilander <wilander@apple.com> Fri, 20 November 2020 23:44 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 774FA3A0C90 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 20 Nov 2020 15:44:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.749
X-Spam-Level:
X-Spam-Status: No, score=-2.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d-dOGs--QAnv for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 20 Nov 2020 15:44:54 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FC6B3A0C92 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 20 Nov 2020 15:44:53 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1kgG2Q-0003Lz-Cv for ietf-http-wg-dist@listhub.w3.org; Fri, 20 Nov 2020 23:41:58 +0000
Resent-Date: Fri, 20 Nov 2020 23:41:58 +0000
Resent-Message-Id: <E1kgG2Q-0003Lz-Cv@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <wilander@apple.com>) id 1kgG2O-0003LH-P4 for ietf-http-wg@listhub.w3.org; Fri, 20 Nov 2020 23:41:56 +0000
Received: from nwk-aaemail-lapp01.apple.com ([17.151.62.66]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <wilander@apple.com>) id 1kgG2N-0000d9-Bj for ietf-http-wg@w3.org; Fri, 20 Nov 2020 23:41:56 +0000
Received: from pps.filterd (nwk-aaemail-lapp01.apple.com [127.0.0.1]) by nwk-aaemail-lapp01.apple.com (8.16.0.43/8.16.0.42) with SMTP id 0AKNYuPu028079; Fri, 20 Nov 2020 15:41:37 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=zeKPH46h/KRlSOfiSZMjeGLbKlpdDyg5NC+YKmvbapo=; b=dr+TzTfic4ysI5KtGeFy0QrcuEP5Q/TkNFIhgGqBtv1JvnDBeBfPkQAwXDx8LMrTr53A 0c7w0UVVqxIX+oGptMCu0Bcbjbw49YYrWqCUl1229DfIAKum+gvqzwz2rBDXPzyuhGAr BU1njqILvYHMR+e1YRl+VSvW3MoNGi6WW0x+ryhwYqeH30eFgr4AaFPJyFn31mFDP95C W02vdx41na7gL/hFFd5X3KJa2lhqTKWd1T5NWBn9hSIwTOJ5bG1eyExRK8g19a3gQrgh /cx4E8KuTliwEWbEJ0s96SLYzV70n9VDWYvbqRpgETdsauHSjMXzcXjDt0H4whgLzDXu ow==
Received: from rn-mailsvcp-mta-lapp01.rno.apple.com (rn-mailsvcp-mta-lapp01.rno.apple.com [10.225.203.149]) by nwk-aaemail-lapp01.apple.com with ESMTP id 34tf27373x-6 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 20 Nov 2020 15:41:37 -0800
Received: from rn-mailsvcp-mmp-lapp02.rno.apple.com (rn-mailsvcp-mmp-lapp02.rno.apple.com [17.179.253.15]) by rn-mailsvcp-mta-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) with ESMTPS id <0QK400I38CHBR650@rn-mailsvcp-mta-lapp01.rno.apple.com>; Fri, 20 Nov 2020 15:41:35 -0800 (PST)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp02.rno.apple.com by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) id <0QK400800C1GU500@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Fri, 20 Nov 2020 15:41:35 -0800 (PST)
X-Va-A:
X-Va-T-CD: d3fe91202c07ba4b160966873d047a47
X-Va-E-CD: 1e482667c6c2a54985eca300135fde5f
X-Va-R-CD: 43a49a0a19e2002bcaa3b2324b6d2f07
X-Va-CD: 0
X-Va-ID: 8d43720f-6d6a-4a31-b504-52512355c953
X-V-A:
X-V-T-CD: d3fe91202c07ba4b160966873d047a47
X-V-E-CD: 1e482667c6c2a54985eca300135fde5f
X-V-R-CD: 43a49a0a19e2002bcaa3b2324b6d2f07
X-V-CD: 0
X-V-ID: 381ffdf3-00f6-4a56-b41f-cc00563ad335
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312,18.0.737 definitions=2020-11-20_17:2020-11-20,2020-11-20 signatures=0
Received: from [17.235.41.232] by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) with ESMTPSA id <0QK4010NBCHACZ20@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Fri, 20 Nov 2020 15:41:35 -0800 (PST)
From: John Wilander <wilander@apple.com>
Message-id: <6B070BD1-1EDC-4FAF-A751-41E733C91EB7@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_A0025375-6A89-4FD1-B569-6E35FF4BFA10"
MIME-version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Fri, 20 Nov 2020 15:41:34 -0800
In-reply-to: <27931496-9d91-5db8-d589-3348faa91be9@google.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, Mark Nottingham <mnot@mnot.net>
To: Mike Taylor <miketaylr@google.com>
References: <BE51D899-1C82-4E3A-A035-FD079CCBE333@mnot.net> <27931496-9d91-5db8-d589-3348faa91be9@google.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312,18.0.737 definitions=2020-11-20_17:2020-11-20,2020-11-20 signatures=0
Received-SPF: pass client-ip=17.151.62.66; envelope-from=wilander@apple.com; helo=nwk-aaemail-lapp01.apple.com
X-W3C-Hub-Spam-Status: No, score=-9.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1kgG2N-0000d9-Bj d56941cf066ac71ba90837568380e7cc
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Call for Adoption: Cookie Incrementalism
Archived-At: <https://www.w3.org/mid/6B070BD1-1EDC-4FAF-A751-41E733C91EB7@apple.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38252
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

I support adoption. However, I’d like to share some thoughts.

A lot of these incremental enhancements are for a web browser where a site, the Public Suffix List, a browsing context, the user agent, and a browsing session all make sense. Apple’s implementation of cookies is in a separate HTTP networking layer. Libcurl and libsoup are similar in my mind. When such a layer is used for web browsing, the proposed incremental enhancements make sense but they don’t always in other contexts. I don’t know the best way to make that clear. Maybe it’s obvious and we won’t have any problems but take the new proposed definition of session lifetime. It’s tied to “top-level browsing context” and “same-site documents.” That doesn’t make sense for a non-browser application using HTTP and cookies.

I’m sure we can work this out as the integration into the spec takes place.

   Regards, John

> On Nov 13, 2020, at 7:50 AM, Mike Taylor <miketaylr@google.com> wrote:
> 
> On 11/12/20 5:45 PM, Mark Nottingham wrote:
>> Please comment on whether you support adoption of this document into RFC6265bis. In particular, we're looking for implementer feedback because -- as before -- our goal for this effort is to be closely aligned with implementation behaviour.
> 
> I support adoption.
> 
> thanks,
> Mike
> 
>

v2.23.0 | Report a Bug | By Email