W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: YA cookie draft, v2.21

From: Koen Holtman <koen@win.tue.nl>
Date: Tue, 23 Apr 1996 22:16:46 +0200 (MET DST)
Message-Id: <199604232016.WAA02908@wsooti06.win.tue.nl>
To: Dave Kristol <dmk@allegra.att.com>
Cc: koen@win.tue.nl, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Dave Kristol:
>
>koen@win.tue.nl (Koen Holtman) wrote:
>  > #control over sessions in order to insure privacy.
>  > 
>  > Shouldn't this be `assure'?
>Well, maybe "ensure".

:) Actually, `ensure' was the word I was thinking of first, but I
could not find it in any on-line dictionary.

>  > #8.2  Cookie Spoofing
>  > #
>  > [...]
>  > #Note that a server at cracker.edu could send a cookie to the client and
>  > #subsequently get both of the cookies in the preceding example as well as
>  > #its own.
>  > 
>  > I was confused by this, and after re-reading it twice, I think this is
>  > wrong.  I believe this should be:
>  > 
>  >  Note that a server called cracker.edu could send a cookie to the
>  >  client without an explicit domain, and subsequently get the second
>  >  cookie in the preceding example as well as its own.
>
>No.  Actually, the whole passage must be dropped.

You are right.  My correction above is also incorrect.

>Dave

Koen.
Received on Tuesday, 23 April 1996 13:22:41 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:51 EDT