draft-ietf-http-state-man-mec-01 submitted

[Just a reminder to http-wg folks:  discussions of HTTP state
management, aka "cookies", have moved to the http-state mailing list.
Details are at <http://www.bell-labs.com/mailing-lists/http-state/>.
I'm sending this announcement to both http-state and http-wg because I
see that several past active contributors have not yet joined
http-state.]

I've submitted a new cookie I-D, draft-ietf-http-state-man-mec-01.  For
details, visit
<http://portal.research.bell-labs.com/~dmk/cookie.html>.  Versions with
change bars from RFC 2109 and state-man-mec-00 can be reached by
following the "evolution" link near the bottom of that page.

The new draft contains the specification of the Port attribute that got
discussed awhile back.  I *did not* add CommentURL, although I thought
about it.  Even though the general idea is attractive, I see lots of
potential problems.  I invite Jonathan Stark to give a more detailed
specification.  Some of the things that concern me are:
	- should the Content-Type of the page be restricted?  What if
		the CommentURL is executable code?
	- must there be a relation between the domain of the CommentURL
		and the Domain of the cookie that contains it?
		(Can www.a.com send CommentURL="http://www.b.com/"?)

Dave Kristol

Received on Monday, 5 May 1997 11:50:38 UTC