RE: making progress on cookies from Yaron Goland on 1997-10-11 (ietf-http-wg@w3.org from October to December 1997)

From: Yaron Goland <yarong@microsoft.com>
Date: Fri, 10 Oct 1997 18:50:35 -0700
To: "'David W. Morris'" <dwm@xpasc.com>, Dave Kristol <dmk@research.bell-labs.com>
Cc: http-state@lists.research.bell-labs.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <11352BDEEB92CF119F3F00805F14F48503DFC79E@RED-44-MSG.dns.microsoft.com>

An alternative proposal is to take the signed cookie draft and combine
it with the protocol draft and put that up as the standard. That way we
don't have to argue over heuristics which prevent legitimate
functionality and instead use a policy based system backed up with
authentication.

	Yaron

> -----Original Message-----
> From:	David W. Morris [SMTP:dwm@xpasc.com]
> Sent:	Friday, October 10, 1997 3:16 PM
> To:	Dave Kristol
> Cc:	http-state@lists.research.bell-labs.com;
> http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com; http-wg@cuckoo.hpl.hp.com
> Subject:	Re: making progress on cookies
> 
> I'm not sure I see the point of splitting the document if the wire
> protocol document can't progress w/o the privacy portion. Furthermore,
> I believe portions of the wire protocol are meaningless w/o the
> privacy
> portion.
> 
> And, given that there were privacy concerns to begin with which
> motivated
> the privacy related restrictions, I think we would need concensus
> from everyone who feels strongly about the privacy restrictions that
> the wire protocol can go forward w/o the privacy specifications.
> Otherwise, there is no point in splitting the document because it
> doesn't
> address the composite issues which motivated the specification in the
> first place.
> 
> Dave Morris
> 
> On Fri, 10 Oct 1997, Dave Kristol wrote:
> 
> > Things have been very quiet on the cookie front.  I have been busy
> with
> > other projects, but I am now able to return to the fray.
> > 
> > At issue is how to make progress on a successor to RFC 2109.  One
> > proposal is to split draft-ietf-http-state-man-mec-03 into two
> pieces:
> > 
> > 1) a description of the wire protocol; and
> > 2) a description of the privacy considerations of cookies.
> > 
> > The second document would comprise approximately these sections of
> > state-man-mec-03:
> > 	- 4.3.5 Sending Cookies in Unverifiable Transactions
> > 	- 7 Privacy
> > 
> > The groundrules would be that each of the two documents could/should
> be
> > discussed separately, but that the IESG would not allow either to
> > become an RFC until agreement had been reached on both.
> > 
> > I'm soliciting discussion of this approach before I invest the time
> > to split the document in two.  What do you think of this approach?
> > 
> > Dave Kristol
> > 
> >

Received on Friday, 10 October 1997 18:53:38 UTC