W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

RE: making progress on cookies

From: David W. Morris <dwm@xpasc.com>
Date: Sat, 11 Oct 1997 12:31:41 -0700 (PDT)
To: Yaron Goland <yarong@microsoft.com>
Cc: Dave Kristol <dmk@research.bell-labs.com>, http-state@lists.research.bell-labs.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.GSO.3.96.971011122750.1207A-100000@shell1.aimnet.com>

On Fri, 10 Oct 1997, Yaron Goland wrote:

> An alternative proposal is to take the signed cookie draft and combine
> it with the protocol draft and put that up as the standard. That way we
> don't have to argue over heuristics which prevent legitimate
> functionality and instead use a policy based system backed up with
> authentication.

This alternative would not be a complete solution since it would drop
the default specification for cookie privacy when the cookie presented
was not signed.

I have no problem with an alternative which includes completing work
on the signed cookie proposal but I see that as additional specification
and not replacing some form of the existing privacy specifications.

Dave Morris
Received on Saturday, 11 October 1997 12:34:13 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:01 EDT