At 6:50 PM -0700 10/10/97, Yaron Goland wrote: >An alternative proposal is to take the signed cookie draft and combine >it with the protocol draft and put that up as the standard. That way we >don't have to argue over heuristics which prevent legitimate >functionality and instead use a policy based system backed up with >authentication. As I've said before, I don't think this would be a positive step. If we're having trouble making progress on the current specification, trying to make progress on an even more complex one will be that much more difficult. I agree with Dave Morris's point that not all applications need or want signed cookies. I prefer to regard the signed cookies proposal as an add-on. I think it can mesh relatively smoothly with the (successor to) RFC 2109. Dave KristolReceived on Sunday, 12 October 1997 14:02:04 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:02 EDT