W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

RE: making progress on cookies

From: Dave Kristol <dmk@bell-labs.com>
Date: Sun, 12 Oct 1997 16:58:55 -0400
Message-Id: <l03020902b066e9afc56d@[135.3.51.214]>
To: Yaron Goland <yarong@microsoft.com>
Cc: http-state@lists.research.bell-labs.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
At 6:50 PM -0700 10/10/97, Yaron Goland wrote:
>An alternative proposal is to take the signed cookie draft and combine
>it with the protocol draft and put that up as the standard. That way we
>don't have to argue over heuristics which prevent legitimate
>functionality and instead use a policy based system backed up with
>authentication.

As I've said before, I don't think this would be a positive step.  If we're
having trouble making progress on the current specification, trying to make
progress on an even more complex one will be that much more difficult.

I agree with Dave Morris's point that not all applications need or want
signed cookies.  I prefer to regard the signed cookies proposal as an
add-on.  I think it can mesh relatively smoothly with the (successor to)
RFC 2109.

Dave Kristol
Received on Sunday, 12 October 1997 14:02:04 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:02 EDT