W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Fbk on state-man-mec-04.txt

From: Dave Kristol <dmk@research.bell-labs.com>
Date: Mon, 24 Nov 97 11:12:02 EST
Message-Id: <9711241612.AA23003@aleatory.tempo.bell-labs.com>
To: dwm@xpasc.com
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
"David W. Morris" <dwm@xpasc.com> wrote:

[General note:  I submitted state-man-mec-05 last Thursday, but I
haven't seen the announcement through official channels.  You can
look at it via <http://portal.research.bell-labs.com/~dmk/cookie.html>.
Items that have been addressed there are labeled "-05".]

  > As I reviewed the new draft, I noted a few editorial comments which
  > follow:
  > 
  > 1.  In several places ``X'' is used, sometimes in the same paragraph
  >     with "X". It seemed strange to use two different forms of double
  >     quoting. I think it would be better to stick with one form.

I agree.  (They've been like that for hearly two years.  Where have you
been. :-)

  > 
  > 2.  In the first paragraph of section "3. STATE AND SESSIONS", the
  >     phrase "the technique" implies a reference to a technique which
  >     hasn't been defined.  And in fact, the phrase could refer to
  >     either the new proposal OR the 'existing' methodology.

Ditto.

  > 
  >     I was also uncomfortable with the word "currently" since Netscape
  >     cookies have been in use now for a long time and most readers would
  >     consider the current time frame to include Netscape cookies.

-05

  > 
  >     Perhaps replace "Currently, HTTP servers" with "HTTP servers 
  >     conforming to RFC 2068"
  > 
  > 3.  I believe "4. Outline" and the introductory phrase "We outline" was
  >     already noted by Roy and acknowledged. 

Okay.

  > 
  > 4.  In the same section 4 introductory paragraph, I agree with the
  >     suggestion already made that most of the paragraph could just be
  >     deleted (keep 1st two sentences). The reference to CGI programs
  >     should be deleted in any case.

-05

  > 
  > 5.  In 4.2.1 I think it would be better to drop the first parenthetic
  >     note which attempts to differentiate persistent connections from
  >     the term session.  At least drop the first sentence and change
  >     "should have no effect" to "has no effect".

Okay.  Now that I've removed some of the introductory stuff that mentions
"persistent", there's less risk of confusing the two concepts.

  > 
  > 6.  In 4.2.2, in the description of NAME=VALUE, it is redundant to
  >     say "$ are reserved" and "for other users".  Drop the second part.

Okay.

  > 
  > 7.  In 4.3.3, the phrase "then gets discarded" isn't needed.  The
  >     cookie persists until X happens is sufficient.

I agree it's redundant, but I want to be clear that the cookie should
be thrown away at that point.

  > 
  > 8.  I don't see the need for the restriction stated in the last sentence
  >     of section 4.5:
  >       Proxies must not introduce Set-Cookie2 (Cookie) headers of their
  >       own in proxy responses (requests). 
  >     I'd rather have this dropped completely but if not, then change must 
  >     to should.

Basically I'm emphasizing that cookies are end-to-end, and that proxies
shouldn't be inserting them.  I think the restriction is appropriate.

Dave Kristol
Received on Monday, 24 November 1997 08:19:37 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:04 EDT