W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 2001

RE: cookies history

From: Joris Dobbelsteen <joris.dobbelsteen@mail.com>
Date: Wed, 28 Nov 2001 17:52:07 +0100
To: "WWW WG \(E-mail\)" <http-wg@cuckoo.hpl.hp.com>
Message-ID: <001801c1782d$042660d0$0d0ba8c0@joris2k.local>
1. Address typed in and pressed Enter
2. Resolve IP address using DNS (if needed)

HTTP:
3. Connect port 80 (by default) in case of HTTP
4. Clients sends HTTP request
5. Server HTTP responds
6. If more requests are pending AND can be fulfilled, go to 4.
7. Server or client terminates the connection
   (can be due to a time-out)

HTTPS:
3. Connect to port 443 (by default) in case of HTTPS
4. Establish a SSL or TLS connection
   You receive the Server Certificate and should check if its valid and
trusted.
   A symmetric key is generated and exchanged using a asymmetric cipher.
   A symmetric cipher is used for data transportation
5. Clients sends HTTP/HTTPS request
6. Server HTTP/HTTPS responds
7. If more requests are pending AND can be fulfilled, go to 5.
8. Server or client terminates the connection
   (can be due to a time-out)



HTTP is layer on a connection-based reliable protocol. This protocol can be
TCP, but it can also be a protocol like SSL or TLS that are layered
onanother protocol, such as TCP.
SSL and TLS utilize the Public Key Infrastructure. The Public Key
Infrastructure utilizes Certificates, that are provided by Certificate
Authorities. There are some Trusted Certificate Authorities (such as
Verisign, Thawte, GlobalSign and others).
A Certificate consists of:
 - Your name (some information)
 - Purposes of the certificate
 - A public key
 - The person/computer to who the certificate belongs also has
       the private key
 - A certificate of the issuer (except for root certificates)


If you want to know much about cryptography, search a good site or read a
good book such as "Handbook of Applied Cryptography". This is downloadable
from somewhere of the Internet. It handles much concept of cryptography and
also goes into it in detail.
Chapter 1 of this book describes what cryptography is all about and why it's
needed. It also handles every aspect of cryptography, but not (yet) in
detail.
It's published by the CRC Press, Inc. in 1997 (the downloadable version).


Also I certainly hope you did take a quick look in the RFCs or some good web
site about this subject.


- Joris

>-----Original Message-----
>From: Aziz Ait Messaoud [mailto:AzizM@chipsoft.nl]
>Sent: Wednesday, 28 November 2001 10:20
>To: Joris Dobbelsteen
>Subject: RE: cookies history
>
>
>hey Joris,
>
>thnx very much for the information. do you have something about a
>flowchart of http (or shttp)
>I need to know what is happening from the moment I press enter after I
>entered an URL in the AdresBar
>not like "it goes to the server and then to the DNS" but more like the
>realation with TCP/IP,SSL and certificates.
>I'am on a Reseach and I need this information. can you help me with it?
>
>Thank you
>
>Greetings
>aitmess@hotmail.com, azizm@hotmail.com
>
>
>-----Oorspronkelijk bericht-----
>Van: Joris Dobbelsteen [mailto:joris.dobbelsteen@mail.com]
>Verzonden: Monday, November 26, 2001 21:24
>Aan: 'jario'
>CC: WWW WG (E-mail)
>Onderwerp: RE: cookies history
>
>
>Get the RFC from www.ietf.org...
>
>
>RFC 2109
>Title: HTTP State Management Mechanism.
>Authors: D. Kristol, L. Montulli.
>Date: February 1997.
>
>
>- HTTP
>------
>
>I'll give you a short history about HTTP.
>Everybody is invited to review it...
>
>HTTP was orginated by CERN, where HTTP/0.9 was developed as a simple
>method
>to request a file. Later HTTP/1.0 was developed (at the IETF and/or
>CERN?),
>that greatly increased the ability of HTTP and allowed content to be
>neogotiated. With FTP you can retreive a file, but HTTP allows you to
>retreive the file the way you like it. You can give a language,
>character
>encoding and others. Information about this protocol can be
>found in the
>appropriate RFC:
>
>RFC 1945
>Title: Hypertext Transfer Protocol -- HTTP/1.0.
>Authors: T. Berners-Lee, R. Fielding & H. Frystyk.
>Date: May 1996.
>
>HTTP/1.1 enhanced HTTP/1.0, by making the transport more efficient and
>enhancing the caching mechanism. See:
>
>RFC 2616
>Title: Hypertext Transfer Protocol -- HTTP/1.1.
>Authors :R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P.
>Leach, T. Berners-Lee.
>Date: June 1999.
>
>
>- Cookies or HTTP State Management Mechanism
>--------------------------------------------
>
>HTTP is a sessionless/stateless protocol. Two requests are unrelated,
>they
>don't share any kind of common information. With FTP you have a
>session/state: authentication, path. This can be useful in several
>situations. With the cookies a method was designed to create
>session/state
>over a sessionless/stateless protocol. Other methods used are to pass
>information witht the URL, as is still in use, especially at chatboxes
>or
>webmail systems. Cookies really enhanced this. This way you can store
>information more dynamically and it can be saved over multiple
>..., well
>'browsing sessions' :-)
>
>
>A nice chapter would be "Cookies and Privacy". On this subject there is
>numberous information
>I'll give you two statements, were I believe in the last one.
>
>Cookies violate privacy, because web masters (or companies) can save
>information about your specific browsing patterns and can gather your
>personal information, directly from your own computer. This is why he
>always
>disabled cookies on his system.
>This can be argumented by someone (it was once on a dutch
>radio-broadcaster)
>who, in my opinion, didn't know much about HTTP or cookies.
>
>Cookies violate privacy in a way that they can only save information
>about
>your browsing patterns, but this can also be done, somewhat more
>anonymously, using your IP address, DNS name/domain, browser type,
>authentication and such. Next cookies are generated ONLY by the server
>side,
>so only information that is reveiled to him is accessable to
>him and can
>be
>stored in a cookie. Also cookies can only be read by those for who it's
>intended.
>Also, sessions can be created using cookies and e.g. using the URL.
>Information this is discoved and stored in a cookie, can be discovered
>otherwise and stored on the server.
>Next this kind of information, especially regarding advertisements, is
>already stored on servers.
>
>
>If you have some more questions, please ask...
>
>
>- Joris Dobbelsteen
>
>
>
>>-----Original Message-----
>>From: jario [mailto:jario@ieg.com.br]
>>Sent: Sunday, 25 November 2001 20:22
>>To: http-wg@cuckoo.hpl.hp.com
>>Subject: cookies history
>>
>>
>>Hi, all.
>>
>>I am developing a thesis regarding the protocol HTTP and I
>seek for the
>>history of the origin of the cookies.
>>How did they appear?
>>Which reason of the netscape of you create them?
>   Don't understand this question to good.
>>
>>Do you can help me?
>>
>>Thanks
>>
>>Jario
>>
>>
>
>
Received on Wednesday, 28 November 2001 16:55:11 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:45 EDT