W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2007

Re: HTTPBis BOF followup - should RFC 2965 (cookie) be in scope for the WG?

From: Yngve N. Pettersen (Developer Opera Software ASA) <yngve@opera.com>
Date: Sun, 02 Sep 2007 17:19:53 +0200
To: "Stefanos Harhalakis" <v13@priest.com>, "Alexey Melnikov" <alexey.melnikov@isode.com>
Cc: "HTTP Working Group" <ietf-http-wg@w3.org>, "Apps Discuss" <discuss@apps.ietf.org>
Message-ID: <op.tx08vfrhqrq7tp@nimisha.oslo.opera.com>

Hello Stefanos,

On Tue, 28 Aug 2007 19:44:10 +0200, Stefanos Harhalakis <v13@priest.com>  
wrote:

>
> On Tuesday 28 August 2007, Stefanos Harhalakis wrote:
>> On Monday 27 August 2007, Alexey Melnikov wrote:
>>
>> I don't know if I'm supposed to vote, but I'd suggest 1 (No). The  
>> rationale
>> can be summarized in the question: "Why yes?".
>
>  Sorry for replying to self but I'd like to change that to 4:
> Discuss it in the list first.
>
>   Then, maybe vote for '3'.
>
>   After reading the minutes (again), I understand that this will only  
> change
> RFC 2695 to 'become' the Netscape doc. So, I don't actually see it as a  
> hi
> priority issue, thinking that a well accepted document already exists
> (Netscape) and there is no confusion. Also, shouldn't this become a new  
> RFC
> that will replace 2695?

I think you misunderstand the intention of my I-D  
draft-pettersen-cookie-v2 , and my presentation at the BoF.

The intention of the draft is to fix security and privacy issues in both  
the Netscape spec and RFC 2965 (the "cookie monster bug") by changing the  
domain and path semantics, so that the issues with Netscape and RFC 2965  
cannot occur, and as a result obsoleting Netscape and RFC 2965 cookies.

I have also posted two other drafts suggesting candidates for intermediate  
workarounds that I believe will reduce the problem in the existing  
specifications.

For more information about the background please see my articles

   http://my.opera.com/yngve/blog/show.dml/267415
   http://my.opera.com/yngve/blog/show.dml/388840

-- 
Sincerely,
Yngve N. Pettersen
 
********************************************************************
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************
Received on Sunday, 2 September 2007 15:20:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:15 GMT