W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2011

Re: #282: Recommend minimum sizes for protocol elements

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 22 Jun 2011 16:23:54 +1000
Cc: Willy Tarreau <w@1wt.eu>, httpbis Group <ietf-http-wg@w3.org>
Message-Id: <FEEB46BC-14A2-4131-9309-584EA8813358@mnot.net>
To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
Again -- this is NOT recommending how large people should make cookies, but recommending a floor for implementations to support, to improve interop.


On 22/06/2011, at 4:23 PM, Poul-Henning Kamp wrote:

> In message <20110622060021.GE18843@1wt.eu>, Willy Tarreau writes:
> 
>> As we discussed one month ago on this subject, shouldn't we recommend even
>> smaller sizes ?
> 
> I agree for four reasons:
> 
> 1. Storing information in cookies are by definition unsafe and a
>   privacy problem.  Cookies should primarily be used for anonymous
>   nonces which index server side storage.
> 
> 2. Transmission and bandwidth waste.
> 
> 3. Cookies represent inverse economics:  It's the webserver which
>   controls their size, but the client pays for the bandwidth.
> 
> 4. This is not a cookie:
> 
>   http://forums.techarena.in/off-topic-chat/1055039.htm
> 
> Poul-Henning
> 
> -- 
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe    
> Never attribute to malice what can adequately be explained by incompetence.

--
Mark Nottingham   http://www.mnot.net/
Received on Wednesday, 22 June 2011 06:24:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:41 GMT