W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Cookie crumbling

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 22 Oct 2013 08:58:02 -0700
Message-ID: <CABkgnnW7YjLnphZii7gyep=j97MgZhbjqU7pSQUQMA-Q7jvxQg@mail.gmail.com>
To: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Roberto Peon <grmocg@gmail.com>
On 22 October 2013 05:18, Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> wrote:
> RFC 6265 says the client should sort cookie in a certain way:
> http://tools.ietf.org/html/rfc6265#section-5.4
>
> Since the header compressor does not preserve the ordering of the headers,
> we lose the cookie ordering.
> I'm not really sure how important the cookie ordering today or future
> though.

I'm sure that the only reason that requirement exists is to reduce the
fingerprinting surface of the client.

The good part with that ordering requirement is that it makes it
perfectly clear that ordering carries no semantics.

I'm sure that an intermediary or API that translates to HTTP/1.1 can
reorder anything that might get messed around by HTTP/2.0 header
compression.
Received on Tuesday, 22 October 2013 15:58:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:18 UTC