- From: Dave Kristol <dmk@bell-labs.com>
- Date: Sun, 12 Oct 1997 16:58:55 -0400
- To: Yaron Goland <yarong@microsoft.com>
- Cc: http-state@lists.research.bell-labs.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
At 6:50 PM -0700 10/10/97, Yaron Goland wrote: >An alternative proposal is to take the signed cookie draft and combine >it with the protocol draft and put that up as the standard. That way we >don't have to argue over heuristics which prevent legitimate >functionality and instead use a policy based system backed up with >authentication. As I've said before, I don't think this would be a positive step. If we're having trouble making progress on the current specification, trying to make progress on an even more complex one will be that much more difficult. I agree with Dave Morris's point that not all applications need or want signed cookies. I prefer to regard the signed cookies proposal as an add-on. I think it can mesh relatively smoothly with the (successor to) RFC 2109. Dave Kristol
Received on Sunday, 12 October 1997 14:02:04 UTC