RE: LAST CALL, "HTTP State Management Mechanism (Rev1) " to Proposed Standard from Jaye, Dan on 1997-07-10 (ietf-http-wg@w3.org from July to September 1997)

From: Jaye, Dan <DJaye@engagetech.com>
Date: Wed, 9 Jul 1997 20:13:34 -0400
To: "'http-wg@cuckoo.hpl.hp.com'" <http-wg@cuckoo.hpl.hp.com>
Message-Id: <c=US%a=_%p=CMG%l=ANDEXC01-970710001334Z-3246@wilexc01.cmgi.com>

Yaron writes: 

>BTW I find it strange that we are pushing a draft to proposed standard
>when no one has implemented it and, in so far as I am aware, is even
>planning on implementing it.

He has a strong point.  If MS and Netscape have both said they won't
implement it, is this draft credible?


> Is the cookie spec really relevant in a
>world with OPS? 

Yes, because OPS is not intended for state management.  We still need to
fix inconsistencies and problems with the original cookie spec.

	I am going ahead and reissuing my I-D for trust mgt.  It will include 
use of the standard PICS-header headers.  I have been waiting so that
the
Vocabulary WG of the W3C P3 project can make progress so that the 
P3 privacy vocabulary (which leverages the IPWG vocabulary work) can
be adopted in the draft.  I believe that it is still necessary since OPS
does not address state mgt and users will still want to know the
certified
privacy practices of the server for cookies...  For what it's worth, I
think we 
should be issuing a bare bones RFC that addresses the protocol issues 
that everyone agrees on and wait a few months for the P3 work to
progress before addressing the privacy issues.

BTW:
The W3C Platform for Privacy Project is underway and addressing  
many if not all of the privacy issues discussed here...  Participation
from 
the big two browser/server vendors (hooray) and most other major
parties.  Contact philip DesAutels (philipd@w3.org) for the official
story. 
>
>Do we really want to officially stamp a mechanism which:
>	Renders proxies useless?
>	Prevents sharing of cookies between sites that are owned by the
>same entity but have different domains?
>	Prevents sharing of cookies more than one level deep within a
>single domain?
>
>
>> -----Original Message-----
>> From:	Larry Masinter [SMTP:masinter@parc.xerox.com]
>> Sent:	Tuesday, July 08, 1997 7:33 AM
>> To:	http-wg@cuckoo.hpl.hp.com
>> Subject:	LAST CALL, "HTTP State Management Mechanism (Rev1) " to
>> Proposed Standard
>> 
>> draft-ietf-http-state-man-mec-02.txt
>> 
>> > This document specifies a way to create a stateful session with HTTP
>> > requests and responses.  It describes two new headers, Cookie and
>> Set-
>> > Cookie2, which carry state information between participating origin
>> > servers and user agents.  The method described here differs from
>> > Netscape's Cookie proposal, but it can interoperate with HTTP/1.0
>> user
>> > agents that use Netscape's method.  (See the HISTORICAL section.)
>> > 
>> > This document reflects implementation experience with RFC 2109 and
>> > obsoletes it.
>> 
>> I am not aware of any comments on this draft since its release
>> on June 20.
>> 
>> Unless there are any new objections, we will submit this as Proposed
>> Standard on July 15.
>
>

Received on Wednesday, 9 July 1997 17:16:49 UTC