- From: Dave Kristol <dmk@research.bell-labs.com>
- Date: Mon, 24 Nov 97 11:12:02 EST
- To: dwm@xpasc.com
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
"David W. Morris" <dwm@xpasc.com> wrote: [General note: I submitted state-man-mec-05 last Thursday, but I haven't seen the announcement through official channels. You can look at it via <http://portal.research.bell-labs.com/~dmk/cookie.html>. Items that have been addressed there are labeled "-05".] > As I reviewed the new draft, I noted a few editorial comments which > follow: > > 1. In several places ``X'' is used, sometimes in the same paragraph > with "X". It seemed strange to use two different forms of double > quoting. I think it would be better to stick with one form. I agree. (They've been like that for hearly two years. Where have you been. :-) > > 2. In the first paragraph of section "3. STATE AND SESSIONS", the > phrase "the technique" implies a reference to a technique which > hasn't been defined. And in fact, the phrase could refer to > either the new proposal OR the 'existing' methodology. Ditto. > > I was also uncomfortable with the word "currently" since Netscape > cookies have been in use now for a long time and most readers would > consider the current time frame to include Netscape cookies. -05 > > Perhaps replace "Currently, HTTP servers" with "HTTP servers > conforming to RFC 2068" > > 3. I believe "4. Outline" and the introductory phrase "We outline" was > already noted by Roy and acknowledged. Okay. > > 4. In the same section 4 introductory paragraph, I agree with the > suggestion already made that most of the paragraph could just be > deleted (keep 1st two sentences). The reference to CGI programs > should be deleted in any case. -05 > > 5. In 4.2.1 I think it would be better to drop the first parenthetic > note which attempts to differentiate persistent connections from > the term session. At least drop the first sentence and change > "should have no effect" to "has no effect". Okay. Now that I've removed some of the introductory stuff that mentions "persistent", there's less risk of confusing the two concepts. > > 6. In 4.2.2, in the description of NAME=VALUE, it is redundant to > say "$ are reserved" and "for other users". Drop the second part. Okay. > > 7. In 4.3.3, the phrase "then gets discarded" isn't needed. The > cookie persists until X happens is sufficient. I agree it's redundant, but I want to be clear that the cookie should be thrown away at that point. > > 8. I don't see the need for the restriction stated in the last sentence > of section 4.5: > Proxies must not introduce Set-Cookie2 (Cookie) headers of their > own in proxy responses (requests). > I'd rather have this dropped completely but if not, then change must > to should. Basically I'm emphasizing that cookies are end-to-end, and that proxies shouldn't be inserting them. I think the restriction is appropriate. Dave Kristol
Received on Monday, 24 November 1997 08:19:37 UTC