Fwd: I-D ACTION:draft-pettersen-cookie-v2-00.txt from Yngve N. Pettersen (Developer Opera Software ASA) on 2006-10-18 (ietf-http-wg@w3.org from October to December 2006)

From: Yngve N. Pettersen (Developer Opera Software ASA) <yngve@opera.com>
Date: Thu, 19 Oct 2006 01:34:01 +0200
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <op.thm42zqeqrq7tp@nimisha.invalid.invalid>

Hello all,

I have submitted a suggestion for how to solve some of the domain  
restriction problems with cookies (e.g. preventing cookies for co.uk like  
domains). The draft defines new domain rules for cookies instead of the  
ones used by RFC 2965.

This is a followup to my dns-validate and subtld drafts (currently  
expired, will be resubmitted in a few days).

For more information about the background for these drafts please see my  
articles:

   http://my.opera.com/yngve/blog/show.dml/267415
   http://my.opera.com/yngve/blog/show.dml/388840

------- Forwarded message -------
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D ACTION:draft-pettersen-cookie-v2-00.txt
Date: Wed, 18 Oct 2006 21:50:02 +0200

A New Internet-Draft is available from the on-line Internet-Drafts
directories.


	Title		: HTTP State Management Mechanism v2
	Author(s)	: Y. Pettersen
	Filename	: draft-pettersen-cookie-v2-00.txt
	Pages		: 30
	Date		: 2006-10-18
	

    This document specifies a way to create a stateful session with
    Hypertext Transfer Protocol (HTTP) requests and responses.  It
    describes three headers, Cookie, Cookie2, and Set-Cookie2, which
    carry state information between participating origin servers and user
    agents.  The method described here differs from both Netscape's
    Cookie proposal [Netscape], and [RFC2965], but it can, provided some
    requirements are met, interoperate with HTTP/1.1 user agents that use

    Netscape's method.  (See the HISTORICAL section.)

    This document defines new rules for how cookies can be shared between
    servers within a domain.  These new rules are intended to address
    security and privacy concerns that are difficult to counter for
    clients implementing Netscape's proposed rules or the rules specified
    by RFC 2965.

    This document reflects implementation experience with RFC 2965 and
    obsoletes it.


-- 
Sincerely,
Yngve N. Pettersen
 
********************************************************************
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************

Received on Wednesday, 18 October 2006 23:34:30 UTC