Re: Set-Cookie vs list header parsing (i129)

Frank Ellermann wrote:
> Julian Reschke wrote:
> 
>> Informative References:
>  
>> [Kri2001]  Kristol, D., "HTTP Cookies: Standards, Privacy, and
>>            Politics", ACM Transactions on Internet Technology Vol. 1,
>>            #2, November 2001, <http://arxiv.org/abs/cs.SE/0105018>.
> 
> Fascinating.  This sounds even worse than the MARID bloodshed.
> 
> [censoring my rant about ping attributes, 3rd party cookies,
>  HTML5, doubleclick, hostile to privacy, and more off topics]
> 
>> ...more feedback appreciated.
> 
> Maybe add a reference to RFC 2964 for the complete cookie zoo.
> ...

To be complete we would also need to cite the original spec 
(<http://www.netscape.com/newsref/std/cookie_spec.html>, 404s...). We 
already have three cookie-related references; enough is enough, isn't it?

The currently proposed text is at: 
<http://www3.tools.ietf.org/wg/httpbis/trac/attachment/ticket/129/i129.diff>

Brian also proposed to make this REQUIRED behavior. I don't think we 
have agreement on this -- for once, handling Set-Cookie and/or 
Set-Cookie2 is optional anyway.

So unless something new comes up soon, I'll apply the patch in the next 
few days. If we later agree on making this normative, we still can do that.

BR, Julian

Received on Wednesday, 20 August 2008 07:33:14 UTC