W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2011

Re: #282: Recommend minimum sizes for protocol elements

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Wed, 22 Jun 2011 06:23:08 +0000
To: Willy Tarreau <w@1wt.eu>
cc: Mark Nottingham <mnot@mnot.net>, httpbis Group <ietf-http-wg@w3.org>
Message-ID: <5582.1308723788@critter.freebsd.dk>
In message <20110622060021.GE18843@1wt.eu>, Willy Tarreau writes:

>As we discussed one month ago on this subject, shouldn't we recommend even
>smaller sizes ?

I agree for four reasons:

1. Storing information in cookies are by definition unsafe and a
   privacy problem.  Cookies should primarily be used for anonymous
   nonces which index server side storage.

2. Transmission and bandwidth waste.

3. Cookies represent inverse economics:  It's the webserver which
   controls their size, but the client pays for the bandwidth.

4. This is not a cookie:



Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 22 June 2011 06:23:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:13:52 UTC