- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Sat, 13 Jul 2013 09:44:39 +0000
- To: Willy Tarreau <w@1wt.eu>
- cc: Mark Nottingham <mnot@mnot.net>, Sam Pullara <spullara@gmail.com>, James M Snell <jasnell@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
In message <20130713093134.GK32054@1wt.eu>, Willy Tarreau writes: >> >Not really in fact. While I tend to generally agree with the points >> >you make for scalability, this one does not scale. One of the big >> >benefits of cookies is that client is responsible for synchronizing >> >information between multiple servers *if needed*. >> >> Since when has a minor scalability issue for Big Companies >> become more important than end-users privacy ? > >Huh ? What end-user privacy issue do you see in having the DC and >server id in a cookie ? This is totally irrelevant. You should read up on why EU decided to go in and regulate cookie use, not everybody use them the way you seem to do: http://www.ico.org.uk/~/media/documents/library/Privacy_and_electronic/Practical_application/cookies_guidance_v3.pdf We can agree or disagree about the wisdom of the actual regulation enacted, but I think their rationale for why regulation was needed is pretty spot on: Cookies were being used to strip users of any resemblance of privacy. IETF and HTTPbis should grasp a clue from this, and make sure that in HTTP/2.0 Cookies are stored where they belong: In the server end, and that a session-concept, 100% under the users control is replacing it. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Saturday, 13 July 2013 09:45:02 UTC