W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: HTTP router point-of-view concerns

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Sat, 13 Jul 2013 09:44:39 +0000
To: Willy Tarreau <w@1wt.eu>
cc: Mark Nottingham <mnot@mnot.net>, Sam Pullara <spullara@gmail.com>, James M Snell <jasnell@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <5562.1373708679@critter.freebsd.dk>
In message <20130713093134.GK32054@1wt.eu>, Willy Tarreau writes:

>> >Not really in fact. While I tend to generally agree with the points
>> >you make for scalability, this one does not scale. One of the big
>> >benefits of cookies is that client is responsible for synchronizing
>> >information between multiple servers *if needed*. 
>> Since when has a minor scalability issue for Big Companies
>> become more important than end-users privacy ?
>Huh ? What end-user privacy issue do you see in having the DC and
>server id in a cookie ? This is totally irrelevant.

You should read up on why EU decided to go in and regulate cookie
use, not everybody use them the way you seem to do:


We can agree or disagree about the wisdom of the actual regulation
enacted, but I think their rationale for why regulation was needed
is pretty spot on:  Cookies were being used to strip users of
any resemblance of privacy.

IETF and HTTPbis should grasp a clue from this, and make sure that
in HTTP/2.0 Cookies are stored where they belong:  In the server
end, and that a session-concept, 100% under the users control
is replacing it.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Saturday, 13 July 2013 09:45:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC