W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: HTTP router point-of-view concerns

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Fri, 19 Jul 2013 17:22:14 +0000
To: Nico Williams <nico@cryptonector.com>
cc: Mark Nottingham <mnot@mnot.net>, Sam Pullara <spullara@gmail.com>, James M Snell <jasnell@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <6633.1374254534@critter.freebsd.dk>
In message <CAK3OfOiRTw9CMVw88eW1G95t0hx0ZfGitHw2Co4bV-fN2dnv7g@mail.gmail.com>
, Nico Williams writes:
>On Fri, Jul 12, 2013 at 6:44 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
>> I have given a concrete example multiple times, it's very simple:
>
>So you think all session state should always be stored on the server, period?
>
>It's hard to disagree, but I was under the impression that many
>services need to be stateless (storing session state in encrypted
>cookies) for various reasons.

In the post-EU-regulation, post-PRISM-world, "various reasons" need
to be "Very Good Reasons" for this practice to continue.


-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 19 July 2013 17:22:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC