- From: Yoav Nir <ynir.ietf@gmail.com>
- Date: Fri, 25 Sep 2015 12:56:21 +0300
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Amos Jeffries <squid3@treenet.co.nz>, Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
> On Sep 25, 2015, at 12:18 PM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > > -------- > In message <5603745A.7020509@treenet.co.nz>, Amos Jeffries writes: > >> Ah. Sorry I seem to have misunderstood yoru meaning of "provides the >> proof that a server needs to regard the entire session to be authentic" >> to mean the cert was connection-wide. > > I would like to remind people that, contrary to widespread assumptions, > HTTP doesn't have "sessions". > > Sessions are typically implemented by mistaking (groups of) connections > for a session, or by means of opaque unstandardized cookies. Why do you call cookies unstandardized? Yoav
Received on Friday, 25 September 2015 09:56:57 UTC