Re: Revising RFC6265 ("Cookies")

On Fri, 13 Nov 2015, Mark Nottingham wrote:

> * Our Area Director generally supports us taking on work on this specification.

I'm very positive to this!

> * Many have argued that RFC6265 was more successful than previous efforts 
> because it restricted itself to documenting current behaviours, rather than 
> speculatively adopting what seems like "good ideas" at the time.

I would agree. Writing down how the world looks is much easier than trying to 
agree on a way how it should be improved. Even though I'll also admit that I 
"lost" a few struggles in that spec on how to describe the current world. =)

Let me also just state some obvious facts about cookies from my perspective.

The by far the biggest challange with changing cookies is that the 
server-sides are very very disparate and have been re-implemented over and 
over again by thousands of developers. It is not an as homogeneous world as it 
is on the client-side where there's a smallish set (in the dozens range or so) 
of clients and libraries that cover a large portion of the users.

Thus, changing cookies is much more work in the server side in lots of custom 
written implementations. Work in this group or in the IETF in general has a 
problem to reach those server side developers.

To me, the most sensible way forward is to change cookies in a way that the 
existing server implementations keep working (mostly) the same and only 
introduce changes that will make cookies better for the ones that adopt the 
news. That will then also avoid us having browsers break popular lagacy sites 
to adopt the new cookie ways.

-- 

  / daniel.haxx.se

Received on Friday, 13 November 2015 08:02:11 UTC