- From: Dave Kristol <dmk-http@kristol.org>
- Date: Wed, 4 Dec 2024 10:05:01 -0500
- To: HTTP Working Group <ietf-http-wg@w3.org>
Hi, folks Willy Tarreau <w@1wt.eu> wrote: > The only way to fix cookies is to gain > adoption, and for this, a new specification must offer some convenience > to application developers. As the (now-retired) co-author of RFC 2109 and RFC 2965, I hesitate to jump into the cookie specification discussion after all these years. Let me point you to some history, if you're interested: "HTTP Cookies: Standards, Privacy, and Politics" (<https://arxiv.org/abs/cs/0105018>) from 2001. It might be helpful to avoid repeating history or past mistakes. We are approaching 30 years since Netscape first introduced cookies. It would be appealing to write a "clean slate" specification that solved all the known problems. However, introducing a new standard will not solve the interoperability problem, because there's an extensive base of legacy software. This was true even back in 2000 when we tried to find a way to reconcile the few implementations that existed then. We considered and rejected a "clean slate" specification then. Dave Kristol
Received on Wednesday, 4 December 2024 21:29:19 UTC