- From: Steven Bingler <bingler@chromium.org>
- Date: Mon, 10 Nov 2025 14:00:42 -0500
- To: Claudio Allocchio <Claudio.Allocchio@garr.it>
- Cc: art@ietf.org, draft-ietf-httpbis-rfc6265bis.all@ietf.org, ietf-http-wg@w3.org, last-call@ietf.org
Hi Claudio,
It sounds like I can consider the issue resolved.
> * security and privacy
Section 8 was expanded quite a bit with SameSite and its
considerations. The other considerations are still valid and I don't
believe they warrant a change.
> update the reference for MAY, SHALL, MUST... to the latest version :-)
Done
Thanks again for your review,
- Steven
On Fri, Nov 7, 2025 at 4:43 PM Claudio Allocchio
<Claudio.Allocchio@garr.it> wrote:
>
>
>
> Hi Steven,
>
> reading your responses below is enough as explanatio to my litte worries
> about the definition.
>
> and also sorry on my side... too much travel in the past weeks.
>
>
> On Fri, 7 Nov 2025, Steven Bingler wrote:
>
> > Hi Claudio,
> >
> > Following up on this.
> >
> > Thanks,
> > - Steven
> >
> > On Fri, Oct 10, 2025 at 7:46 PM Steven Bingler <bingler@chromium.org> wrote:
> >>
> >> Hello Claudio,
> >>
> >> Thank you for your review and apologies for my late response. I had to
> >> take a hiatus.
> >>
> >>> * it is always quite complex to handle syntax when we engage parsing white
> >>> spaces. Along the document the handling is specified in details in many
> >>> sections; however, given cookies content often uses "natural language style"
> >>> (if I may say so), the issue on how and where to ignore white spaces may lead
> >>> to ambiguity: how to we parse something like
> >>
> >> Would you mind elaborating on what you find ambiguous? Perhaps I can't
> >> see the forest for the trees.
> >>
> >> Regarding how weird whitespace cookies should be handled:
> >>
> >> The well behaved server profile (Section 4) doesn't allow cookies such as
> >> Set-Cookie: ? e x a m p l e ;
> >> Because whitespace is disallowed for the cookie-name and cookie-value.
> >>
> >> Section 5, the UA behavior, does accept such a cookie and handles as follows:
> >>
> >> Section 5.6
> >>> 2. If the set-cookie-string contains a %x3B (";") character...
> >>
> >>> 2.1 The name-value-pair string consists of the characters up to, but not including, the first %x3B
> >>
> >> Resulting in "? e x a m p l e "
> >>
> >>> 3. If the name-value-pair string lacks a %x3D ("=") character, then the name string is empty, and the value string is the value of name-value-pair.
> >>
> >> Resulting in
> >> Name: ""
> >> Value: "? e x a m p l e "
> >>
> >>> 4. Remove any leading or trailing WSP characters from the name string and the value string.
> >>
> >> Finally resulting in
> >> Name: ""
> >> Value: "? e x a m p l e"
> >>
> >> A bit complicated perhaps, but seems straightforward to me. Happy to
> >> take another look if you're able to point to some specifics.
> >>
> >> Thanks,
> >> - Steven
> >
> > _______________________________________________
> > art mailing list -- art@ietf.org
> > To unsubscribe send an email to art-leave@ietf.org
> >
>
> ------------------------------------------------------------------------------
> Claudio Allocchio G A R R Claudio.Allocchio@garr.it
> Senior Manager and Advisor
> tel: +39 040 3758523 Italian Academic and G=Claudio; S=Allocchio;
> fax: +39 040 3758565 Research Network P=garr; A=garr; C=it;
>
> PGP Key: https://www.cert.garr.it/servizi/informazioni-su-pgp-keys
Received on Monday, 10 November 2025 19:00:58 UTC