2004/id/draft-ietf-http-state-mgmt-errata-00.txt



HTTP Working Group                                      David M. Kristol
INTERNET DRAFT                    Bell Laboratories, Lucent Technologies
<draft-ietf-http-state-mgmt-errata-00.txt>
February 3, 1997                                  Expires August 3, 1997


                HTTP State Management Mechanism (Errata)


                          Status of this Memo

     This document is an Internet-Draft.  Internet-Drafts are
     working documents of the Internet Engineering Task Force
     (IETF), its areas, and its working groups.  Note that other
     groups may also distribute working documents as Internet-
     Drafts.

     Internet-Drafts are draft documents valid for a maximum of six
     months and may be updated, replaced, or obsoleted by other
     documents at any time.  It is inappropriate to use Internet-
     Drafts as reference material or to cite them other than as
     ``work in progress.''

     To learn the current status of any Internet-Draft, please
     check the ``1id-abstracts.txt'' listing contained in the
     Internet- Drafts Shadow Directories on ftp.is.co.za (Africa),
     nic.nordu.net (Europe), munnari.oz.au (Pacific Rim),
     ds.internic.net (US East Coast), or ftp.isi.edu (US West
     Coast).

     This is author's draft 1.9.


1.  ABSTRACT

This document contains miscellaneous small wording changes and
clarifications to draft-ietf-http-state-mgmt-05, the HTTP State
Management Mechanism draft.


2.  PROPOSED CHANGES

Changes are referenced to the sections in the original document.  New or
changed text is shown in []'s.

4.2.2 Set-Cookie Syntax
     Under the heading: Comment=comment:

     ``Optional.  Because cookies can contain private information about
     a user, the [Comment] attribute allows an origin server to document
     its intended use of a cookie....''

     Under the heading: Secure:


Kristol         draft-ietf-http-state-mgmt-errata-00.txt        [Page 1]


INTERNET DRAFT  HTTP State Management Mechanism (Errata)February 3, 1997


     ``Optional.  The Secure attribute (with no value) directs the user
     agent to use only (unspecified) secure means to contact the origin
     server whenever it sends back this cookie[, to protect the
     confidentially and authenticity of the information in the
     cookie].''

4.2.3  Controlling Caching

     The directive max-age=0 is necessary in the Cache-Control header to
     force revalidation.  Therefore, two example headers must change.

     The example header in the second bullet should read Cache-Control:
     must-revalidate[, max-age=0].

     The example header in the third bullet should read Cache-Control:
     proxy-revalidate[, max-age=0].

4.3.2  Rejecting Cookies
     ``To prevent possible security or privacy violations, a user agent
     rejects a cookie (shall not store its information) if any of the
     following is true [of the attributes explicitly present in the
     Set-Cookie response header]:...''

10.2 Compatibility with Microsoft's Implementation
     [Insert new section between current sections 10.1 and 10.2.]

     ``Microsoft Internet Explorer (MSIE) Version 3 and earlier will
     fail to handle some cookies that use this specification.  For
     example, if a server sends the following response header to MSIE V3
     (omitting the line breaks):

     Set-cookie: xx="1=2&3-4";
         Comment="blah";
         Version=1; Max-Age=15552000; Path=/;
         Expires=Sun, 27 Apr 1997 01:16:23 GMT

     then MSIE V3 will send something like the following request header
     next time:

         Cookie: Max-Age=15552000

     instead of the correct

         Cookie: xx="1=2&3-4"

     In other words, MSIE sends back the wrong cookie name and value.''


Kristol         draft-ietf-http-state-mgmt-errata-00.txt        [Page 2]


INTERNET DRAFT  HTTP State Management Mechanism (Errata)February 3, 1997


3.  ACKNOWLEDGEMENTS

The following people identified problems and/or suggested improvements
in draft-ietf-http-state-mgmt-05: Anselm Baird Smith (reported by Koen
Holtman), Jason Catlett, Martijn Koster (reported by Koen Holtman),
Raymie Stata.


4.  AUTHOR'S ADDRESS

David M. Kristol
Bell Laboratories, Lucent Technologies
600 Mountain Ave.  Room 2A-227
Murray Hill, NJ  07974

Phone: (908) 582-2250
FAX: (908) 582-5809
Email: dmk@bell-labs.com


                                                  Expires August 3, 1997


Kristol         draft-ietf-http-state-mgmt-errata-00.txt        [Page 3]


1	wakaba	1.1
2
3			HTTP Working Group David M. Kristol
4			INTERNET DRAFT Bell Laboratories, Lucent Technologies
5			<draft-ietf-http-state-mgmt-errata-00.txt>
6			February 3, 1997 Expires August 3, 1997
7
8
9			HTTP State Management Mechanism (Errata)
10
11
12
13			Status of this Memo
14
15			This document is an Internet-Draft. Internet-Drafts are
16			working documents of the Internet Engineering Task Force
17			(IETF), its areas, and its working groups. Note that other
18			groups may also distribute working documents as Internet-
19			Drafts.
20
21			Internet-Drafts are draft documents valid for a maximum of six
22			months and may be updated, replaced, or obsoleted by other
23			documents at any time. It is inappropriate to use Internet-
24			Drafts as reference material or to cite them other than as
25			``work in progress.''
26
27			To learn the current status of any Internet-Draft, please
28			check the ``1id-abstracts.txt'' listing contained in the
29			Internet- Drafts Shadow Directories on ftp.is.co.za (Africa),
30			nic.nordu.net (Europe), munnari.oz.au (Pacific Rim),
31			ds.internic.net (US East Coast), or ftp.isi.edu (US West
32			Coast).
33
34			This is author's draft 1.9.
35
36
37			1. ABSTRACT
38
39			This document contains miscellaneous small wording changes and
40			clarifications to draft-ietf-http-state-mgmt-05, the HTTP State
41			Management Mechanism draft.
42
43
44			2. PROPOSED CHANGES
45
46			Changes are referenced to the sections in the original document. New or
47			changed text is shown in []'s.
48
49			4.2.2 Set-Cookie Syntax
50			Under the heading: Comment=comment:
51
52			``Optional. Because cookies can contain private information about
53			a user, the [Comment] attribute allows an origin server to document
54			its intended use of a cookie....''
55
56			Under the heading: Secure:
57
58
59
60
61
62			Kristol draft-ietf-http-state-mgmt-errata-00.txt [Page 1]
63
64
65
66
67
68
69
70			INTERNET DRAFT HTTP State Management Mechanism (Errata)February 3, 1997
71
72
73
74			``Optional. The Secure attribute (with no value) directs the user
75			agent to use only (unspecified) secure means to contact the origin
76			server whenever it sends back this cookie[, to protect the
77			confidentially and authenticity of the information in the
78			cookie].''
79
80			4.2.3 Controlling Caching
81
82			The directive max-age=0 is necessary in the Cache-Control header to
83			force revalidation. Therefore, two example headers must change.
84
85			The example header in the second bullet should read Cache-Control:
86			must-revalidate[, max-age=0].
87
88			The example header in the third bullet should read Cache-Control:
89			proxy-revalidate[, max-age=0].
90
91			4.3.2 Rejecting Cookies
92			``To prevent possible security or privacy violations, a user agent
93			rejects a cookie (shall not store its information) if any of the
94			following is true [of the attributes explicitly present in the
95			Set-Cookie response header]:...''
96
97			10.2 Compatibility with Microsoft's Implementation
98			[Insert new section between current sections 10.1 and 10.2.]
99
100			``Microsoft Internet Explorer (MSIE) Version 3 and earlier will
101			fail to handle some cookies that use this specification. For
102			example, if a server sends the following response header to MSIE V3
103			(omitting the line breaks):
104
105			Set-cookie: xx="1=2&3-4";
106			Comment="blah";
107			Version=1; Max-Age=15552000; Path=/;
108			Expires=Sun, 27 Apr 1997 01:16:23 GMT
109
110			then MSIE V3 will send something like the following request header
111			next time:
112
113			Cookie: Max-Age=15552000
114
115			instead of the correct
116
117			Cookie: xx="1=2&3-4"
118
119			In other words, MSIE sends back the wrong cookie name and value.''
120
121
122
123
124
125
126
127
128			Kristol draft-ietf-http-state-mgmt-errata-00.txt [Page 2]
129
130
131
132
133
134
135
136			INTERNET DRAFT HTTP State Management Mechanism (Errata)February 3, 1997
137
138
139
140			3. ACKNOWLEDGEMENTS
141
142			The following people identified problems and/or suggested improvements
143			in draft-ietf-http-state-mgmt-05: Anselm Baird Smith (reported by Koen
144			Holtman), Jason Catlett, Martijn Koster (reported by Koen Holtman),
145			Raymie Stata.
146
147
148			4. AUTHOR'S ADDRESS
149
150			David M. Kristol
151			Bell Laboratories, Lucent Technologies
152			600 Mountain Ave. Room 2A-227
153			Murray Hill, NJ 07974
154
155			Phone: (908) 582-2250
156			FAX: (908) 582-5809
157			Email: dmk@bell-labs.com
158
159
160
161
162			Expires August 3, 1997
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194			Kristol draft-ietf-http-state-mgmt-errata-00.txt [Page 3]
195
196
197
198