2004/id/draft-ietf-http-state-mgmt-errata-00.txt



HTTP Working Group                                      David M. Kristol
INTERNET DRAFT                    Bell Laboratories, Lucent Technologies
<draft-ietf-http-state-mgmt-errata-00.txt>
February 3, 1997                                  Expires August 3, 1997


                HTTP State Management Mechanism (Errata)


                          Status of this Memo

     This document is an Internet-Draft.  Internet-Drafts are
     working documents of the Internet Engineering Task Force
     (IETF), its areas, and its working groups.  Note that other
     groups may also distribute working documents as Internet-
     Drafts.

     Internet-Drafts are draft documents valid for a maximum of six
     months and may be updated, replaced, or obsoleted by other
     documents at any time.  It is inappropriate to use Internet-
     Drafts as reference material or to cite them other than as
     ``work in progress.''

     To learn the current status of any Internet-Draft, please
     check the ``1id-abstracts.txt'' listing contained in the
     Internet- Drafts Shadow Directories on ftp.is.co.za (Africa),
     nic.nordu.net (Europe), munnari.oz.au (Pacific Rim),
     ds.internic.net (US East Coast), or ftp.isi.edu (US West
     Coast).

     This is author's draft 1.9.


1.  ABSTRACT

This document contains miscellaneous small wording changes and
clarifications to draft-ietf-http-state-mgmt-05, the HTTP State
Management Mechanism draft.


2.  PROPOSED CHANGES

Changes are referenced to the sections in the original document.  New or
changed text is shown in []'s.

4.2.2 Set-Cookie Syntax
     Under the heading: Comment=comment:

     ``Optional.  Because cookies can contain private information about
     a user, the [Comment] attribute allows an origin server to document
     its intended use of a cookie....''

     Under the heading: Secure:


Kristol         draft-ietf-http-state-mgmt-errata-00.txt        [Page 1]


INTERNET DRAFT  HTTP State Management Mechanism (Errata)February 3, 1997


     ``Optional.  The Secure attribute (with no value) directs the user
     agent to use only (unspecified) secure means to contact the origin
     server whenever it sends back this cookie[, to protect the
     confidentially and authenticity of the information in the
     cookie].''

4.2.3  Controlling Caching

     The directive max-age=0 is necessary in the Cache-Control header to
     force revalidation.  Therefore, two example headers must change.

     The example header in the second bullet should read Cache-Control:
     must-revalidate[, max-age=0].

     The example header in the third bullet should read Cache-Control:
     proxy-revalidate[, max-age=0].

4.3.2  Rejecting Cookies
     ``To prevent possible security or privacy violations, a user agent
     rejects a cookie (shall not store its information) if any of the
     following is true [of the attributes explicitly present in the
     Set-Cookie response header]:...''

10.2 Compatibility with Microsoft's Implementation
     [Insert new section between current sections 10.1 and 10.2.]

     ``Microsoft Internet Explorer (MSIE) Version 3 and earlier will
     fail to handle some cookies that use this specification.  For
     example, if a server sends the following response header to MSIE V3
     (omitting the line breaks):

     Set-cookie: xx="1=2&3-4";
         Comment="blah";
         Version=1; Max-Age=15552000; Path=/;
         Expires=Sun, 27 Apr 1997 01:16:23 GMT

     then MSIE V3 will send something like the following request header
     next time:

         Cookie: Max-Age=15552000

     instead of the correct

         Cookie: xx="1=2&3-4"

     In other words, MSIE sends back the wrong cookie name and value.''


Kristol         draft-ietf-http-state-mgmt-errata-00.txt        [Page 2]


INTERNET DRAFT  HTTP State Management Mechanism (Errata)February 3, 1997


3.  ACKNOWLEDGEMENTS

The following people identified problems and/or suggested improvements
in draft-ietf-http-state-mgmt-05: Anselm Baird Smith (reported by Koen
Holtman), Jason Catlett, Martijn Koster (reported by Koen Holtman),
Raymie Stata.


4.  AUTHOR'S ADDRESS

David M. Kristol
Bell Laboratories, Lucent Technologies
600 Mountain Ave.  Room 2A-227
Murray Hill, NJ  07974

Phone: (908) 582-2250
FAX: (908) 582-5809
Email: dmk@bell-labs.com


                                                  Expires August 3, 1997


Kristol         draft-ietf-http-state-mgmt-errata-00.txt        [Page 3]


1
2
3	HTTP Working Group David M. Kristol
4	INTERNET DRAFT Bell Laboratories, Lucent Technologies
5	<draft-ietf-http-state-mgmt-errata-00.txt>
6	February 3, 1997 Expires August 3, 1997
7
8
9	HTTP State Management Mechanism (Errata)
10
11
12
13	Status of this Memo
14
15	This document is an Internet-Draft. Internet-Drafts are
16	working documents of the Internet Engineering Task Force
17	(IETF), its areas, and its working groups. Note that other
18	groups may also distribute working documents as Internet-
19	Drafts.
20
21	Internet-Drafts are draft documents valid for a maximum of six
22	months and may be updated, replaced, or obsoleted by other
23	documents at any time. It is inappropriate to use Internet-
24	Drafts as reference material or to cite them other than as
25	``work in progress.''
26
27	To learn the current status of any Internet-Draft, please
28	check the ``1id-abstracts.txt'' listing contained in the
29	Internet- Drafts Shadow Directories on ftp.is.co.za (Africa),
30	nic.nordu.net (Europe), munnari.oz.au (Pacific Rim),
31	ds.internic.net (US East Coast), or ftp.isi.edu (US West
32	Coast).
33
34	This is author's draft 1.9.
35
36
37	1. ABSTRACT
38
39	This document contains miscellaneous small wording changes and
40	clarifications to draft-ietf-http-state-mgmt-05, the HTTP State
41	Management Mechanism draft.
42
43
44	2. PROPOSED CHANGES
45
46	Changes are referenced to the sections in the original document. New or
47	changed text is shown in []'s.
48
49	4.2.2 Set-Cookie Syntax
50	Under the heading: Comment=comment:
51
52	``Optional. Because cookies can contain private information about
53	a user, the [Comment] attribute allows an origin server to document
54	its intended use of a cookie....''
55
56	Under the heading: Secure:
57
58
59
60
61
62	Kristol draft-ietf-http-state-mgmt-errata-00.txt [Page 1]
63
64
65
66
67
68
69
70	INTERNET DRAFT HTTP State Management Mechanism (Errata)February 3, 1997
71
72
73
74	``Optional. The Secure attribute (with no value) directs the user
75	agent to use only (unspecified) secure means to contact the origin
76	server whenever it sends back this cookie[, to protect the
77	confidentially and authenticity of the information in the
78	cookie].''
79
80	4.2.3 Controlling Caching
81
82	The directive max-age=0 is necessary in the Cache-Control header to
83	force revalidation. Therefore, two example headers must change.
84
85	The example header in the second bullet should read Cache-Control:
86	must-revalidate[, max-age=0].
87
88	The example header in the third bullet should read Cache-Control:
89	proxy-revalidate[, max-age=0].
90
91	4.3.2 Rejecting Cookies
92	``To prevent possible security or privacy violations, a user agent
93	rejects a cookie (shall not store its information) if any of the
94	following is true [of the attributes explicitly present in the
95	Set-Cookie response header]:...''
96
97	10.2 Compatibility with Microsoft's Implementation
98	[Insert new section between current sections 10.1 and 10.2.]
99
100	``Microsoft Internet Explorer (MSIE) Version 3 and earlier will
101	fail to handle some cookies that use this specification. For
102	example, if a server sends the following response header to MSIE V3
103	(omitting the line breaks):
104
105	Set-cookie: xx="1=2&3-4";
106	Comment="blah";
107	Version=1; Max-Age=15552000; Path=/;
108	Expires=Sun, 27 Apr 1997 01:16:23 GMT
109
110	then MSIE V3 will send something like the following request header
111	next time:
112
113	Cookie: Max-Age=15552000
114
115	instead of the correct
116
117	Cookie: xx="1=2&3-4"
118
119	In other words, MSIE sends back the wrong cookie name and value.''
120
121
122
123
124
125
126
127
128	Kristol draft-ietf-http-state-mgmt-errata-00.txt [Page 2]
129
130
131
132
133
134
135
136	INTERNET DRAFT HTTP State Management Mechanism (Errata)February 3, 1997
137
138
139
140	3. ACKNOWLEDGEMENTS
141
142	The following people identified problems and/or suggested improvements
143	in draft-ietf-http-state-mgmt-05: Anselm Baird Smith (reported by Koen
144	Holtman), Jason Catlett, Martijn Koster (reported by Koen Holtman),
145	Raymie Stata.
146
147
148	4. AUTHOR'S ADDRESS
149
150	David M. Kristol
151	Bell Laboratories, Lucent Technologies
152	600 Mountain Ave. Room 2A-227
153	Murray Hill, NJ 07974
154
155	Phone: (908) 582-2250
156	FAX: (908) 582-5809
157	Email: dmk@bell-labs.com
158
159
160
161
162	Expires August 3, 1997
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194	Kristol draft-ietf-http-state-mgmt-errata-00.txt [Page 3]
195
196
197
198