Source
Automatically imported from: http://commons.somewhere.com:80/rre/2000/RRE.IETF.issues.RFC.on.c.html
Content
| | | | --- | --- | | Red Rock Eater Digest | Most Recent Article: Fri, 15 Dec 2000 |
``` [Heavily reformatted.]
---
This message was forwarded through the Red Rock Eater News Service (RRE). You are welcome to send the message along to others but please do not use the "redirect" option. For information about RRE, including instructions for (un)subscribing, see http://dlis.gseis.ucla.edu/people/pagre/rre.html
---
Date: Sun, 22 Oct 2000 12:35:27 +1100
From: Roger Clarke
I've revised the last part of my Cookies page (which has by now accumulated 50-60,000 hits), in order to reflect the vital new RFCs that have just been released. See:
http://www.anu.edu.au/people/Roger.Clarke/II/Cookies.html#Dev
Cookies were an innovation of Netscape's sometime in 1995. They were apparently supported by Netscape Navigator 1.0 (but nobody realised), but began to be used when Netscape 2.0 was released, even though they weren't formally documented. In short, an intrusive enhancement to the web was slipped in surreptitiously.
Most of us who were active in Internet and web policy matters only became aware of the existence of cookies in mid-February 1996. Public concerns rose rapidly, for the very good reasons outlined in this document. Shortly afterwards, in February 1997, a more general mechanism to support state-maintenance was proposed as
ftp://ftp.isi.edu/in-notes/rfc2109.txt RFC 2109 'HTTP State Management Mechanism' (by Dave Kristol of Bell Labs and Lou Montulli, then of Netscape).
Dave had to fight a long, slow battle to get the need for a responsible cookie-architecture onto IETF's agenda. Despite my raising it directly with Tim Berners-Lee, W3C avoided the matter entirely, reflecting the increasing constraints on its freedom of action arising from it desire to avoid upsetting its corporate sponsors.
At last, Dave's efforts paid dividends. The revised document was published in early October 2000, as
ftp://ftp.isi.edu/in-notes/rfc2965.txt RFC2965 'HTTP State Management Mechanism' (25 pp., by Dave Kristol, Bell Labs and Lou Montulli, now of Epinions.com).
* It's now up to all of us to put pressure on IETF and W3C to adopt the formal proposal; and on all web-server and web-browser providers to implement cookies in the responsible manner proposed. *
In addition, the concerns about the existing cookie mechanism were addressed in
ftp://ftp.isi.edu/in-notes/rfc2964.txt RFC2964 'Use of HTTP State Management' (7 pp., by K. Moore, University of Tennessee and N. Freed, Innosoft).
I've not yet assessed those RFCs against the consumer requirements laid out in this document; but it was developed with many of the problems in mind. I hope to get an assessment up in this location some time soon.
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/
Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6249 3666 ```
| | | --- | | ProcessTree Network TM For-pay Internet distributed processing. | | Advertising helps support hosting Red Rock Eater Digest @ The Commons. Advertisers are not associated with the list owner. If you have any comments about the advertising, please direct them to the Webmaster @ The Commons. |