IETF issues RFC on cookies (fwd)

[Brent J. Nordquist]

---------- Forwarded message ----------
Date: Mon, 23 Oct 2000 22:30:57 -0400
From: Keith Dawson <dawson@world.std.com>
Subject: TBTF Log, week of 2000-10-15

TBTF Log, week of 2000-10-15

   This week's log entries:

   < http://tbtf.com/blog/2000-10-15.html >
__________________________________________________________________________

Saturday, 2000-10-21

++ IETF issues RFC on cookies
   11:49:14 PM

   A formal spec for the way cookies ought to behave, according to pri-
   vacy advocates, has just been issued by the Internet Engineering
   Task Force. See RFC2965 'HTTP State Management Mechanism' [1] (25
   pp., by Dave Kristol, Bell Labs and Lou Montulli, formerly of Net-
   scape, now of Epinions.com). Roger Clarke gives the historical back-
   ground here [2] -- explaining why it took so long to get a spec
   issued that considers user privacy from the get-go.

   David Chess wrote to point out the related RFC 2964 [3]:

     > The mechanisms described in "HTTP State Management Mechanism"
     > (RFC-2965), and its predecessor (RFC-2109), can be used for many
     > different purposes. However, some current and potential uses of
     > the protocol are controversial because they have significant user
     > privacy and security implications. This memo identifies specific
     > uses of Hypertext Transfer Protocol (HTTP) State Management pro-
     > tocol which are either (a) not recommended by the IETF, or (b)
     > believed to be harmful, and discouraged. This memo also details
     > additional privacy considerations which are not covered by the
     > HTTP State Management protocol specification. 

   [1]  ftp://ftp.isi.edu/in-notes/rfc2965.txt
   [2]  http://www.anu.edu.au/people/Roger.Clarke/II/Cookies.html#Dev
   [3]  ftp://ftp.isi.edu/in-notes/rfc2964.txt