I-D Action: draft-vyncke-v6ops-happy-eyeballs-cookie-01.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A New Internet-Draft is available from the on-line Internet-Drafts directories.


        Title           : HTTP State Management Mechanisms with Multiple Addresses User Agents
        Author          : Eric Vyncke
	Filename        : draft-vyncke-v6ops-happy-eyeballs-cookie-01.txt
	Pages           : 7
	Date            : 2015-03-05

Abstract:
   HTTP servers usually save session states in their persistent storage
   indexed by session cookies generated by the HTTP servers.  It is up
   to the HTTP user-agent to send this session cookie on each HTTP
   request.  Some HTTP servers check whether the cookie is associated
   with the HTTP user-agent by the means of the user-agent IP address.
   Everything linking a state to an IP address (such as OAuth access
   code) to an IP address has the same issue.

   If the Happy Eyeball mechanism is used to select between IPv6 and
   IPv4, it may happen that while using the same HTTP server, some HTTP
   requests are done over IPv6 and the others over IPv4, which leads to
   two different sets of session states in the HTTP server.  This has
   the consequence of inconsistencies at the HTTP server.

   The only purpose of this document is to document this issue in more
   details than in section 8.2 of RFC 6883 including security
   considerations and mitigations.

   A similar problem arises with the use of non RFC 6888 compliant
   Carrier-Grade NAT (CGN) devices used to access an IPv4-only HTTP
   server or HTTP user-agent using multi-homing.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-vyncke-v6ops-happy-eyeballs-cookie/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-vyncke-v6ops-happy-eyeballs-cookie-01

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-vyncke-v6ops-happy-eyeballs-cookie-01


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux