Re: Secure cookies survey

-----BEGIN PGP SIGNED MESSAGE-----

Dave Kristol wrote:
> 
> Here's an inexact application survey:
> 
> Does anyone use, or know of an application that uses, cookies that are
> labeled "Secure"?
> 
> If not, I will consider simply removing "Secure" from the cookie spec.
> 

If by removing it, cookies set on secure connections would be returned
on insecure ones (given the removal of the port restrictions), I
think that would be bad. I know I have at least one application where
I would not want secure cookies sent insecurely, so they are marked
"Secure".

- -- 
Jeremey Barrett                                  VeriWeb Internet Corp.
Crypto, Ecash, Commerce Systems                 http://www.veriweb.com/
PGP key fingerprint =  3B 42 1E D4 4B 17 0D 80  DC 59 6F 59 04 C3 83 64

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMzGvAi/fy+vkqMxNAQFv0AP+NG98CkGWN5zjrC6AnaxZDKsZK1yV7gLk
BYqUsLg6VJ4h+x6GB4vpWgryvZL3+3nbr463z5bfcjJFao+ZkdhHqE2+zW06WIfa
/GWxxc03tdNpl8wtCYqKevnvvVmhN14CqXYc//+1clBWnRHinA9w+P17GQj7v+zz
aFovQ+7k+YA=
=7hQh
-----END PGP SIGNATURE-----

Received on Thursday, 20 March 1997 13:38:57 UTC