W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Re: Secure cookies survey

From: Jeremey Barrett <jeremey@veriweb.com>
Date: Thu, 20 Mar 1997 13:41:00 -0800
Message-Id: <3331AEEC.2BFD2A5A@veriweb.com>
To: Dave Kristol <dmk@research.bell-labs.com>
Cc: http-wg@cuckoo.hpl.hp.com
-----BEGIN PGP SIGNED MESSAGE-----

Dave Kristol wrote:
> 
> Here's an inexact application survey:
> 
> Does anyone use, or know of an application that uses, cookies that are
> labeled "Secure"?
> 
> If not, I will consider simply removing "Secure" from the cookie spec.
> 

If by removing it, cookies set on secure connections would be returned
on insecure ones (given the removal of the port restrictions), I
think that would be bad. I know I have at least one application where
I would not want secure cookies sent insecurely, so they are marked
"Secure".

- -- 
Jeremey Barrett                                  VeriWeb Internet Corp.
Crypto, Ecash, Commerce Systems                 http://www.veriweb.com/
PGP key fingerprint =  3B 42 1E D4 4B 17 0D 80  DC 59 6F 59 04 C3 83 64

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMzGvAi/fy+vkqMxNAQFv0AP+NG98CkGWN5zjrC6AnaxZDKsZK1yV7gLk
BYqUsLg6VJ4h+x6GB4vpWgryvZL3+3nbr463z5bfcjJFao+ZkdhHqE2+zW06WIfa
/GWxxc03tdNpl8wtCYqKevnvvVmhN14CqXYc//+1clBWnRHinA9w+P17GQj7v+zz
aFovQ+7k+YA=
=7hQh
-----END PGP SIGNATURE-----
Received on Thursday, 20 March 1997 13:38:57 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:32 EDT