- From: Yoav Nir <synp71@live.com>
- Date: Sun, 17 Nov 2013 16:20:05 +0200
- To: ietf-http-wg@w3.org
- Message-ID: <BLU0-SMTP11076688E4A442A8CCF6193B1E50@phx.gbl>
On 17/11/13 2:16 PM, Nicolas Mailhot wrote:
> 2. it's disingenuous to claim tackling pervasive surveillance when
> nothing is done for the cookie networks whose sole aim is pervasive
> surveillance and which *are* an http "feature" (unlike TLS which is
> being bolted on)
True, but all previous attempts to make cookies better have failed.
* The httpstate working group closed without standardizing "cake"
* Recent attempts to get websec to discuss next generation cookies
also failed to get people (especially browser vendors) interested.
Granted, the main aim of those attempts were to protect against cookie
stealing, but there was also a desire to change the rules of sending
cookies around.
I'm afraid, though, that we've come to expect web pages to have a bunch
of faces of all our facebook friends who "like"-ed this article, and you
need state sharing to get this to work.
Anyway, if you'd like to work on a new HTTP state mechanism with new
rules and have some idea how to get the content providers and social
networks to agree to work with it, you're welcome to propose a BoF. I
promise to hum in favor.
Yoav
Received on Sunday, 17 November 2013 14:20:38 UTC