W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: draft-west-leave-secure-cookies-alone

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 22 Oct 2015 09:56:45 -0700
Message-ID: <CABkgnnXC+zQdkQC5MgY7xBYqhLETfoPiEN5G6Dv3F=_FQ+2h=A@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Willy Tarreau <w@1wt.eu>, HTTP Working Group <ietf-http-wg@w3.org>
On 22 October 2015 at 04:26, Mike West <mkwst@google.com> wrote:
> I think we can mitigate the impact by rolling this kind of change out
> in a somewhat coordinated fashion, and announcing it beforehand. The
> current cipher-suite deprecations seem like a reasonable model to
> follow.

I had hoped that would wouldn't need to resort to that.  Of course, if
we can agree to do so, then I'm all over it.

At less than 0.05% I think that I could probably tolerate breakage.
Received on Thursday, 22 October 2015 16:57:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC