W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

draft-west-cookie-prefixes-05 comments

From: Eitan Adler <lists@eitanadler.com>
Date: Wed, 2 Dec 2015 19:49:43 -0500
Message-ID: <CAF6rxgnepcmCy+QHJS5_AkG4qednS3vbLzD60y+NgjASevdNwA@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>, Mike West <mkwst@google.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 12 November 2015 at 19:16, Mark Nottingham <mnot@mnot.net> wrote:
> As discussed in Yokohama, we have several proposals for modifying RFC6265 ('Cookies'), including:
>  - https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone
>  - https://tools.ietf.org/html/draft-west-cookie-prefixes
>  - https://tools.ietf.org/html/draft-west-first-party-cookies
>  - https://tools.ietf.org/html/draft-west-origin-cookies


I have some comments about the draft-west-cookie-prefixes-05 draft:

The syntax is ugly, but extensible without having to introduce
additional extension points.  I'm concerned about the use of __ for both
regular cookies and special handling cookies (such as __host and __secure).

I'd like to see the prefix changed to one which it can be specified
that conformant implementations MUST NOT use a prefix other other than
those defined by an RFC.

Perhaps __-SECURE and __-HOST can be used? note the additional "-"

Eitan Adler
Received on Thursday, 3 December 2015 00:50:45 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC