W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: Calls for Adoption -- Cookie-Related Specifications

From: Willy Tarreau <w@1wt.eu>
Date: Tue, 22 Dec 2015 10:41:55 +0100
To: Mark Nottingham <mnot@mnot.net>
Cc: httpbis mailing list <ietf-http-wg@w3.org>
Message-ID: <20151222094155.GC8245@1wt.eu>
On Tue, Dec 22, 2015 at 05:18:39PM +1100, Mark Nottingham wrote:
> As discussed earlier <http://www.w3.org/mid/FAF2C2E8-0A6A-4C34-B4C4-57190AAE118D@mnot.net>, we are going to use a Call for Adoption process to assure that what we specify in terms of changes to Cookies -- if anything -- will actually get implemented.
> 
> Based on what we've talked about so far, I believe two specifications are ready for consideration:
> 
> * https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone-04
> * https://tools.ietf.org/html/draft-west-cookie-prefixes-05
> 
> So, please discuss on-list:
> 
> 1) Your intent to implement these specifications (or lack thereof). 
> 2) Your support for these specifications (or lack thereof).

As the main author of haproxy, I definitely support these drafts which
go in the right direction when it comes to securing cookies. In their
current state these drafts apparently don't affect how haproxy uses
cookies, though if updates are needed, we'll have to perform them.

The drafts are quite clear and still open to improvements. I think that
adopting them will help quickly reaching consensus on these proposals.

Regards,
Willy
Received on Tuesday, 22 December 2015 09:42:25 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC