W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: FYI: Chrome plans to ship an implementation of same-site cookies.

From: Phil Lello <phil@dunlop-lello.uk>
Date: Fri, 25 Mar 2016 16:07:56 +0000
Message-ID: <CAPofZaFnsk0RsAcbAo-oMvYLXMq+9f3r7WCat2NAPk_VR=6Ouw@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Mark Goodwin <mgoodwin@mozilla.com>
Can I ask that the draft change the "Intended Status" to "Informational" -
it seems to me that by being shipped in a full release rather than a beta,
it reflects a standard defined outside the IETF processes.

Best wishes,

Phil Lello

On Fri, Mar 25, 2016 at 9:35 AM, Mike West <mkwst@google.com> wrote:

> Hello, HTTP WG folks who are interested in cookies. :)
>
> We've talked on and off about same-site cookies as a defense in depth
> against CSRF and related attacks; I think they're solidly enough defined to
> ship and let folks begin experimenting with. We plan on pushing them out
> the door in Chrome ~51, and I hear that folks at Mozilla are planning on
> beginning an implementation in Q2:
>
> Spec: https://tools.ietf.org/html/draft-west-first-party-cookies
>
> Intent to Ship:
> https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/csCtW3M3-wg
>
> There's a very slightly updated -07 that I'll upload once things open up
> again, but it doesn't contain any normative changes. Feedback on the
> existing text (or Chrome's implementation) would be much appreciated.
>
> -mike
>
Received on Friday, 25 March 2016 16:08:28 UTC

This archive was generated by hypermail 2.3.1 : Friday, 25 March 2016 16:08:31 UTC