W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: FYI: Chrome plans to ship an implementation of same-site cookies.

From: David Morris <dwm@xpasc.com>
Date: Fri, 25 Mar 2016 09:40:46 -0700 (PDT)
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <alpine.LRH.2.01.1603250935000.13335@egate.xpasc.com>

What working code is called isn't really relavent in terms of RFC status.
The point of a standard is to get all implementors to do it an
interoperable fashion. Standards can originate outside of a WG. And as far
as I can recall, this WG hasn't rejected this work.

On Fri, 25 Mar 2016, Phil Lello wrote:

> Can I ask that the draft change the "Intended Status" to "Informational" -
> it seems to me that by being shipped in a full release rather than a beta,
> it reflects a standard defined outside the IETF processes.
>
> Best wishes,
>
> Phil Lello
>
> On Fri, Mar 25, 2016 at 9:35 AM, Mike West <mkwst@google.com> wrote:
>       Hello, HTTP WG folks who are interested in cookies. :)
> We've talked on and off about same-site cookies as a defense in depth
> against CSRF and related attacks; I think they're solidly enough
> defined to ship and let folks begin experimenting with. We plan on
> pushing them out the door in Chrome ~51, and I hear that folks at
> Mozilla are planning on beginning an implementation in Q2:
>
> Spec: https://tools.ietf.org/html/draft-west-first-party-cookies
> Intent toShip: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/csCt
> W3M3-wg
>
> There's a very slightly updated -07 that I'll upload once things open
> up again, but it doesn't contain any normative changes. Feedback on
> the existing text (or Chrome's implementation) would be much
> appreciated.
>
> -mike
>
>
>
>  
>
> ____________________________________________________________________________
>
> This email has been scanned for spam and viruses by Proofpoint Essentials
> cloud email security - click here to report this email as spam.
>
>
>
>
Received on Friday, 25 March 2016 16:41:19 UTC

This archive was generated by hypermail 2.3.1 : Friday, 25 March 2016 16:41:22 UTC