Re: [w3ctag/design-reviews] Deprecating nonsecure cookie delivery. (#239)

Thanks, @martinthomson!

> I'm a little concerned about the effect on the integrity of cookies as a set by this sort of change though.

This is my biggest concern with the proposal, and I agree it's something to be worried about. We'd end up breaking off a piece of a site's configuration, putting it into a state it doesn't expect. My intuition is that this is a low practical risk, but it's a very real concern. I don't think it's one that's terrible amenable to intuitions, though: my aim is to run some experiments in Chrome to verify that this approach is as deployable as I hope it will be.

> Rotating the value as a way to avoid this eviction might undermine the intent. A tracker only needs to periodically flip an insignificant bit to avoid eviction.

Over time, I'd hope that the goal would be to bring the lifetime down significantly. Flipping a bit once a year is trivial to do invisibly. Flipping a bit daily is less trivially invisible.

> As a defense against pervasive monitoring, this might overstate things a little. This method is only effective if you can synchronize evictions across all cleartext activity.

As long as folks are still signed-in over HTTP, it's going to be very difficult indeed to substantially mitigate pervasive monitoring. A not-so-secret goal here is to put pressure on not-so-pervasive monitoring programs like advertising networks in order to reduce their impact on developers' ability to migrate to encrypted transport, on the one hand, and to put pressure on sign-in systems on the other for the same reasons.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/239#issuecomment-379661286