Re: HTTPOnly Cookies Specification from Bil Corry on 2008-12-17 (ietf-http-wg@w3.org from October to December 2008)

From: Bil Corry <bil@corry.biz>
Date: Tue, 16 Dec 2008 19:22:01 -0600
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <49485439.3040001@corry.biz>

Dan Winship wrote on 11/21/2008 7:04 AM: 
> What would really be useful would be for someone to pull an HTML5 on
> cookies, documenting how they are actually parsed (ie, not like the
> Netscape spec or either RFC says), how the path and domain parameters
> are actually used (ie, not like the Netscape spec or either RFC says), etc.

I've gotten similar feedback elsewhere:

 http://groups.google.com/group/mozilla.dev.security/browse_thread/thread/f2e661f222366cdd#msg_07d98bee9cb6fdc5

So what's required to start a cookie WG here at IETF?

I'd imagine the first task would be to identify the various behaviors browsers should have based on the RFCs, then identify the behaviors the browsers actually have.  Do I only test using the latest versions of the browsers?  Or include older versions?  If older versions, which ones?  And which browsers?


- Bil

Received on Wednesday, 17 December 2008 01:22:58 UTC