- From: Yoav Nir <synp71@live.com>
- Date: Mon, 18 Nov 2013 10:56:10 +0200
- To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- CC: ietf-http-wg@w3.org
On 18/11/13 12:33 AM, Nicolas Mailhot wrote:
> Le Dim 17 novembre 2013 15:20, Yoav Nir a écrit :
>> On 17/11/13 2:16 PM, Nicolas Mailhot wrote:
>>> 2. it's disingenuous to claim tackling pervasive surveillance when
>>> nothing is done for the cookie networks whose sole aim is pervasive
>>> surveillance and which *are* an http "feature" (unlike TLS which is
>>> being bolted on)
>> True, but all previous attempts to make cookies better have failed.
>>
>> * The httpstate working group closed without standardizing "cake"
>> * Recent attempts to get websec to discuss next generation cookies
>> also failed to get people (especially browser vendors) interested.
> What was wrong with the solution that was proposed on this list a few
> months ago ? (by PHK IIRC)
>
>
Nothing wrong. We also had proposals from Adam Barth ("Cake"), from PHB
("HTTP Session Management"), Trevor Perrin ("smart cookies"), and Nico
Williams ("session continuation"). There's really no shortage of
proposals on how to make cookies better.
What we are lacking is the indication that implementations (especially
browsers) would implement such a mechanism if we standardized it. There
is the channel-id proposal that may make cookies harder to steal, but
that doesn't address its usage at all. With that, it's difficult to get
people excited enough to actually do the work of reviewing this.
Yoav
Received on Monday, 18 November 2013 08:56:40 UTC