- From: Yoav Nir <ynir.ietf@gmail.com>
- Date: Tue, 24 Jun 2014 22:32:41 +0300
- To: Mark Nottingham <mnot@mnot.net>
- Cc: "Julian F. Reschke" <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
On Jun 24, 2014, at 8:42 AM, Mark Nottingham <mnot@mnot.net> wrote: > Hi Julian, > > On 23 Jun 2014, at 6:43 pm, Julian Reschke <julian.reschke@gmx.de> wrote: > >> >> 4) Session handling (or "avoiding cookies") >> >> ...in case we find people, energy, and implementer interest. > > That sounds very speculative. Draft? http://tools.ietf.org/html/draft-williams-websec-session-continue-prob-00 http://tools.ietf.org/html/draft-williams-websec-session-continue-proto-00 http://tools.ietf.org/html/draft-abarth-cake-01 http://tools.ietf.org/html/draft-hallambaker-httpsession-02 http://tools.ietf.org/html/draft-hallambaker-httpintegrity-02 http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05 I could probably dig up a few more if I put my mind to it. So people is easy, energy we might be able to find. Implementer interest? I’m not sure it’s there. Interesting reads on the subject: http://www.vsecurity.com/download/papers/WeaningTheWebOffOfSessionCookies.pdf Yoav
Received on Tuesday, 24 June 2014 19:33:16 UTC