- From: Yoav Nir <ynir.ietf@gmail.com>
- Date: Wed, 25 Jun 2014 16:31:03 +0300
- To: Amos Jeffries <squid3@treenet.co.nz>
- Cc: ietf-http-wg@w3.org
On Jun 25, 2014, at 3:48 PM, Amos Jeffries <squid3@treenet.co.nz> wrote: > On 25/06/2014 7:32 a.m., Yoav Nir wrote: >> >> On Jun 24, 2014, at 8:42 AM, Mark Nottingham wrote: >> >>> Hi Julian, >>> >>> On 23 Jun 2014, at 6:43 pm, Julian Reschke wrote: >>> >>>> >>>> 4) Session handling (or "avoiding cookies") >>>> >>>> ...in case we find people, energy, and implementer interest. >>> >>> That sounds very speculative. Draft? >> >> http://tools.ietf.org/html/draft-williams-websec-session-continue-prob-00 >> http://tools.ietf.org/html/draft-williams-websec-session-continue-proto-00 >> http://tools.ietf.org/html/draft-abarth-cake-01 >> http://tools.ietf.org/html/draft-hallambaker-httpsession-02 >> http://tools.ietf.org/html/draft-hallambaker-httpintegrity-02 >> http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05 >> >> >> I could probably dig up a few more if I put my mind to it. >> >> So people is easy, energy we might be able to find. Implementer interest? I’m not sure it’s there. > > Some here from Squid. I have been watching Hallam's work with some > interest, will be needing proxy support but otherwise there is a lot of > promise there. As makers of middle-boxes, we’re just along for the ride. Unless Facebook/the bank/the bloggers/the dog-food over the Internet people want a new session management scheme, and unless the browsers are willing to provide it, we can’t push a new technology. And the dogfood over the Internet people do not participate in the working group, and the browser people have so far been silent about this. You can browse the archives of websec to see my totally unsuccessful attempts to bring this to the IETF. Doesn’t mean it won’t succeed somewhere else. Yoav
Received on Wednesday, 25 June 2014 13:31:41 UTC