- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 26 Jun 2014 11:47:54 +1000
- To: Yoav Nir <ynir.ietf@gmail.com>
- Cc: "Julian F. Reschke" <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
Hi Yoav, I'm not sure we'll have the right people in Toronto for this, and we already have a pretty crowded agenda. My inclination is to hold off for now, but I think it would make for some interesting hallway conversations... Cheers, On 25 Jun 2014, at 5:32 am, Yoav Nir <ynir.ietf@gmail.com> wrote: > > On Jun 24, 2014, at 8:42 AM, Mark Nottingham <mnot@mnot.net> wrote: > >> Hi Julian, >> >> On 23 Jun 2014, at 6:43 pm, Julian Reschke <julian.reschke@gmx.de> wrote: >> >>> >>> 4) Session handling (or "avoiding cookies") >>> >>> ...in case we find people, energy, and implementer interest. >> >> That sounds very speculative. Draft? > > http://tools.ietf.org/html/draft-williams-websec-session-continue-prob-00 > http://tools.ietf.org/html/draft-williams-websec-session-continue-proto-00 > http://tools.ietf.org/html/draft-abarth-cake-01 > http://tools.ietf.org/html/draft-hallambaker-httpsession-02 > http://tools.ietf.org/html/draft-hallambaker-httpintegrity-02 > http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05 > > > I could probably dig up a few more if I put my mind to it. > > So people is easy, energy we might be able to find. Implementer interest? I’m not sure it’s there. > > Interesting reads on the subject: http://www.vsecurity.com/download/papers/WeaningTheWebOffOfSessionCookies.pdf > > Yoav -- Mark Nottingham https://www.mnot.net/
Received on Thursday, 26 June 2014 01:48:23 UTC