- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 24 Oct 2014 21:29:37 +0200
- To: Mike West <mkwst@google.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 24 October 2014 21:07, Mike West <mkwst@google.com> wrote: >> That means I'm having trouble >> reconciling the design with the fact that confidentiality is an >> important characteristic of cookies. You wouldn't be able to rely on >> the Origin attribute being honoured, not ever, which makes me sad. > > I don't understand this argument: you can rely on cookies being limited to > an origin by user agents that support such a concept. You can distinguish > such user agents by looking for an `Origin-Cookie` header, and _only_ sift > through the `Origin-Cookie` header for those agents. Oh, I have a very different threat model in mind. That threat model is the one that Secure addresses, namely that an origin can request that cookies it gives out are not distributed by the client to other hosts. And when you send cookies, you don't necessarily know that they support origin cookies, so you are taking a risk. You seem to be more concerned with the converse aspect: that other domains (subdomains or parent domains, HTTP or JavaScript) can alter the cookies that you see in requests.
Received on Friday, 24 October 2014 19:30:05 UTC