- From: Mike West <mkwst@google.com>
- Date: Sat, 22 Nov 2014 10:31:34 +0100
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Yoav Nir <ynir.ietf@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>, Mark Nottingham <mnot@mnot.net>, Mark Goodwin <mgoodwin@mozilla.com>
- Message-ID: <CAKXHy=eR-AMmOCbhGCSS75GS9A6eXiAQWE_rfxJMwa8wxL-SBg@mail.gmail.com>
Thanks to all three of you! On Fri, Nov 21, 2014 at 9:49 PM, Yoav Nir <ynir.ietf@gmail.com> wrote: > This mailing list is for discussing current work items for httpbis: > HTTP/2, Alt-Svc, etc. A little discussion of related “homeless” topics is > usually tolerated as long as there is a small amount of traffic that does > not distract people from the on-topic discussions. > I certainly don't want to disrupt work on HTTP. However, WebSec seemed both quiet, and focused on finishing HSTS/PKP. Those seemed less conducive to cookie discussions than HTTP, but I'm certainly happy to take the conversation there if it's the right thing to do. > Your proposal (and Andrei’s) have one important thing that the authors of > proposals in the previous round didn’t: the people behind them (you and > Andrei) actually work on browsers, so your proposals might get implemented. > That’s a good start. > The proposals I'm advocating are also trivial; they don't introduce any new concepts to the platform, they merely apply concepts we already have to cookies in slightly new ways. This is true both in terms of the user agent's implementation as well as website adoption. If putting together a prototype would help move things along, I'm happy to do so in Chromium. > So, for starters it’s OK to start the discussion here. ... When (and if) > things seem to be converging (on a list of requirements and 1 or more > proposals) then we can have the discussion again about what working group > should handle this: httpbis, uta or a new working group. > Thanks, this seems like very reasonable advice! > But start with showing that there is interest. > I've talked with folks at Mozilla who seemed interested in both proposals. Indeed, "first-party cookies" is, in many ways, an adaptation of Mark Goodwin's "samedomain cookies" proposal: http://people.mozilla.org/~mgoodwin/SameDomain/samedomain-latest.txt. I suspect he'd be interested in implementing something in Gecko. (+mgoodwin On Sat, Nov 22, 2014 at 1:38 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > > The first-party concept is interesting and > potentially valuable, assuming the other issues aren't resolved. Which other issues? Naively, it seems useful in and of itself. > The list also only surveyed work that has been submitted to the IETF; the > macaroon concept is another point of interest in the space. > It's also significantly more complex than these proposals. :) I have reservations about defining a mechanism that fails open without > any way of learning that this has happened. Mike and I discussed some > amendments that might work. > There's certainly more discussion to be had on this topic in particular, and I do appreciate your input so far. Since there seems to be at least vague interest on this list, I'll hop back to that other thread to pick things up again. > Given the narrow locus of effort in this area, I think that a new, > short-lived working group is the best way to deal with this. Building > something (anything) that helps with this cookie mess would be great. > I'm a little worried that spinning up a working group will run counter to these proposal's simplicity. Perhaps this is my lack of IETF experience talking, but I've certainly seen problems grow to fill the space allotted to them in other areas. If we spin up a working group, I'm worried we'd get lost in (useful!) discussions about what we should have _instead_ of cookies, rather than how we could implement something which serves the uses cases these two proposals highlight. But if tightly scoped WGs work well in this forum, then I'm all for it! -mike -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Saturday, 22 November 2014 09:32:23 UTC