- From: Eitan Adler <lists@eitanadler.com>
- Date: Wed, 2 Dec 2015 19:49:43 -0500
- To: Mark Nottingham <mnot@mnot.net>, Mike West <mkwst@google.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 12 November 2015 at 19:16, Mark Nottingham <mnot@mnot.net> wrote:
> As discussed in Yokohama, we have several proposals for modifying RFC6265 ('Cookies'), including:
>
> - https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone
> - https://tools.ietf.org/html/draft-west-cookie-prefixes
> - https://tools.ietf.org/html/draft-west-first-party-cookies
> - https://tools.ietf.org/html/draft-west-origin-cookies
Hi,
I have some comments about the draft-west-cookie-prefixes-05 draft:
The syntax is ugly, but extensible without having to introduce
additional extension points. I'm concerned about the use of __ for both
regular cookies and special handling cookies (such as __host and __secure).
I'd like to see the prefix changed to one which it can be specified
that conformant implementations MUST NOT use a prefix other other than
those defined by an RFC.
Perhaps __-SECURE and __-HOST can be used? note the additional "-"
--
Eitan Adler
Received on Thursday, 3 December 2015 00:50:45 UTC