- From: Willy Tarreau <w@1wt.eu>
- Date: Tue, 22 Dec 2015 10:41:55 +0100
- To: Mark Nottingham <mnot@mnot.net>
- Cc: httpbis mailing list <ietf-http-wg@w3.org>
On Tue, Dec 22, 2015 at 05:18:39PM +1100, Mark Nottingham wrote: > As discussed earlier <http://www.w3.org/mid/FAF2C2E8-0A6A-4C34-B4C4-57190AAE118D@mnot.net>, we are going to use a Call for Adoption process to assure that what we specify in terms of changes to Cookies -- if anything -- will actually get implemented. > > Based on what we've talked about so far, I believe two specifications are ready for consideration: > > * https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone-04 > * https://tools.ietf.org/html/draft-west-cookie-prefixes-05 > > So, please discuss on-list: > > 1) Your intent to implement these specifications (or lack thereof). > 2) Your support for these specifications (or lack thereof). As the main author of haproxy, I definitely support these drafts which go in the right direction when it comes to securing cookies. In their current state these drafts apparently don't affect how haproxy uses cookies, though if updates are needed, we'll have to perform them. The drafts are quite clear and still open to improvements. I think that adopting them will help quickly reaching consensus on these proposals. Regards, Willy
Received on Tuesday, 22 December 2015 09:42:25 UTC