- From: Phil Lello <phil@dunlop-lello.uk>
- Date: Fri, 25 Mar 2016 16:07:56 +0000
- To: Mike West <mkwst@google.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Mark Goodwin <mgoodwin@mozilla.com>
Received on Friday, 25 March 2016 16:08:28 UTC
Can I ask that the draft change the "Intended Status" to "Informational" - it seems to me that by being shipped in a full release rather than a beta, it reflects a standard defined outside the IETF processes. Best wishes, Phil Lello On Fri, Mar 25, 2016 at 9:35 AM, Mike West <mkwst@google.com> wrote: > Hello, HTTP WG folks who are interested in cookies. :) > > We've talked on and off about same-site cookies as a defense in depth > against CSRF and related attacks; I think they're solidly enough defined to > ship and let folks begin experimenting with. We plan on pushing them out > the door in Chrome ~51, and I hear that folks at Mozilla are planning on > beginning an implementation in Q2: > > Spec: https://tools.ietf.org/html/draft-west-first-party-cookies > > Intent to Ship: > https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/csCtW3M3-wg > > There's a very slightly updated -07 that I'll upload once things open up > again, but it doesn't contain any normative changes. Feedback on the > existing text (or Chrome's implementation) would be much appreciated. > > -mike >
Received on Friday, 25 March 2016 16:08:28 UTC