- From: David Morris <dwm@xpasc.com>
- Date: Fri, 25 Mar 2016 09:40:46 -0700 (PDT)
- To: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <alpine.LRH.2.01.1603250935000.13335@egate.xpasc.com>
What working code is called isn't really relavent in terms of RFC status. The point of a standard is to get all implementors to do it an interoperable fashion. Standards can originate outside of a WG. And as far as I can recall, this WG hasn't rejected this work. On Fri, 25 Mar 2016, Phil Lello wrote: > Can I ask that the draft change the "Intended Status" to "Informational" - > it seems to me that by being shipped in a full release rather than a beta, > it reflects a standard defined outside the IETF processes. > > Best wishes, > > Phil Lello > > On Fri, Mar 25, 2016 at 9:35 AM, Mike West <mkwst@google.com> wrote: > Hello, HTTP WG folks who are interested in cookies. :) > We've talked on and off about same-site cookies as a defense in depth > against CSRF and related attacks; I think they're solidly enough > defined to ship and let folks begin experimenting with. We plan on > pushing them out the door in Chrome ~51, and I hear that folks at > Mozilla are planning on beginning an implementation in Q2: > > Spec: https://tools.ietf.org/html/draft-west-first-party-cookies > Intent toShip: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/csCt > W3M3-wg > > There's a very slightly updated -07 that I'll upload once things open > up again, but it doesn't contain any normative changes. Feedback on > the existing text (or Chrome's implementation) would be much > appreciated. > > -mike > > > > > > ____________________________________________________________________________ > > This email has been scanned for spam and viruses by Proofpoint Essentials > cloud email security - click here to report this email as spam. > > > >
Received on Friday, 25 March 2016 16:41:19 UTC