Re: I-D Action: draft-ietf-httpbis-cookie-alone-01.txt

The diff between this and the previous draft are fairly minimal. In short,
we've added a path-matching check to the storage model modifications
suggested in
https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01#section-3 in
order to deal with real-world compatibility issues raised in
https://github.com/httpwg/http-extensions/issues/223 (and
https://bugs.chromium.org/p/chromium/issues/detail?id=580770).

Working on porting that change into Chrome's implementation now.

-mike

On Mon, Sep 5, 2016 at 10:11 AM, <internet-drafts@ietf.org> wrote:

>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Hypertext Transfer Protocol of the IETF.
>
>         Title           : Deprecate modification of 'secure' cookies from
> non-secure origins
>         Author          : Mike West
>         Filename        : draft-ietf-httpbis-cookie-alone-01.txt
>         Pages           : 6
>         Date            : 2016-09-05
>
> Abstract:
>    This document updates RFC6265 by removing the ability for a non-
>    secure origin to set cookies with a 'secure' flag, and to overwrite
>    cookies whose 'secure' flag is set.  This deprecation improves the
>    isolation between HTTP and HTTPS origins, and reduces the risk of
>    malicious interference.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/
>
> There's also a htmlized version available at:
> https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-httpbis-cookie-alone-01
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
>
>