An update on RFC6265bis.

I apologize for my absence at the WG meeting this morning. I slept through
my alarm for reasons that are entirely my own fault, and I'm sorry y'all
wasted time waiting for me.

The highlights of what I would have told y'all are more or less as follows:

1.  The rate of `SameSite` adoption seems to be increasing (though still
~low). The attribute was used in ~0.012% of Chrome's cookie-setting
operations in June to ~0.019% in the last month. It looks like Mozilla has
landed some relevant infrastructure
<https://bugzilla.mozilla.org/show_bug.cgi?id=1286858>, so maybe we'll see
another implementation? That would be lovely.

2.  `__Host-` prefix usage is relatively constant at ~0.004% of Chrome's
cookie-setting operations. `__Secure-` prefix usage, on the other hand,
jumped from statistical noise in June to 0.07% on Monday, then dropped back
to statistical noise. Perhaps some higher-traffic site floated a trial
balloon? I'm curious!

3.  The tightened `secure` behaviors in Chrome and Firefox seem solidly
shipped. I haven't seen any bug reports on the topic since the last IETF,
and I don't anticipate rolling back the changes. I'm curious to hear from
other implementers whether they intend to tighten their handling of the
attribute as well.

4.  I've not done much work on the document since the last meeting. The
next steps from my perspective are to clean up the `SameSite` definition in
the -01, to work through the ~6 open issues
<https://github.com/httpwg/http-extensions/issues?q=is%3Aissue+is%3Aopen+label%3A6265bis>,
and to migrate the test suite
<https://github.com/abarth/http-state/tree/master/tests> to Web Platform
Tests so we have continual integration, and to improve clarity around
existing browser behavior. I intend to work on that a bit over the quiet
holiday period.

Thanks, and again, sorry I missed this morning. :/

-mike