Re: Call for Adoption: Cookie Incrementalism

On Fri, Nov 13, 2020 at 10:45:29AM +1100, Mark Nottingham wrote:
> Those with good memories will recall that when we started RFC6265bis, we required significant changes to the specification to be backed by a separate I-D, so that we could judge consensus and implementation support for it separately. See:
> In the spirit of that, we have one more proposal for consideration:

Yes, I remember some of these points being discussed a while ago and I
do support adoption as well.

I also remember one idea that started being discussed along the points in
this document which was to encourage browsers to delay posting very large
(or numerous) cookies to slow down browsing on sites which abuse them.
Having, say, half a second delay per kB would not hurt a login page
requiring a full user context and a large cookie once, but would hurt
sites using them on each and every page.


Received on Friday, 13 November 2020 05:23:49 UTC