W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2020

Re: Call for Adoption: Cookie Incrementalism

From: Willy Tarreau <w@1wt.eu>
Date: Fri, 13 Nov 2020 06:23:28 +0100
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Message-ID: <20201113052328.GC10375@1wt.eu>
On Fri, Nov 13, 2020 at 10:45:29AM +1100, Mark Nottingham wrote:
> Those with good memories will recall that when we started RFC6265bis, we required significant changes to the specification to be backed by a separate I-D, so that we could judge consensus and implementation support for it separately. See:
>   https://lists.w3.org/Archives/Public/ietf-http-wg/2015OctDec/0165.html
> 
> In the spirit of that, we have one more proposal for consideration:
>   https://tools.ietf.org/html/draft-west-cookie-incrementalism-01

Yes, I remember some of these points being discussed a while ago and I
do support adoption as well.

I also remember one idea that started being discussed along the points in
this document which was to encourage browsers to delay posting very large
(or numerous) cookies to slow down browsing on sites which abuse them.
Having, say, half a second delay per kB would not hurt a login page
requiring a full user context and a large cookie once, but would hurt
sites using them on each and every page.

Regards,
Willy
Received on Friday, 13 November 2020 05:23:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 13 November 2020 05:23:50 UTC