- From: Willy Tarreau <w@1wt.eu>
- Date: Fri, 13 Nov 2020 06:23:28 +0100
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
On Fri, Nov 13, 2020 at 10:45:29AM +1100, Mark Nottingham wrote: > Those with good memories will recall that when we started RFC6265bis, we required significant changes to the specification to be backed by a separate I-D, so that we could judge consensus and implementation support for it separately. See: > https://lists.w3.org/Archives/Public/ietf-http-wg/2015OctDec/0165.html > > In the spirit of that, we have one more proposal for consideration: > https://tools.ietf.org/html/draft-west-cookie-incrementalism-01 Yes, I remember some of these points being discussed a while ago and I do support adoption as well. I also remember one idea that started being discussed along the points in this document which was to encourage browsers to delay posting very large (or numerous) cookies to slow down browsing on sites which abuse them. Having, say, half a second delay per kB would not hurt a login page requiring a full user context and a large cookie once, but would hurt sites using them on each and every page. Regards, Willy
Received on Friday, 13 November 2020 05:23:49 UTC