Re: inconsistency in draft-ietf-httpbis-rfc6265bis-07 SameSite default treatment?

Thanks for pointing that out! You're correct, the note should have been
removed or updated. I'll fix that!

On Fri, May 7, 2021 at 3:26 PM Brian Campbell <bcampbell@pingidentity.com>
wrote:

> Looking at parts of draft-ietf-httpbis-rfc6265bis-07 today I noticed what
> is maybe a little inconsistency around the treatment of the default for
> SameSite.
>
>
> https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-07.html#section-4.1.2.7
> has:
> 'If the "SameSite" attribute's value is something other than these three
> known keywords, the attribute's value will be subject to a default
> enforcement mode that is equivalent to "Lax".'
> and parts of
> https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-07.html#section-5.5
> and
> https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-07.html#name-draft-ietf-httpbis-rfc6265bis-07
> also suggest Lax as the default. As does (relatively recent) current
> behaviour from most/all browsers.
>
> but
> https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-07.html#section-5.3.7
> ends with this sentence that looks like it's maybe left over from when the
> default enforcement mode was "None":
> 'Note: This algorithm maps the "None" value, as well as any unknown value,
> to the "None" behavior, which is helpful for backwards compatibility when
> introducing new variants.'
>
>
>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*