W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2021

Re: June Interim: call for topics

From: Daniel Veditz <dveditz@mozilla.com>
Date: Fri, 21 May 2021 14:36:15 -0700
Message-ID: <CADYDTCAnCsQeP+8umkqTQCVqa3NhJ5+4QPZMffGWPXrF7_FB4A@mail.gmail.com>
To: Rafal Pietrak <cookie.rp@ztk-rp.eu>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Fri, May 21, 2021 at 8:03 AM Rafal Pietrak <cookie.rp@ztk-rp.eu> wrote:

> If possible, I'd appreciate a couple of minutes for my cookies radius
> proposal (https://datatracker.ietf.org/doc/draft-pietrak-cookie-scope/)
>

Mark's answer[1] to another recent cookie proposal applies here too. For
now the group is only considering cookie proposals as part of RFC6265bis.
This is on the agenda for this meeting but your proposal does not yet have
the support to be incorporated into it.
https://lists.w3.org/Archives/Public/ietf-http-wg/2021AprJun/0114.html

Should that be the case, may be someone could advice me on any other
> ietf working groups, that could possibly be more interested in ACCEPTING
> or CRITICS-and-DECLINE of that proposal.
>

This IS the group for the topic, and anywhere else you try is likely to
bounce you back here. What you really need to do is drum up support for
this. Are there web sites that want to use this functionality enough to
change their code to use it? Are there client implementers fired up to
support Radius (browsers of course, but more than just browsers)? Is there
only support for part of it, and if so could that be solved in a different
way?

My own prejudice is that I would never want "World" because I don't trust
sharing my cookies with all those other unknown apps. The distinction
between Tabs and Windows is lost on me because in at least some browsers
you can drag tabs or groups of tabs from window to window. "Viewport" as a
stricter definition of how "session" is often interpreted by browsers might
be interesting, and better backwards compatibility than simply
redefining/clarifying the meaning of a session cookie.  For some uses, like
banks, the existing clear-site-data feature might be good enough, so you'll
need to sell folks on why it isn't.

-Dan Veditz
Received on Friday, 21 May 2021 21:37:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 21 May 2021 21:37:58 UTC