New Cookies Draft

Hi everyone,

At IETF 120, Anne and I presented
<https://docs.google.com/presentation/d/17FCT2BuYou7AB_dUzq9u6_q3X8L9CTswmrOMGVnshCM/edit#slide=id.p>
our efforts to write a new Cookies draft specification to follow in the
footsteps of 6265bis, which is in WG Last Call.

We submitted our initial draft for review
<https://datatracker.ietf.org/doc/draft-annevk-johannhof-httpbis-cookies/>
and are looking forward to having a Call for Adoption as soon as possible
(we’ll leave the exact timing to chairs to make sure we don’t conflict w/
6265bis).

Our initial focus with this draft is on fixing the “layering violations”
between the Cookies spec and Web specs. As browser engineers, we found it
difficult to correctly specify new features such as third-party Cookie
blocking, Cookie partitioning or “Storage Access” under the old text. Other
existing integrations such as the Cookie Store API, HTML and Fetch already
lack specification in important areas such as Cookie change events. We also
plan to submit fixes for the issues in these specs.

We imagine that reducing some browser-specific complexity such as SameSite
computation in the Cookies spec will also be helpful to non-browser
implementers.

We’re working closely with 6265bis editor Steven Bingler, who will stay
involved in this work, on ensuring a smooth continuation of work on
deferred issues, some of which were mentioned in the recent discussion
around Unicode handling and the different strictness in server/client
behaviors. We’d love to get this group's input, support and contributions
on these and other issues going forward.

Looking forward to your thoughts and feedback.

Thank you!

Johann