Deb Cooley's No Objection on draft-ietf-httpbis-rfc6265bis-19: (with COMMENT)

Deb Cooley has entered the following ballot position for
draft-ietf-httpbis-rfc6265bis-19: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-httpbis-rfc6265bis/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------


Many thanks to Valery Smyslov for his secdir review.

Section 5:  (Recognizing that this is from the original RFC) The nested
numbered lists are difficult to parse.  For example Section 5.7, #6 has 3 sets
of sub numbered lists that appear to be distinct.  If these sub numbered lists
are necessary (and when there is merely a #1 without a #2, one might argue it
isn't 'necessary') then perhaps characters other than numbers might be clearer.

Section 8:  I agree with Valery that this section picks and chooses some
example issues ('more salient issues').  I wonder if it isn't possible to give
a 1-2 sentence overview of the general security issues associated with cookies.
 Something to set the stage, where what follows are examples of issues that
have been seen over time (with or without mitigations).  Sadly, I do not have
proposed text, and indeed, it may not be possible/feasible.

Section 10.1:  Most (all?) of the WHATWG documents can be referenced as a
snapshot to make them immutable.  There might be other ways to do this, but
this is the one I've seen used.

Received on Thursday, 13 February 2025 14:53:29 UTC