W3C home > Mailing lists > Public > public-privacycg@w3.org > April 2021

Re: [E] Re: HTTP State Tokens

From: Mike West <mkwst@google.com>
Date: Thu, 8 Apr 2021 07:18:05 +0200
Message-ID: <CAKXHy=d+XWxDGKbdbM_X1nY4XpeKFg2_w8y=-SypLkiTCcZ_5g@mail.gmail.com>
To: George Fletcher <george.fletcher@verizonmedia.com>
Cc: Kaustubha Govind <kaustubhag@google.com>, public-privacycg@w3.org
Hey George,

There was discussion on the IETF's HTTP working group list, and in
WebAppSec. My impression from those conversations was that there wasn't
enough appetite for building a cookie replacement vs. incrementally
changing cookies as they exist. That's the strategy laid out in

From my perspective, state tokens are on hold while vendors determine just
how malleable existing cookies actually are. I'd love to see folks
collectively decide to pick them up again as I think there's some value in
shipping a modernized version of that draft, but I'm happy to see the
energy flow into incremental change for the time being. :)


On Wed, Apr 7, 2021 at 9:42 PM George Fletcher <
george.fletcher@verizonmedia.com> wrote:

> Thanks! I remember it being discussed but then it seems like discussion
> has gone silent. The IETF draft expired in September 2019 :)
> On Wed, Apr 7, 2021 at 3:38 PM Kaustubha Govind <kaustubhag@google.com>
> wrote:
>> Adding +Mike West <mkwst@google.com> (author of the proposal).
>> It was discussed on the WebAppSec WG mailing list months ago.
>> On Wed, Apr 7, 2021 at 3:15 PM George Fletcher <
>> george.fletcher@verizonmedia.com> wrote:
>>> This may not be the correct venue but figured I'd ask to see if anyone
>>> knows the status of HTTP State tokens.
>>> Thanks,
>>> George
Received on Thursday, 8 April 2021 05:19:23 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 8 April 2021 05:19:24 UTC