- From: Martin Thomson <notifications@github.com>
- Date: Mon, 09 Apr 2018 02:08:36 +0000 (UTC)
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/239/379606725@github.com>
I think that this is probably something we can explore. I'm a little concerned about the effect on the integrity of cookies as a set by this sort of change though. The value might have been refreshed recently enough that the site has an expectation that it remains good - at least in relation to other cookies. Eviction like what is proposed could create sudden integrity compromises. We've explored the idea of cutting cookies before their time in various ways (see httpwg/http-extensions#494 for our conclusions there). All run afoul of the global state integrity issue, namely that killing one piece of state might affect the interdependent pieces of the whole. It's hard to formulate a question that might allow us to gain insight into the effect that might have though. You speculate that cookies are fragile enough that this won't cause much breakage. But this could trigger an eviction of a cookie that HTTPS sends and depends on, so we would have to worry about that too. Rotating the value as a way to avoid this eviction might undermine the intent. A tracker only needs to periodically flip an insignificant bit to avoid eviction. As a defense against pervasive monitoring, this might overstate things a little. This method is only effective if you can synchronize evictions across all cleartext activity. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/239#issuecomment-379606725
Received on Monday, 9 April 2018 02:09:08 UTC