CfC: CSP Cookie Controls to FPWD; deadline Dec. 7th. from Mike West on 2015-11-30 (public-webappsec@w3.org from November 2015)

From: Mike West <mkwst@google.com>
Date: Mon, 30 Nov 2015 15:49:19 +0100
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Mark Nottingham <mnot@mnot.net>, Brad Hill <hillbrad@gmail.com>, Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>
Message-ID: <CAKXHy=cHSthnCzcEy1Lzh6q+6-Th7o3bCTXP9TiqofqA9Lna+w@mail.gmail.com>

Hello (again), WebAppSecians!

In the holiday spirit of clearing out things that have been sitting around
for longer than they should have, I'm issuing this call for consensus to
publish the following draft of mnot's ~3 year old idea for "CSP Cookie
Controls" as a First Public Working Draft:

https://w3c.github.io/webappsec-csp/cookies/published/FPWD.html

This draft proposes a mechanism by which authors can restrict the types of
cookies which can be set by a resource, and the manner in which they can be
set. We discussed it briefly at TPAC, to generally positive feedback.

I think this draft is a reasonable stab at a FPWD, and though it will
certainly require some iteration, it's something that I think should be
pretty straightforward to implement. This CfC will end in a week, on
December 7th. Feedback, positive and otherwise, would be exceptionally
well-received at public-webappsec@w3.org.

-mike

Received on Monday, 30 November 2015 14:50:08 UTC