W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2015

CfC: CSP Cookie Controls to FPWD; deadline Dec. 7th.

From: Mike West <mkwst@google.com>
Date: Mon, 30 Nov 2015 15:49:19 +0100
Message-ID: <CAKXHy=cHSthnCzcEy1Lzh6q+6-Th7o3bCTXP9TiqofqA9Lna+w@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Mark Nottingham <mnot@mnot.net>, Brad Hill <hillbrad@gmail.com>, Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>
Hello (again), WebAppSecians!

In the holiday spirit of clearing out things that have been sitting around
for longer than they should have, I'm issuing this call for consensus to
publish the following draft of mnot's ~3 year old idea for "CSP Cookie
Controls" as a First Public Working Draft:

https://w3c.github.io/webappsec-csp/cookies/published/FPWD.html

This draft proposes a mechanism by which authors can restrict the types of
cookies which can be set by a resource, and the manner in which they can be
set. We discussed it briefly at TPAC, to generally positive feedback.

I think this draft is a reasonable stab at a FPWD, and though it will
certainly require some iteration, it's something that I think should be
pretty straightforward to implement. This CfC will end in a week, on
December 7th. Feedback, positive and otherwise, would be exceptionally
well-received at public-webappsec@w3.org.

-mike
Received on Monday, 30 November 2015 14:50:08 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:16 UTC