Hello (again), WebAppSecians!
In the holiday spirit of clearing out things that have been sitting around
for longer than they should have, I'm issuing this call for consensus to
publish the following draft of mnot's ~3 year old idea for "CSP Cookie
Controls" as a First Public Working Draft:
https://w3c.github.io/webappsec-csp/cookies/published/FPWD.html
This draft proposes a mechanism by which authors can restrict the types of
cookies which can be set by a resource, and the manner in which they can be
set. We discussed it briefly at TPAC, to generally positive feedback.
I think this draft is a reasonable stab at a FPWD, and though it will
certainly require some iteration, it's something that I think should be
pretty straightforward to implement. This CfC will end in a week, on
December 7th. Feedback, positive and otherwise, would be exceptionally
well-received at public-webappsec@w3.org.
-mike