Re: [http-state] I-D Action:draft-ietf-httpstate-cookie-03.txt

Adam Barth <ietf@adambarth.com> Tue, 23 February 2010 16:05 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EABC73A849B for <http-state@core3.amsl.com>; Tue, 23 Feb 2010 08:05:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.875
X-Spam-Level:
X-Spam-Status: No, score=-1.875 tagged_above=-999 required=5 tests=[AWL=0.102, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OnnbEiNc+jWW for <http-state@core3.amsl.com>; Tue, 23 Feb 2010 08:05:08 -0800 (PST)
Received: from mail-gx0-f217.google.com (mail-gx0-f217.google.com [209.85.217.217]) by core3.amsl.com (Postfix) with ESMTP id 0523D3A84A5 for <http-state@ietf.org>; Tue, 23 Feb 2010 08:05:07 -0800 (PST)
Received: by gxk9 with SMTP id 9so4305162gxk.8 for <http-state@ietf.org>; Tue, 23 Feb 2010 08:07:05 -0800 (PST)
Received: by 10.151.92.5 with SMTP id u5mr307159ybl.114.1266941225367; Tue, 23 Feb 2010 08:07:05 -0800 (PST)
Received: from mail-iw0-f191.google.com (mail-iw0-f191.google.com [209.85.223.191]) by mx.google.com with ESMTPS id 34sm284638yxf.65.2010.02.23.08.07.02 (version=SSLv3 cipher=RC4-MD5); Tue, 23 Feb 2010 08:07:03 -0800 (PST)
Received: by iwn29 with SMTP id 29so2335161iwn.31 for <http-state@ietf.org>; Tue, 23 Feb 2010 08:07:02 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.147.199 with SMTP id m7mr343110ibv.87.1266941222149; Tue, 23 Feb 2010 08:07:02 -0800 (PST)
In-Reply-To: <Pine.LNX.4.64.1002222306420.19952@egate.xpasc.com>
References: <20100213080001.D07A03A73C7@core3.amsl.com> <alpine.LNX.2.00.1002222350530.6570@tonga.securenet.de> <5c4444771002222233h5a22a2d1i5accd3b231b2d3da@mail.gmail.com> <Pine.LNX.4.64.1002222306420.19952@egate.xpasc.com>
From: Adam Barth <ietf@adambarth.com>
Date: Tue, 23 Feb 2010 08:06:42 -0800
Message-ID: <5c4444771002230806l2cafed2bqcd94a03de1eea2cc@mail.gmail.com>
To: David Morris <dwm@xpasc.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: http-state@ietf.org
Subject: Re: [http-state] I-D Action:draft-ietf-httpstate-cookie-03.txt
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2010 16:05:09 -0000

That's correct.  I believe that's what the draft says currently.

Adam


On Mon, Feb 22, 2010 at 11:08 PM, David Morris <dwm@xpasc.com> wrote:
>
> Going from memory, I thought secure meant only sent of HTTPS and HttpOnly
> was introduced since the original NS cookie spec to prevent script
> access to the cookie.
>
> On Mon, 22 Feb 2010, Adam Barth wrote:
>
>> On Mon, Feb 22, 2010 at 3:06 PM, Achim Hoffmann <ah@securenet.de> wrote:
>> >
>> > Is there a typo in 5.2.6.  The HttpOnly Attribute ?
>> >
>> >  ".. with an attribute-name of Secure and an empt attribute-value."
>> >
>> > I guess "Secure" should be "HttpOnly".
>>
> _______________________________________________
> http-state mailing list
> http-state@ietf.org
> https://www.ietf.org/mailman/listinfo/http-state
>
>