Re: [http-state] Mail regarding draft-ietf-httpstate-cookie
Adam Barth <ietf@adambarth.com> Mon, 12 March 2012 17:55 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@ietfa.amsl.com
Delivered-To: http-state@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4376D21F88A1 for <http-state@ietfa.amsl.com>; Mon, 12 Mar 2012 10:55:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.958
X-Spam-Level:
X-Spam-Status: No, score=-2.958 tagged_above=-999 required=5 tests=[AWL=0.019, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ynTBGojl301g for <http-state@ietfa.amsl.com>; Mon, 12 Mar 2012 10:55:30 -0700 (PDT)
Received: from mail-ey0-f172.google.com (mail-ey0-f172.google.com [209.85.215.172]) by ietfa.amsl.com (Postfix) with ESMTP id 8CA7921F87C4 for <http-state@ietf.org>; Mon, 12 Mar 2012 10:55:29 -0700 (PDT)
Received: by eaaq11 with SMTP id q11so1376499eaa.31 for <http-state@ietf.org>; Mon, 12 Mar 2012 10:55:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=3irJaH77PG1NR3SrHLYkRndn5Hyv8O8BlHJKH65Vnrc=; b=iM14pQjyRaCpxggKHHuS/ke8H4HA/mtab6cHR7pBlIGn2w7L1BI9v6YSKlpegxxaHk IKpdLjMkp7g9Ymto1bNj4VKAYhwr8JbbkPk1dLnT1CUnzyOfPB3RGKdaRpJ3eitiYluz HJHKDMJPLUAVqpIn1ZUguZXb+KD+GoVs2Bg21541bAKUIlLHD6ryHVZM9LB8qQv5wKft /h4TAI5D8eUQoe1k8Togm7c7OQ7gBhznhqgjxx/hPza1H2NSOcHf3uw6WSv5g/aBTtJV kc9QMrkzGnsqwIKgkFWykbTaLZ5dOaXGywKjUwbFapXV7LewMqHJ+A/a51RwqptVdPnW FqCw==
Received: by 10.213.33.202 with SMTP id i10mr1064461ebd.100.1331574928628; Mon, 12 Mar 2012 10:55:28 -0700 (PDT)
Received: from mail-lpp01m010-f44.google.com (mail-lpp01m010-f44.google.com [209.85.215.44]) by mx.google.com with ESMTPS id v15sm23699244eem.1.2012.03.12.10.55.27 (version=SSLv3 cipher=OTHER); Mon, 12 Mar 2012 10:55:27 -0700 (PDT)
Received: by lagj5 with SMTP id j5so4588033lag.31 for <http-state@ietf.org>; Mon, 12 Mar 2012 10:55:26 -0700 (PDT)
Received: by 10.152.133.144 with SMTP id pc16mr9958047lab.0.1331574926210; Mon, 12 Mar 2012 10:55:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.112.1.230 with HTTP; Mon, 12 Mar 2012 10:54:56 -0700 (PDT)
In-Reply-To: <9DD105ACD9E08E49AEA83E09A55DE2170194C296@NYCEXMB01.nfp.com>
References: <9DD105ACD9E08E49AEA83E09A55DE2170194C296@NYCEXMB01.nfp.com>
From: Adam Barth <ietf@adambarth.com>
Date: Mon, 12 Mar 2012 10:54:56 -0700
Message-ID: <CAJE5ia9GWcb10eWDvuZ+ziP4Zyj7jDw67DBhavxLky-1o79FKw@mail.gmail.com>
To: "Mankowski, Chris" <cmankowski@nfp.com>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQlegJTFpNRVGF7M4UTHSi1M1Q4zfNTWOCZStbaCka00RfxJ9YCMHx54pH0z/NaE0jDgjsrt
Cc: "http-state@ietf.org" <http-state@ietf.org>
Subject: Re: [http-state] Mail regarding draft-ietf-httpstate-cookie
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2012 17:55:31 -0000
On Mon, Mar 12, 2012 at 8:08 AM, Mankowski, Chris <cmankowski@nfp.com> wrote: > Can you tell me what is the correct group to propose a solution to Related > Domain Cookie attacks? (more info: http://stackoverflow.com/q/9636857/328397 > ) You're welcome to use the http-state mailing list to propose solutions to the Related Domain Cookie attack. Please note that your email signature claiming proprietary rights over the contents of your email might be in conflict with the IETF's "Note Well", which governs this list: http://www.ietf.org/about/note-well.html If you want folks to read and think about your ideas, I recommend removing that signature in future emails to IETF mailing lists. Adam