Re: [http-state] Ticket 6: host-only cookies
Adam Barth <ietf@adambarth.com> Fri, 29 January 2010 07:28 UTC
Return-Path: <adam@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DCDE13A695A for <http-state@core3.amsl.com>; Thu, 28 Jan 2010 23:28:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.732
X-Spam-Level:
X-Spam-Status: No, score=-1.732 tagged_above=-999 required=5 tests=[AWL=0.246, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fsnsHzlt6rrG for <http-state@core3.amsl.com>; Thu, 28 Jan 2010 23:28:58 -0800 (PST)
Received: from mail-pz0-f175.google.com (mail-pz0-f175.google.com [209.85.222.175]) by core3.amsl.com (Postfix) with ESMTP id 419983A6966 for <http-state@ietf.org>; Thu, 28 Jan 2010 23:28:58 -0800 (PST)
Received: by pzk5 with SMTP id 5so1514823pzk.29 for <http-state@ietf.org>; Thu, 28 Jan 2010 23:29:17 -0800 (PST)
MIME-Version: 1.0
Received: by 10.142.249.22 with SMTP id w22mr359539wfh.52.1264750157063; Thu, 28 Jan 2010 23:29:17 -0800 (PST)
In-Reply-To: <4B628D14.9080003@corry.biz>
References: <7789133a1001220050m56cc438x35099b7972639331@mail.gmail.com> <alpine.DEB.2.00.1001220957240.9467@tvnag.unkk.fr> <33259CFA-E50A-46D7-A315-5D68ACB69CDB@apple.com> <2C56E4FA-8BE2-479A-AA53-E64DC3A907E2@gbiv.com> <4B628D14.9080003@corry.biz>
From: Adam Barth <ietf@adambarth.com>
Date: Thu, 28 Jan 2010 23:28:57 -0800
Message-ID: <7789133a1001282328s5091b833h9589657792b9f719@mail.gmail.com>
To: Bil Corry <bil@corry.biz>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Daniel Stenberg <daniel@haxx.se>, http-state <http-state@ietf.org>
Subject: Re: [http-state] Ticket 6: host-only cookies
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2010 07:28:59 -0000
On Thu, Jan 28, 2010 at 11:24 PM, Bil Corry <bil@corry.biz> wrote: > Going back to the issue at hand, if Microsoft is unwilling to adopt the more secure behavior, For what it's worth, we haven't heard anyone from Microsoft refuse to implement host-only cookies. Of course, an explicit message of support for host-only cookies from Redmond would be ideal, but the indications I've seen have been generally positive. Adam
- [http-state] Ticket 6: host-only cookies Adam Barth
- Re: [http-state] Ticket 6: host-only cookies Daniel Stenberg
- Re: [http-state] Ticket 6: host-only cookies Dan Winship
- Re: [http-state] Ticket 6: host-only cookies Adam Barth
- Re: [http-state] Ticket 6: host-only cookies Adam Barth
- Re: [http-state] Ticket 6: host-only cookies Dan Winship
- Re: [http-state] Ticket 6: host-only cookies Adam Barth
- Re: [http-state] Ticket 6: host-only cookies Maciej Stachowiak
- Re: [http-state] Ticket 6: host-only cookies Roy T. Fielding
- Re: [http-state] Ticket 6: host-only cookies Adam Barth
- Re: [http-state] Ticket 6: host-only cookies Roy T. Fielding
- Re: [http-state] Ticket 6: host-only cookies Adam Barth
- Re: [http-state] Ticket 6: host-only cookies Bil Corry
- Re: [http-state] Ticket 6: host-only cookies Adam Barth
- Re: [http-state] Ticket 6: host-only cookies Eran Hammer-Lahav
- Re: [http-state] Ticket 6: host-only cookies Julian Reschke
- Re: [http-state] Ticket 6: host-only cookies Bil Corry
- Re: [http-state] Ticket 6: host-only cookies Adam Barth
- Re: [http-state] Ticket 6: host-only cookies Julian Reschke
- Re: [http-state] Ticket 6: host-only cookies Dan Winship
- Re: [http-state] Ticket 6: host-only cookies Lisa Dusseault
- Re: [http-state] Ticket 6: host-only cookies Blake Frantz
- Re: [http-state] Ticket 6: host-only cookies Adam Barth
- Re: [http-state] Ticket 6: host-only cookies Bil Corry
- Re: [http-state] Ticket 6: host-only cookies Adam Barth
- Re: [http-state] Ticket 6: host-only cookies Dave Kristol
- Re: [http-state] Ticket 6: host-only cookies Adam Barth
- Re: [http-state] Ticket 6: host-only cookies Dave Kristol
- Re: [http-state] Ticket 6: host-only cookies Adam Barth
- Re: [http-state] Ticket 6: host-only cookies Bil Corry
- Re: [http-state] Ticket 6: host-only cookies Mark Pauley