Re: [http-state] Ticket 6: host-only cookies

Adam Barth <ietf@adambarth.com> Fri, 29 January 2010 07:28 UTC

Return-Path: <adam@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DCDE13A695A for <http-state@core3.amsl.com>; Thu, 28 Jan 2010 23:28:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.732
X-Spam-Level:
X-Spam-Status: No, score=-1.732 tagged_above=-999 required=5 tests=[AWL=0.246, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fsnsHzlt6rrG for <http-state@core3.amsl.com>; Thu, 28 Jan 2010 23:28:58 -0800 (PST)
Received: from mail-pz0-f175.google.com (mail-pz0-f175.google.com [209.85.222.175]) by core3.amsl.com (Postfix) with ESMTP id 419983A6966 for <http-state@ietf.org>; Thu, 28 Jan 2010 23:28:58 -0800 (PST)
Received: by pzk5 with SMTP id 5so1514823pzk.29 for <http-state@ietf.org>; Thu, 28 Jan 2010 23:29:17 -0800 (PST)
MIME-Version: 1.0
Received: by 10.142.249.22 with SMTP id w22mr359539wfh.52.1264750157063; Thu, 28 Jan 2010 23:29:17 -0800 (PST)
In-Reply-To: <4B628D14.9080003@corry.biz>
References: <7789133a1001220050m56cc438x35099b7972639331@mail.gmail.com> <alpine.DEB.2.00.1001220957240.9467@tvnag.unkk.fr> <33259CFA-E50A-46D7-A315-5D68ACB69CDB@apple.com> <2C56E4FA-8BE2-479A-AA53-E64DC3A907E2@gbiv.com> <4B628D14.9080003@corry.biz>
From: Adam Barth <ietf@adambarth.com>
Date: Thu, 28 Jan 2010 23:28:57 -0800
Message-ID: <7789133a1001282328s5091b833h9589657792b9f719@mail.gmail.com>
To: Bil Corry <bil@corry.biz>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Daniel Stenberg <daniel@haxx.se>, http-state <http-state@ietf.org>
Subject: Re: [http-state] Ticket 6: host-only cookies
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2010 07:28:59 -0000

On Thu, Jan 28, 2010 at 11:24 PM, Bil Corry <bil@corry.biz> wrote:
> Going back to the issue at hand, if Microsoft is unwilling to adopt the more secure behavior,

For what it's worth, we haven't heard anyone from Microsoft refuse to
implement host-only cookies.  Of course, an explicit message of
support for host-only cookies from Redmond would be ideal, but the
indications I've seen have been generally positive.

Adam