Re: [http-state] I-D Action:draft-ietf-httpstate-cookie-03.txt

David Morris <dwm@xpasc.com> Tue, 23 February 2010 07:06 UTC

Return-Path: <dwm@xpasc.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9EBFD3A6774 for <http-state@core3.amsl.com>; Mon, 22 Feb 2010 23:06:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.307
X-Spam-Level:
X-Spam-Status: No, score=-1.307 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MISSING_HEADERS=1.292]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QCp-cVrI2HDv for <http-state@core3.amsl.com>; Mon, 22 Feb 2010 23:06:51 -0800 (PST)
Received: from mail.xpasc.com (mail.xpasc.com [68.164.244.189]) by core3.amsl.com (Postfix) with ESMTP id 53A3828C538 for <http-state@ietf.org>; Mon, 22 Feb 2010 23:06:49 -0800 (PST)
Received: from bslepgate.xpasc.com (localhost.localdomain [127.0.0.1]) by bslepgate.xpasc.com (Postfix-out) with ESMTP id 088C0101851 for <http-state@ietf.org>; Mon, 22 Feb 2010 23:08:50 -0800 (PST)
X-Propel-Return-Path: <dwm@xpasc.com>
Received: from mail.xpasc.com ([10.1.2.88]) by [127.0.0.1] ([127.0.0.1]) (port 7027) (Abaca EPG outproxy filter 3.1.1.9347 $Rev: 9262 $) id iz6Ura2n78N0; Mon, 22 Feb 2010 23:08:50 -0800
Received: from xpasc.com (egate.xpasc.com [10.1.2.49]) by bslepgate.xpasc.com (Postfix-out) with ESMTP id D70F4101843 for <http-state@ietf.org>; Mon, 22 Feb 2010 23:08:49 -0800 (PST)
Received: from egate.xpasc.com (egate.xpasc.com [10.1.2.49]) by xpasc.com (8.13.8/8.13.8) with ESMTP id o1N78mHv027013 for <http-state@ietf.org>; Mon, 22 Feb 2010 23:08:48 -0800
Date: Mon, 22 Feb 2010 23:08:48 -0800 (PST)
From: David Morris <dwm@xpasc.com>
cc: http-state@ietf.org
In-Reply-To: <5c4444771002222233h5a22a2d1i5accd3b231b2d3da@mail.gmail.com>
Message-ID: <Pine.LNX.4.64.1002222306420.19952@egate.xpasc.com>
References: <20100213080001.D07A03A73C7@core3.amsl.com> <alpine.LNX.2.00.1002222350530.6570@tonga.securenet.de> <5c4444771002222233h5a22a2d1i5accd3b231b2d3da@mail.gmail.com>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="17445122-2071618414-1266908928=:19952"
X-Propel-ID: iz6Ura2n78N0
Subject: Re: [http-state] I-D Action:draft-ietf-httpstate-cookie-03.txt
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2010 07:06:51 -0000

Going from memory, I thought secure meant only sent of HTTPS and HttpOnly
was introduced since the original NS cookie spec to prevent script
access to the cookie.

On Mon, 22 Feb 2010, Adam Barth wrote:

> On Mon, Feb 22, 2010 at 3:06 PM, Achim Hoffmann <ah@securenet.de> wrote:
> >
> > Is there a typo in 5.2.6.  The HttpOnly Attribute ?
> >
> >  ".. with an attribute-name of Secure and an empt attribute-value."
> >
> > I guess "Secure" should be "HttpOnly".
>