[http-state] draft-salgueiro-secure-state-management

Gonzalo Salgueiro <gsalguei@cisco.com> Thu, 18 February 2010 23:43 UTC

Return-Path: <gsalguei@cisco.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 985403A8096 for <http-state@core3.amsl.com>; Thu, 18 Feb 2010 15:43:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id 8L-WTAZPizhG for <http-state@core3.amsl.com>; Thu, 18 Feb 2010 15:43:24 -0800 (PST)
Received: from av-tac-rtp.cisco.com (hen.cisco.com []) by core3.amsl.com (Postfix) with ESMTP id A0F283A8094 for <http-state@ietf.org>; Thu, 18 Feb 2010 15:43:24 -0800 (PST)
X-TACSUNS: Virus Scanned
Received: from rooster.cisco.com (localhost.cisco.com []) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id o1INj5rk011036; Thu, 18 Feb 2010 18:45:06 -0500 (EST)
Received: from dhcp-172-18-251-86.cisco.com (dhcp-172-18-251-86.cisco.com []) by rooster.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id o1INj3me000532; Thu, 18 Feb 2010 18:45:04 -0500 (EST)
From: Gonzalo Salgueiro <gsalguei@cisco.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 18 Feb 2010 18:45:03 -0500
Message-Id: <E022D1C0-F0DF-4BF3-B309-317B38314788@cisco.com>
To: http-state@ietf.org
Mime-Version: 1.0 (Apple Message framework v1077)
X-Mailer: Apple Mail (2.1077)
Subject: [http-state] draft-salgueiro-secure-state-management
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2010 23:43:25 -0000

Folks - 

I have posted the following draft:


This draft provides a simple method for providing a reasonable level of security when exchanging state management information through HTTP in situations where TLS is not employed.

We would appreciate receiving any comments you have and input on whether you think this might be a complementary addition to the work the WG is already undertaking.



This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.

For corporate legal information go to: