[http-state] SCS I-D document

tho <tho@koanlogic.com> Tue, 22 February 2011 20:22 UTC

Return-Path: <tho@koanlogic.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 75D6E3A6891 for <http-state@core3.amsl.com>; Tue, 22 Feb 2011 12:22:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.505
X-Spam-Level: *
X-Spam-Status: No, score=1.505 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, IP_NOT_FRIENDLY=0.334, RDNS_NONE=0.1, SARE_RECV_IP_069060096=1.666]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ivabbj+7wJY5 for <http-state@core3.amsl.com>; Tue, 22 Feb 2011 12:22:03 -0800 (PST)
Received: from gonzo.koanlogic.com (unknown [69.60.118.166]) by core3.amsl.com (Postfix) with ESMTP id 5C4C23A67B0 for <http-state@ietf.org>; Tue, 22 Feb 2011 12:22:03 -0800 (PST)
Received: from host214-195-dynamic.43-79-r.retail.telecomitalia.it ([79.43.195.214]:65297 helo=[192.168.1.3]) by sp2844.serverpronto.com with esmtpsa (TLS-1.0:RSA_AES_128_CBC_SHA:16) (Exim 4.50) id 1Prykp-0006yw-Cm for http-state@ietf.org; Tue, 22 Feb 2011 15:22:48 -0500
From: tho <tho@koanlogic.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Tue, 22 Feb 2011 21:22:05 +0100
Message-Id: <6B225A95-E14E-4178-AF98-689C3161A584@koanlogic.com>
To: http-state@ietf.org
Mime-Version: 1.0 (Apple Message framework v1082)
X-Mailer: Apple Mail (2.1082)
X-SA-Exim-Connect-IP: 79.43.195.214
X-SA-Exim-Mail-From: tho@koanlogic.com
X-Spam-DCC: :
X-Spam-Pyzor: Reported 0 times.
X-SA-Exim-Version: 4.2 (built Thu, 03 Mar 2005 10:44:12 +0100)
X-SA-Exim-Scanned: Yes (on sp2844.serverpronto.com)
Subject: [http-state] SCS I-D document
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Feb 2011 20:22:04 -0000

Hello all,

we have just uploaded the following I-D:

http://www.ietf.org/id/draft-secure-cookie-session-protocol-00.txt

The draft describes a tiny cryptographic protocol layered on top of cookies, that can be used to handle session state in cases where the origin server doesn't want to, or simply can't, use local storage.  

It targets web server applications deployed on embedded devices with small or no disk, as well as distributed/parallel web apps that could benefit from the lack of a centralized data store or some other peering mechanism to maintain clients' state.

We were wondering if the draft could be taken as a working item by the http-state WG, in which case we're available to drive the related editing, implementation and interoperability activities.

In this respect, we've implemented a beta version of the protocol in one of our products, and are currently working on a reference implementation which will be licensed as Public Domain, BSD or GPL'd software, depending on the linked crypto toolkit.

The source code can be found at http://github.com/koanlogic/libscs and is open to contribution from anyone who wants to join: we have just setup the libscs-dev mailing list (http://koanlogic.com/cgi-bin/mailman/listinfo/libscs-dev) to coordinate the code development. 

Any comment is very welcome !

t.