Re: [http-state] http-state charter

Bil Corry <bil@corry.biz> Fri, 31 July 2009 14:50 UTC

Return-Path: <bil@corry.biz>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6E73D28C323 for <http-state@core3.amsl.com>; Fri, 31 Jul 2009 07:50:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.397
X-Spam-Level:
X-Spam-Status: No, score=-3.397 tagged_above=-999 required=5 tests=[AWL=-1.662, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNtiNnVONB81 for <http-state@core3.amsl.com>; Fri, 31 Jul 2009 07:50:05 -0700 (PDT)
Received: from mail.mindio.com (app1.bc.anu.net [193.189.141.126]) by core3.amsl.com (Postfix) with ESMTP id 7159528C116 for <http-state@ietf.org>; Fri, 31 Jul 2009 07:50:05 -0700 (PDT)
Received: from [127.0.0.1] (unknown [98.212.72.151]) by mail.mindio.com (Postfix) with ESMTP id F0568FC49A; Fri, 31 Jul 2009 09:50:05 -0500 (CDT)
Message-ID: <4A730493.1060406@corry.biz>
Date: Fri, 31 Jul 2009 09:49:55 -0500
From: Bil Corry <bil@corry.biz>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: Daniel Stenberg <daniel@haxx.se>
References: <4A70D2D2.9050900@corry.biz> <Pine.LNX.4.62.0907292332310.3168@hixie.dreamhostps.com> <4A71EEF2.2020205@corry.biz> <alpine.DEB.2.00.0907311441300.24178@yvahk2.pbagnpgbe.fr>
In-Reply-To: <alpine.DEB.2.00.0907311441300.24178@yvahk2.pbagnpgbe.fr>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: "http-state@ietf.org" <http-state@ietf.org>
Subject: Re: [http-state] http-state charter
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2009 14:50:06 -0000

Daniel Stenberg wrote on 7/31/2009 7:42 AM: 
> On Thu, 30 Jul 2009, Bil Corry wrote:
> 
>> BTW, my original goal for this WG was a bit more ambitious, but I've
>> rethought it.  If this WG can produce an updated Cookie RFC that
>> documents how cookies are actually widely implemented (including
>> HTTPOnly), I think that would be an excellent start.
> 
> Related to this, allow me to mention a pretty good resource for httpOnly
> details:
> 
>     http://www.owasp.org/index.php/HTTPOnly
> 

That document is the reason for this group -- I started out (along with Jim Manico and others) wanting to create a RFC for HTTPOnly, but was told that doing so without an updated Cookie specification "seems like work bordering to useless".  You might remember the conversation :)

	http://lists.w3.org/Archives/Public/ietf-http-wg/2008OctDec/0237.html


- Bil