I-D Action: draft-ietf-httpbis-cookie-alone-01.txt

internet-drafts@ietf.org Mon, 05 September 2016 08:16 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70D1E12B099 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 5 Sep 2016 01:16:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.429
X-Spam-Level:
X-Spam-Status: No, score=-8.429 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.508, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kgoZgrDlNdK1 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 5 Sep 2016 01:16:16 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20DBE12B0A5 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 5 Sep 2016 01:16:15 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bgp0L-0001sN-9O for ietf-http-wg-dist@listhub.w3.org; Mon, 05 Sep 2016 08:11:45 +0000
Resent-Date: Mon, 05 Sep 2016 08:11:45 +0000
Resent-Message-Id: <E1bgp0L-0001sN-9O@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <internet-drafts@ietf.org>) id 1bgp0A-0001rD-9M for ietf-http-wg@listhub.w3.org; Mon, 05 Sep 2016 08:11:34 +0000
Received: from mail.ietf.org ([4.31.198.44]) by maggie.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <internet-drafts@ietf.org>) id 1bgp08-00026T-2L for ietf-http-wg@w3.org; Mon, 05 Sep 2016 08:11:33 +0000
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A1DAE12B130; Mon, 5 Sep 2016 01:11:05 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
Cc: ietf-http-wg@w3.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.31.1
Auto-Submitted: auto-generated
Message-ID: <147306306545.3057.14549300855211996670.idtracker@ietfa.amsl.com>
Date: Mon, 05 Sep 2016 01:11:05 -0700
Received-SPF: pass client-ip=4.31.198.44; envelope-from=internet-drafts@ietf.org; helo=mail.ietf.org
X-W3C-Hub-Spam-Status: No, score=-5.9
X-W3C-Hub-Spam-Report: AWL=-0.284, BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.056, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1bgp08-00026T-2L 8014ead565ba068546edaaecc9af2c7d
X-Original-To: ietf-http-wg@w3.org
Subject: I-D Action: draft-ietf-httpbis-cookie-alone-01.txt
Archived-At: <http://www.w3.org/mid/147306306545.3057.14549300855211996670.idtracker@ietfa.amsl.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32376
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Hypertext Transfer Protocol of the IETF.

        Title           : Deprecate modification of 'secure' cookies from non-secure origins
        Author          : Mike West
	Filename        : draft-ietf-httpbis-cookie-alone-01.txt
	Pages           : 6
	Date            : 2016-09-05

Abstract:
   This document updates RFC6265 by removing the ability for a non-
   secure origin to set cookies with a 'secure' flag, and to overwrite
   cookies whose 'secure' flag is set.  This deprecation improves the
   isolation between HTTP and HTTPS origins, and reduces the risk of
   malicious interference.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-alone/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-httpbis-cookie-alone-01


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/