I-D Action: draft-ietf-httpbis-cookie-same-site-00.txt
internet-drafts@ietf.org Tue, 21 June 2016 01:07 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B934812DAD3 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 20 Jun 2016 18:07:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.347
X-Spam-Level:
X-Spam-Status: No, score=-8.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aLCRXN6OSNMO for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 20 Jun 2016 18:07:58 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 353E512DAD0 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 20 Jun 2016 18:07:57 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bFA66-0002gx-Ml for ietf-http-wg-dist@listhub.w3.org; Tue, 21 Jun 2016 01:03:22 +0000
Resent-Date: Tue, 21 Jun 2016 01:03:22 +0000
Resent-Message-Id: <E1bFA66-0002gx-Ml@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <internet-drafts@ietf.org>) id 1bFA5x-0002ab-VK for ietf-http-wg@listhub.w3.org; Tue, 21 Jun 2016 01:03:13 +0000
Received: from mail.ietf.org ([4.31.198.44]) by lisa.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <internet-drafts@ietf.org>) id 1bFA5t-0000ib-2k for ietf-http-wg@w3.org; Tue, 21 Jun 2016 01:03:12 +0000
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BD15212DACA; Mon, 20 Jun 2016 18:02:42 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: ietf-http-wg@w3.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.23.0
Auto-Submitted: auto-generated
Message-ID: <20160621010242.30206.73663.idtracker@ietfa.amsl.com>
Date: Mon, 20 Jun 2016 18:02:42 -0700
Received-SPF: pass client-ip=4.31.198.44; envelope-from=internet-drafts@ietf.org; helo=mail.ietf.org
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: AWL=-0.092, BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1bFA5t-0000ib-2k 7c9dc95cc1d941fdccafd66793775e81
X-Original-To: ietf-http-wg@w3.org
Subject: I-D Action: draft-ietf-httpbis-cookie-same-site-00.txt
Archived-At: <http://www.w3.org/mid/20160621010242.30206.73663.idtracker@ietfa.amsl.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31736
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Hypertext Transfer Protocol of the IETF.
Title : Same-Site Cookies
Authors : Mike West
Mark Goodwin
Filename : draft-ietf-httpbis-cookie-same-site-00.txt
Pages : 14
Date : 2016-06-20
Abstract:
This document updates RFC6265 by defining a "SameSite" attribute
which allows servers to assert that a cookie ought not to be sent
along with cross-site requests. This assertion allows user agents to
mitigate the risk of cross-origin information leakage, and provides
some protection against cross-site request forgery attacks.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-httpbis-cookie-same-site/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
- Re: I-D Action: draft-ietf-httpbis-cookie-same-si… Julian Reschke
- I-D Action: draft-ietf-httpbis-cookie-same-site-0… internet-drafts