fyi: websec inviting more feedback on session continuation (i.e. cookies) during our meeting on Monday at 15:10

Tobias Gondrom <tobias.gondrom@gondrom.org> Sun, 28 July 2013 15:36 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A96A321F9C38 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 28 Jul 2013 08:36:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.98
X-Spam-Level:
X-Spam-Status: No, score=-2.98 tagged_above=-999 required=5 tests=[AWL=7.618, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gLFMtBkuewnE for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 28 Jul 2013 08:36:00 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id C595C21F9C08 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 28 Jul 2013 08:36:00 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1V3SzE-0000j5-95 for ietf-http-wg-dist@listhub.w3.org; Sun, 28 Jul 2013 15:34:20 +0000
Resent-Date: Sun, 28 Jul 2013 15:34:20 +0000
Resent-Message-Id: <E1V3SzE-0000j5-95@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <tobias.gondrom@gondrom.org>) id 1V3Sz1-0000hL-OK for ietf-http-wg@listhub.w3.org; Sun, 28 Jul 2013 15:34:07 +0000
Received: from lvps176-28-13-69.dedicated.hosteurope.de ([176.28.13.69]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <tobias.gondrom@gondrom.org>) id 1V3Sz1-0002qT-0O for ietf-http-wg@w3.org; Sun, 28 Jul 2013 15:34:07 +0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=e45Y9d180lQ81htVWJfmvvyEKOlt7BWcYhjbbbn1+uzPvK30kH0dekOZGvsuReyeVPBTcvgrLs0j5+oQjXXarbFFaGc1Q3RDmSk+ySWJOBoLjpzBdGTiF84kLF/8Cw2Q; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:X-Enigmail-Version:Content-Type;
Received: (qmail 26376 invoked from network); 28 Jul 2013 17:33:44 +0200
Received: from dhcp-461e.meeting.ietf.org (HELO ?130.129.70.30?) (130.129.70.30) by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 28 Jul 2013 17:33:44 +0200
Message-ID: <51F539D8.6040202@gondrom.org>
Date: Sun, 28 Jul 2013 17:33:44 +0200
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7
MIME-Version: 1.0
To: ietf-http-wg@w3.org
CC: ynir@checkpoint.com
X-Enigmail-Version: 1.5.2
Content-Type: multipart/alternative; boundary="------------010303040600020308090301"
Received-SPF: pass client-ip=176.28.13.69; envelope-from=tobias.gondrom@gondrom.org; helo=lvps176-28-13-69.dedicated.hosteurope.de
X-W3C-Hub-Spam-Status: No, score=0.1
X-W3C-Hub-Spam-Report: AWL=-0.831, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_DYNAMIC_IPADDR=1.951, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.982, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1V3Sz1-0002qT-0O ac6b3db5cf44c2b6df3d6abead476cec
X-Original-To: ietf-http-wg@w3.org
Subject: fyi: websec inviting more feedback on session continuation (i.e. cookies) during our meeting on Monday at 15:10
Archived-At: <http://www.w3.org/mid/51F539D8.6040202@gondrom.org>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18950
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi all,

sorry for the cross posting, but as this might also be of interest to
some people in httpbis as well:

fyi: over the last few months, websec had several discussions and
proposals about improving cookies / session continuation and we have a
couple of ideas on the agenda for our meeting on Monday at 15:10. The
chairs would love to hear and invite more feedback and comments from the
community.

Cheers, Yoav & Tobias
(co-chairs websec)


Ps.: To be clear the WG has not formally adopted any of the IDs yet. And
we will definitely discuss this further with Mark and others before
doing so.