WG Review: HTTP State Management Mechanism (httpstate)
IESG Secretary <iesg-secretary@ietf.org> Tue, 24 November 2009 18:00 UTC
Return-Path: <root@core3.amsl.com>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id 236D83A696B; Tue, 24 Nov 2009 10:00:01 -0800 (PST)
From: IESG Secretary <iesg-secretary@ietf.org>
To: ietf-announce@ietf.org
Subject: WG Review: HTTP State Management Mechanism (httpstate)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0
Message-Id: <20091124180002.236D83A696B@core3.amsl.com>
Date: Tue, 24 Nov 2009 10:00:02 -0800
Cc: http-state@ietf.org
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: iesg@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2009 18:00:02 -0000
A new IETF working group has been proposed in the Applications Area. The IESG has not made any determination as yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by Tuesday, December 1, 2009. HTTP State Management Mechanism (httpstate) --------------------------------------------------- Current Status: Proposed Working Group Last modified: 2009-11-11 Chair(s): TBD Applications Area Director(s): Lisa Dusseault <lisa.dusseault@gmail.com> Alexey Melnikov <alexey.melnikov@isode.com> Applications Area Advisor: Lisa Dusseault <lisa.dusseault@gmail.com> Mailing Lists: General Discussion: http-state@ietf.org To Subscribe: https://www.ietf.org/mailman/listinfo/http-state Archive: http://www.ietf.org/mail-archive/web/http- state/current/maillist.html Alternative Archive: http://groups.google.com/group/http-state Description of Working Group: The HTTP State Management Mechanism (aka Cookies) was originally created by Netscape Communications in their informal Netscape cookie specification ("cookie_spec.html"), from which formal specifications RFC 2109 and RFC 2965 evolved. The formal specifications, however, were never fully implemented in practice; RFC 2109, in addition to cookie_spec.html, more closely resemble real-world implementations than RFC 2965, even though RFC 2965 officially obsoletes the former. Compounding the problem are undocumented features (such as HTTPOnly), and varying behaviors among real-world implementations. The working group will create a new RFC that obsoletes RFC 2109 and specifies Cookies as they are actually used in existing implementations and deployments. Where differences exist among the most commonly used implementations, the working group will document the variations. Where consensus exists among the most commonly used implementations, the working group will specify the consensus behavior. The working group must not introduce any new syntax or new semantics not already in common use. The working group's specific deliverables are: * A standards-track document that is suitable to supersede RFC 2109 (likely based on draft-abarth-cookie) * An informational document cataloguing the differences between major implementations In doing so, the working group should consider: * cookie_spec.html - Netscape Cookie Specification http://web.archive.org/web/20070805052634/http://wp.netscape.com/newsre f/std/cookie_spec.html * RFC 2109 - HTTP State Management Mechanism (Obsoleted by RFC 2965) http://tools.ietf.org/html/rfc2109 * RFC 2964 - Use of HTTP State Management http://tools.ietf.org/html/rfc2964 * RFC 2965 - HTTP State Management Mechanism (Obsoletes RFC 2109) http://tools.ietf.org/html/rfc2965 * I-D - HTTP State Management Mechanism v2 http://tools.ietf.org/html/draft-pettersen-cookie-v2 * I-D - Cookie-based HTTP Authentication http://tools.ietf.org/html/draft-broyer-http-cookie-auth * Widely Implemented - HTTPOnly http://www.owasp.org/index.php/HTTPOnly * Browser Security Handbook - Cookies http://code.google.com/p/browsersec/wiki/Part2#Same- origin_policy_for_cookies * HTTP Cookies: Standards, Privacy, and Politics by David M. Kristol http://arxiv.org/PS_cache/cs/pdf/0105/0105018v1.pdf Goals and Milestones: Jan 2010 - Feature-complete Internet-Draft of Cookie specification Mar 2010 - Feature-complete test suite of Cookie specification May 2010 - First fully conforming implementation in a major browser Jul 2010 - Last Call for Cookie specification Sep 2010 - Second fully conforming implementation in a major browser Nov 2010 - Submit Cookie specification to IESG for consideration as a Draft Standard Nov 2010 - Submit deviation description to IESG for consideration as Informational
- WG Review: HTTP State Management Mechanism (https… IESG Secretary