[secdir] secdir review of draft-ietf-httpstate-cookie

Kurt Zeilenga <Kurt.Zeilenga@Isode.com> Fri, 03 December 2010 03:25 UTC

Return-Path: <Kurt.Zeilenga@Isode.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 6DAC428C121; Thu, 2 Dec 2010 19:25:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.47
X-Spam-Status: No, score=-102.47 tagged_above=-999 required=5 tests=[AWL=0.129, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id bHuL-zYw+Bez; Thu, 2 Dec 2010 19:25:20 -0800 (PST)
Received: from rufus.isode.com (rufus.isode.com []) by core3.amsl.com (Postfix) with ESMTP id 2F8C43A6A51; Thu, 2 Dec 2010 19:25:18 -0800 (PST)
Received: from [] (75-141-240-242.dhcp.reno.nv.charter.com []) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <TPhjaQAbxTzR@rufus.isode.com>; Fri, 3 Dec 2010 03:26:34 +0000
From: Kurt Zeilenga <Kurt.Zeilenga@Isode.com>
Date: Thu, 02 Dec 2010 19:26:29 -0800
Message-Id: <9BF7FFED-3F2C-4260-910F-89D461AD0719@Isode.com>
To: iesg@ietf.org
X-Mailer: Apple Mail (2.1082)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Cc: draft-ietf-httpstate-cookie@tools.ietf.org, secdir@ietf.org
Subject: [secdir] secdir review of draft-ietf-httpstate-cookie
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Dec 2010 03:25:21 -0000

I have reviewed this document (v19) as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

I find the document discusses well the security considerations associated with HTTP "cookies".

-- Kurt