[websec] Input for conflict review of draft-secure-cookie-session-protocol

Barry Leiba <barryleiba@computer.org> Thu, 18 October 2012 02:25 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D553A21F85A0; Wed, 17 Oct 2012 19:25:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.063
X-Spam-Status: No, score=-103.063 tagged_above=-999 required=5 tests=[AWL=-0.086, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id BQ-zbS5vzQt9; Wed, 17 Oct 2012 19:25:17 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com []) by ietfa.amsl.com (Postfix) with ESMTP id F264C21F858F; Wed, 17 Oct 2012 19:25:16 -0700 (PDT)
Received: by mail-vb0-f44.google.com with SMTP id fc26so9059434vbb.31 for <multiple recipients>; Wed, 17 Oct 2012 19:25:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:date:x-google-sender-auth:message-id :subject:from:to:content-type; bh=wDQUSB9tpDe14FGwx645Vg/vnew7n8nYqFeGQB6O4aE=; b=rzY++5GMc6OqwX7RSVaS0nPa7hZGiYaEfPteBu1izozhiDV8oX3vMDA/cUhjP4/ofb fDLLB3IIn0+mmvfVB6kQgp6IMPufbLHBhLS73XaHs+GOZdn7WkPXNo22dSH8WebcPRGi ypyZ7prrfaAYqaXfcIo4rCIkOZg93lHz+8rZIKqAtd2do3Sgkw+1a25gYF7efyX8XOuJ /WcOeYevY30MH5+sQPxvViYnWkNx/EbGs/06Gr4KkcKWIVJIXUiuBfQu7tjuTAYK8BGw YOhluEo8kV7W3AbBWqjV0K9UzTEFiH93lPknyQSozjviJ3vEluNu6InCEh3kSfhi8oFh DgJg==
MIME-Version: 1.0
Received: by with SMTP id hw5mr2987796vcb.53.1350527116394; Wed, 17 Oct 2012 19:25:16 -0700 (PDT)
Sender: barryleiba@gmail.com
Received: by with HTTP; Wed, 17 Oct 2012 19:25:16 -0700 (PDT)
Date: Wed, 17 Oct 2012 22:25:16 -0400
X-Google-Sender-Auth: FotLzZ0QiWKnuBHTBtR-wzeeV4Y
Message-ID: <CALaySJK5JBo1cbsqcX6hyk0gSkDciZkX3o=o+rg9rgNVqBeRhw@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: http-state@ietf.org, websec@ietf.org, ietf-http-wg@w3.org, apps-discuss@ietf.org, oauth@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [websec] Input for conflict review of draft-secure-cookie-session-protocol
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: saag@ietf.org
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2012 02:25:18 -0000

A document titled "Secure Cookie Sessions for HTTP" has been submitted
to the Independent Stream Editor (ISE):

The IESG has been asked to review the document, as specified in RFC
5742, Section 3.  The Security and Applications Area Directors are
looking for input for that review.  Please post any relevant comments
to the Security Area list, <saag@ietf.org>, as soon as possible, and at
least by 1 November 2012.

Note: Please do NOT post responses to any of these mailing lists.
Respond only to <saag@ietf.org> (using the subject line of this

Please read RFC 5742, Section 3, and be aware that we are not looking
for detailed comments on the document itself (see below).  We
specifically need input on whether this document is in conflict with
work that's being done in the IETF.  Look at the five possible
responses specified in that section, and help us determine whether any
of 2 through 5 applies.  Please be specific in your response.

In addition to this, we're sure that the authors and the ISE would
appreciate comments about the document.  If you have those, you may
send them directly to the authors at
and to the ISE at <rfc-ise@rfc-editor.org>.
General discussion of the document on these lists or the saag list will
likely not get to the authors or the ISE.

Barry Leiba, Applications AD