On Wed, Feb 11, 2015 at 10:52 AM, Anne van Kesteren <ann...@annevk.nl> wrote:
> On Wed, Feb 11, 2015 at 10:42 AM, Jonas Sicking <jo...@sicking.cc> wrote: > > Has the group looked at expanding the feature set of cookies to allow > > better CSRF protection? > This doesn't seem like a good fit for WebAppSec. Various IETF groups have generally been responsible for cookies. > Mike has: > > > https://mikewest.github.io/internetdrafts/origin-cookies/draft-west-origin-cookies-00.html > > https://mikewest.github.io/internetdrafts/first-party-cookies/draft-west-first-party-cookies-00.html > > Not many people are interested thus far is my understanding. Copied > Mike if he has anything to add. Some folks on the HTTP WG list (Martin in particular) had some interesting feedback, but my general impression was that I was the only one excited about it. I don't intend to let either spec die, as I think they're potentially important, but I haven't prioritized building a prototype to play with. Coincidentally, I talked to a colleague just this morning who might have some spare cycles coming up, so who knows. Maybe he'll build a prototype for us. :) -mike -- Mike West <mk...@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
