Bil Corry wrote:
There's a group of us working on creating a spec for HTTPOnly cookies. We have a draft of the HTTPOnly scope available to review:http://docs.google.com/View?docid=dxxqgkd_0cvcqhsdw If you have an active interest in participating, our list is here: http://groups.google.com/group/ietf-httponly-wg
My first reaction to all this is: Can you really create a useful spec for HTTPOnly cookies without first creating a spec for cookies? I.e. as far as I know there is no useable spec out there for how to parse HTTPOnly cookies at all, so it'd seem hard to detect what a HTTPOnly cookie is.
That said, having a spec for cookies as well as HTTPOnly cookies would be great. However I think that you should try to as soon as possible bring the work to any of the existing organizations, such as IETF or WHATWG.
/ Jonas _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
