Re: HTTPOnly cookies specification

[Bil Corry]

Gervase Markham wrote on 12/12/2008 11:23 AM: 
 Bil Corry wrote:
 There's a group of us working on creating a spec for HTTPOnly cookies. 
 
 This isn't being done by WHAT-WG, then?
 
 If you have an active interest in participating, our list is here:

  http://groups.google.com/group/ietf-httponly-wg
 
 Is this an official IETF group? It seems odd that its list is not on the
 IETF mailing list server.

We're not officially affiliated with any group, although the plan is to move it 
to IETF or work with Yngve to add it to his cookie draft.  If you're willing to 
get us added officially to a group, we'd love the help.


- Bil

___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security

Re: HTTPOnly cookies specification

[Stefanos Harhalakis]

Hello there,

On Friday 12 December 2008, Bil Corry wrote:
 Gervase Markham wrote on 12/12/2008 11:23 AM:
  Is this an official IETF group? It seems odd that its list is not on the
  IETF mailing list server.

 We're not officially affiliated with any group, although the plan is to
 move it to IETF or work with Yngve to add it to his cookie draft.  If
 you're willing to get us added officially to a group, we'd love the help.

FWIW, some related ietf-http-wg talk about this is listed here:

http://www.nabble.com/HttpOnly-to16117176.html#a16117176
http://www.nabble.com/HTTPOnly-Cookies-Specification-to20611621.html#a20611621

My personal opinion is that any IETF related conversation regarding this issue 
should happen at ietf-http-wg list (unless a new WG is created). Otherway it 
should be moved to the general purpose apps-discuss mailing list (but I don't 
recommend it). People at the ietf-http-wg list are more than helpful.

Since this is the mozilla list I suggest looking at the comment of Dan 
Winship at the second link  :-)
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security