Stefanos Harhalakis wrote on 12/12/2008 1:49 PM:
> My personal opinion is that any IETF related conversation regarding this
> issue
> should happen at ietf-http-wg list (unless a new WG is created).
As you point out, I did post to ietf-http-wg and the feedback I received was
that someone shoul
Hello there,
On Friday 12 December 2008, Bil Corry wrote:
> Gervase Markham wrote on 12/12/2008 11:23 AM:
> > Is this an official IETF group? It seems odd that its list is not on the
> > IETF mailing list server.
>
> We're not officially affiliated with any group, although the plan is to
> move it
Gervase Markham wrote on 12/12/2008 11:22 AM:
> Bil Corry wrote:
>> Let's back up. The CSP method you support (correct me if I'm wrong)
>> is for the server to send a CSP header to all clients. And if the
>> client understands the header, it'll kick on some extra protections
>> not currently aff
Gervase Markham wrote on 12/12/2008 11:23 AM:
> Bil Corry wrote:
>> There's a group of us working on creating a spec for HTTPOnly cookies.
>
> This isn't being done by WHAT-WG, then?
>
>> If you have an active interest in participating, our list is here:
>>
>> http://groups.google.com/grou
Bil Corry wrote:
> Let's back up. The CSP method you support (correct me if I'm wrong)
> is for the server to send a CSP header to all clients. And if the
> client understands the header, it'll kick on some extra protections
> not currently afforded to the site. And that's great for CSPv1. But
Bil Corry wrote:
> There's a group of us working on creating a spec for HTTPOnly cookies.
This isn't being done by WHAT-WG, then?
> If you have an active interest in participating, our list is here:
>
> http://groups.google.com/group/ietf-httponly-wg
Is this an official IETF group? It se
There's a group of us working on creating a spec for HTTPOnly cookies. We have
a draft of the HTTPOnly scope available to review:
http://docs.google.com/View?docid=dxxqgkd_0cvcqhsdw
If you have an active interest in participating, our list is here:
http://groups.google.com/grou