http-extensions icon indicating copy to clipboard operation
http-extensions copied to clipboard

Published 20 hours ago verified publisher icon httpwg

EAT Cookies

Open mnot opened this issue 6 years ago • 3 comments

When we started 6265bis, we gained WG consensus to incorporate Expiring Aggressively Those HTTP Cookies.

mnot avatar Nov 11 '18 02:11 mnot

Yes, this seems to have been one of the main drivers for a new version of the spec. Since this issue was opened just a month ago, I assume no detailed decisions have been made on how the incorporation should happen (I saw the comment that it may be incorporated non-verbatim).

johnwilander avatar Dec 18 '18 18:12 johnwilander

I don't think that any vendor has made substantial progress in this space, and I don't think waiting for someone to ship something is going to meet the goal of finishing this document in Q1.

Would it be reasonable to add an aspirational section to the Security Considerations that points to @martinthomson's EAT draft, and my https://github.com/mikewest/cookies-over-http-bad as potential directions that user agents should feel encouraged to explore? Or should we punt this further down the road?

mikewest avatar Jan 10 '20 07:01 mikewest

This was always going to be aspirational. Recognizing that maximum retention lifetimes are a question of policy means that you are not going to get much out of these specs. I would prefer to look at the main body of the document though, as your suggestion says.

martinthomson avatar Jan 12 '20 23:01 martinthomson