[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [trust-el] Groups - Draft Analysis End Point Identity - Cookie OS Browser uploaded
I recommend a few minor additions to this document: 1. Replace "OS Browser Cookie" by "OS Browser Cookie and other client state mechanisms" HTTP-Cookies as of RFC 2109 are the most common implementation of the more generic concept of client-side state mechanisms. Further wide-spread methods are flash cookies and HTML5 Web Storage. Other plugins may provide similar functionality.2. re "How does the method address the threat of
eavesdropping?" The current wording is a partial view. The secure flag protects a cookie from being transmitted over a non-encrypted connection. But even more important is the Same Origin Policy which limits the access to the client-side state to _javascript_ from the same origin (protocol, domain, port). 3. It should be mentioned that client side state (-> 3rd party cookies) has implications with regards to privacy of users. Regards, Rainer Am 13.09.2012 um 18:54 schrieb Mary Ruddy <mary@meristic.com>:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]