From tlr@w3.org  Thu Dec  3 00:49:03 2009
Return-Path: <tlr@w3.org>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 434BB3A6948 for <saag@core3.amsl.com>; Thu,  3 Dec 2009 00:49:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.272
X-Spam-Level: 
X-Spam-Status: No, score=-10.272 tagged_above=-999 required=5 tests=[AWL=0.326, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UZH5JbVkZ8aK for <saag@core3.amsl.com>; Thu,  3 Dec 2009 00:48:57 -0800 (PST)
Received: from jay.w3.org (ssh.w3.org [128.30.52.60]) by core3.amsl.com (Postfix) with ESMTP id 3E5453A6846 for <saag@ietf.org>; Thu,  3 Dec 2009 00:48:57 -0800 (PST)
Received: from localhost ([127.0.0.1] helo=iCoaster.does-not-exist.org) by jay.w3.org with esmtp (Exim 4.69) (envelope-from <tlr@w3.org>) id 1NG7Mm-0000w9-4M; Thu, 03 Dec 2009 03:48:48 -0500
Received: from localhost ([127.0.0.1]) by iCoaster.does-not-exist.org with esmtp (Exim 4.66) (envelope-from <tlr@w3.org>) id KU2CYI-0010HN-L5; Thu, 03 Dec 2009 07:35:06 +0100
From: Thomas Roessler <tlr@w3.org>
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: multipart/alternative; boundary=Apple-Mail-260-194547175
Date: Thu, 3 Dec 2009 07:35:04 +0100
References: <9229A3DC-1B69-4ED6-9131-195D13D21A4F@w3.org>
To: saag@ietf.org
Message-Id: <4E3F5955-3F05-49C8-8473-49D4C7028623@w3.org>
X-Mailer: Apple Mail (2.1077)
Subject: [saag] Fwd: Welcome to the W3C web security mailing list
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2009 08:49:03 -0000

--Apple-Mail-260-194547175
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

FYI.  If you're interested in joining, send an e-mail with the subject =
"subscribe" to public-web-security-request@w3.org.

Thanks,
--
Thomas Roessler, W3C  <tlr@w3.org>







Begin forwarded message:

> From: Thomas Roessler <tlr@w3.org>
> Date: 1 December 2009 15:48:27 GMT+01:00
> To: public-web-security@w3.org
> Cc: Thomas Roessler <tlr@w3.org>
> Subject: Welcome to the W3C web security mailing list
>=20
> With some delay after the security BOF at TPAC, welcome to the W3C web =
security mailing list. If you want to get off this mailing list, please =
either contact me directly, or send a note with the subject =
"unsubscribe" to public-web-security-request@w3.org.
>=20
> The list has a publicly visible archive:
>  http://lists.w3.org/Archives/Public/public-web-security/
> A companion wiki is also available (writable for anybody with a W3C =
web account); I've put in a little bit of content to jump-start things =
(no full minutes from the BOF at TPAC, though):
>  http://www.w3.org/Security/wiki/
>=20
> The scope of the list is broad: "Improving standards and =
implementations to advance the security of the Web."  What's meant by =
this is that this mailing list is the right place to discuss topics =
like:
>=20
> - new specs that people want to bring to W3C, IETF or other relevant =
standards bodies
> - emerging security issues
> - bigger themes, like how and where to document the same origin policy
>=20
> With that, it's over to you!
> --
> Thomas Roessler, W3C  <tlr@w3.org>
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20


--Apple-Mail-260-194547175
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">FYI. =
&nbsp;If you're interested in joining, send an e-mail with the subject =
"subscribe" to&nbsp;<a =
href=3D"mailto:public-web-security-request@w3.org">public-web-security-req=
uest@w3.org</a>.<div><br></div><div>Thanks,<br><div><div><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; color: =
rgb(0, 0, 0); font-family: 'Helvetica Neue'; font-size: medium; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: 2; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
'Helvetica Neue'; font-size: medium; font-style: normal; font-variant: =
normal; font-weight: normal; letter-spacing: normal; line-height: =
normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: =
normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: =
0px; -webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "></span></span></div></div><div>
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; =
color: rgb(0, 0, 0); font-family: 'Helvetica Neue'; font-size: medium; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: 2; text-align: =
auto; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
'Helvetica Neue'; font-size: medium; font-style: normal; font-variant: =
normal; font-weight: normal; letter-spacing: normal; line-height: =
normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: =
normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: =
0px; -webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><font class=3D"Apple-style-span" size=3D"3"><span =
class=3D"Apple-style-span" style=3D"font-size: 12px; ">--<br>Thomas =
Roessler, W3C &nbsp;&lt;<a =
href=3D"mailto:tlr@w3.org">tlr@w3.org</a>&gt;<br><br><br><br><br><br></spa=
n></font><br></div></span></span>
</div>
<div><br><div>Begin forwarded message:</div><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px;"><span style=3D"font-family:'Helvetica'; =
font-size:medium; color:rgba(0, 0, 0, 1);"><b>From: </b></span><span =
style=3D"font-family:'Helvetica'; font-size:medium;">Thomas Roessler =
&lt;<a href=3D"mailto:tlr@w3.org">tlr@w3.org</a>&gt;<br></span></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px;"><span style=3D"font-family:'Helvetica'; =
font-size:medium; color:rgba(0, 0, 0, 1);"><b>Date: </b></span><span =
style=3D"font-family:'Helvetica'; font-size:medium;">1 December 2009 =
15:48:27 GMT+01:00<br></span></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span =
style=3D"font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, =
1);"><b>To: </b></span><span style=3D"font-family:'Helvetica'; =
font-size:medium;"><a =
href=3D"mailto:public-web-security@w3.org">public-web-security@w3.org</a><=
br></span></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px;"><span =
style=3D"font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, =
1);"><b>Cc: </b></span><span style=3D"font-family:'Helvetica'; =
font-size:medium;">Thomas Roessler &lt;<a =
href=3D"mailto:tlr@w3.org">tlr@w3.org</a>&gt;<br></span></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px;"><span style=3D"font-family:'Helvetica'; =
font-size:medium; color:rgba(0, 0, 0, 1);"><b>Subject: </b></span><span =
style=3D"font-family:'Helvetica'; font-size:medium;"><b>Welcome to the =
W3C web security mailing list</b><br></span></div><br><div>With some =
delay after the security BOF at TPAC, welcome to the W3C web security =
mailing list. If you want to get off this mailing list, please either =
contact me directly, or send a note with the subject "unsubscribe" to <a =
href=3D"mailto:public-web-security-request@w3.org">public-web-security-req=
uest@w3.org</a>.<br><br>The list has a publicly visible archive:<br> =
&nbsp;<a =
href=3D"http://lists.w3.org/Archives/Public/public-web-security/">http://l=
ists.w3.org/Archives/Public/public-web-security/</a><br>A companion wiki =
is also available (writable for anybody with a W3C web account); I've =
put in a little bit of content to jump-start things (no full minutes =
from the BOF at TPAC, though):<br> &nbsp;<a =
href=3D"http://www.w3.org/Security/wiki/">http://www.w3.org/Security/wiki/=
</a><br><br>The scope of the list is broad: "Improving standards and =
implementations to advance the security of the Web." &nbsp;What's meant =
by this is that this mailing list is the right place to discuss topics =
like:<br><br>- new specs that people want to bring to W3C, IETF or other =
relevant standards bodies<br>- emerging security issues<br>- bigger =
themes, like how and where to document the same origin =
policy<br><br>With that, it's over to you!<br>--<br>Thomas Roessler, W3C =
&nbsp;&lt;<a =
href=3D"mailto:tlr@w3.org">tlr@w3.org</a>&gt;<br><br><br><br><br><br><br><=
br><br></div></blockquote></div><br></div></body></html>=

--Apple-Mail-260-194547175--

From violeta.cakulev@alcatel-lucent.com  Tue Dec  8 10:51:12 2009
Return-Path: <violeta.cakulev@alcatel-lucent.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 21C7C3A6923 for <saag@core3.amsl.com>; Tue,  8 Dec 2009 10:51:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VVgYGTQZaXRB for <saag@core3.amsl.com>; Tue,  8 Dec 2009 10:51:06 -0800 (PST)
Received: from ihemail4.lucent.com (ihemail4.lucent.com [135.245.0.39]) by core3.amsl.com (Postfix) with ESMTP id 426963A6841 for <saag@ietf.org>; Tue,  8 Dec 2009 10:51:05 -0800 (PST)
Received: from ihrh1.emsr.lucent.com (h135-1-218-53.lucent.com [135.1.218.53]) by ihemail4.lucent.com (8.13.8/IER-o) with ESMTP id nB8IooXx024196 for <saag@ietf.org>; Tue, 8 Dec 2009 12:50:50 -0600 (CST)
Received: from USNAVSXCHHUB03.ndc.alcatel-lucent.com (usnavsxchhub03.ndc.alcatel-lucent.com [135.3.39.112]) by ihrh1.emsr.lucent.com (8.13.8/emsr) with ESMTP id nB8IooPY000231 for <saag@ietf.org>; Tue, 8 Dec 2009 12:50:50 -0600 (CST)
Received: from USNAVSXCHMBSA3.ndc.alcatel-lucent.com ([135.3.39.119]) by USNAVSXCHHUB03.ndc.alcatel-lucent.com ([135.3.39.112]) with mapi; Tue, 8 Dec 2009 12:50:50 -0600
From: "Cakulev, Violeta (Violeta)" <violeta.cakulev@alcatel-lucent.com>
To: "saag@ietf.org" <saag@ietf.org>
Date: Tue, 8 Dec 2009 12:50:48 -0600
Thread-Topic: IBAKE draft: draft-cakulev-ibake-00 
Thread-Index: AcpQ90ZMB2bkchhlS4m7hUAhPgwdLgnMEDjg
Message-ID: <AAE76B481E7A0E4C96610790A852B9A624EF33A198@USNAVSXCHMBSA3.ndc.alcatel-lucent.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.39
Subject: [saag] IBAKE draft: draft-cakulev-ibake-00
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2009 18:51:12 -0000

Following our IBAKE presentation at the IETF75 SAAG
meeting (http://www.ietf.org/proceedings/75/slides/saag-1/saag-1_files/fram=
e.htm),
we have written a draft specifying IBAKE.

Below is the link to the draft.
http://www.ietf.org/id/draft-cakulev-ibake-00.txt

Comments and questions are welcome.

Thanks,
-Violeta



-----Original Message-----
From: IETF I-D Submission Tool [mailto:idsubmission@ietf.org]
Sent: Monday, October 19, 2009 4:04 PM
To: Cakulev, Violeta (Violeta)
Cc: Sundaram, Ganapathy S (Ganesh)
Subject: New Version Notification for draft-cakulev-ibake-00


A new version of I-D, draft-cakulev-ibake-00.txt has been successfuly submi=
tted by Violeta Cakulev and posted to the IETF repository.

Filename:        draft-cakulev-ibake
Revision:        00
Title:           IBAKE: Identity-Based Authenticated Key Agreement
Creation_date:   2009-10-19
WG ID:           Independent Submission
Number_of_pages: 16

Abstract:
Cryptographic protocols based on public key methods are based on certificat=
es and large scale public key infrastructure (PKI) to support certificate m=
anagement.  The emerging field of Identity Based Encryption protocols allow=
s to simplify the infrastructure requirements via a Key Generation Function=
 (KGF) while providing the same flexibility.  However one significant limit=
ation of Identity Based Encryption methods is that the KGF can end up being=
 a de-facto key escrow server with undesirable consequences.  Another obser=
ved deficiency is a lack of mutual authentication of communicating parties.=
  Here, Identity Based Authenticated Key Exchange (IBAKE) Protocol is speci=
fied which does not suffer from the key escrow problem and in addition prov=
ides mutual authentication and a perfect forward and backwards secrecy.



The IETF Secretariat.



From paul.hoffman@vpnc.org  Fri Dec 11 15:16:29 2009
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ADEF93A657C for <saag@core3.amsl.com>; Fri, 11 Dec 2009 15:16:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.965
X-Spam-Level: 
X-Spam-Status: No, score=-5.965 tagged_above=-999 required=5 tests=[AWL=0.081,  BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lGLP2hKkGA5n for <saag@core3.amsl.com>; Fri, 11 Dec 2009 15:16:28 -0800 (PST)
Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 3507C3A67AE for <saag@ietf.org>; Fri, 11 Dec 2009 15:16:28 -0800 (PST)
Received: from [10.20.30.158] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id nBBNGEYM088858 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <saag@ietf.org>; Fri, 11 Dec 2009 16:16:15 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240870c7488284d993@[10.20.30.158]>
Date: Fri, 11 Dec 2009 15:16:13 -0800
To: saag@ietf.org
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Subject: [saag] Fwd: WG Action: HTTP State Management Mechanism (httpstate)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2009 23:16:29 -0000

>X-Original-To: ietf-announce@ietf.org
>Delivered-To: ietf-announce@core3.amsl.com
>From: IESG Secretary <iesg-secretary@ietf.org>
>To: ietf-announce@ietf.org
>Subject: WG Action: HTTP State Management Mechanism (httpstate)
>Date: Fri, 11 Dec 2009 12:30:01 -0800 (PST)
>Cc: Jeff.Hodges@kingsmountain.com, http-state@ietf.org
>X-BeenThere: ietf-announce@ietf.org
>X-Mailman-Version: 2.1.9
>List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
>List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>,
>	<mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
>List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce>
>List-Post: <mailto:ietf-announce@ietf.org>
>List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
>List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>,
>	<mailto:ietf-announce-request@ietf.org?subject=subscribe>
>Sender: ietf-announce-bounces@ietf.org
>
>A new IETF working group has been formed in the Applications Area.  For
>additional information, please contact the Area Directors or the WG
>Chairs.
>
>HTTP State Management Mechanism (httpstate)
>---------------------------------------------------
>Current Status: Active Working Group
>
>Chairs:
> * Jeff Hodges (Jeff.Hodges@kingsmountain.com)
> * Eran Hammer-Lahav (eran@hueniverse.com)
>
>Applications Area Directors:
> * Lisa Dusseault (lisa.dusseault@gmail.com)
> * Alexey Melnikov (alexey.melnikov@isode.com)
>
>Applications Area Advisor:
> * Lisa Dusseault (lisa.dusseault@gmail.com)
>
>Mailing Lists:
> General Discussion: http-state@ietf.org
> To Subscribe: https://www.ietf.org/mailman/listinfo/http-state
> Archive:
>http://www.ietf.org/mail-archive/web/http-state/current/maillist.html
> Alternative Archive: http://groups.google.com/group/http-state
>
>Description of Working Group:
>
>The HTTP State Management Mechanism (aka Cookies) was originally
>created by Netscape Communications in their informal Netscape cookie
>specification ("cookie_spec.html"), from which formal specifications
>RFC 2109 and RFC 2965 evolved. The formal specifications, however,
>were never fully implemented in practice; RFC 2109, in addition to
>cookie_spec.html, more closely resemble real-world implementations
>than RFC 2965, even though RFC 2965 officially obsoletes the former.
>Compounding the problem are undocumented features (such as HTTPOnly),
>and varying behaviors among real-world implementations.
>
>The working group will create a new RFC that:
> * obsoletes RFC 2109,
> * updates RFC 2965 to the extent it overlaps or voids RFC 2109, and
> * specifies Cookies as they are actually used in existing
>   implementations and deployments.
>
>Where commonalities exist in the most widely used implementations, the
>working group will specify the common behavior. Where differences exist
>among the most widely used implementations, the working group will
>document the variations and seek consensus to reduce variation by
>selecting among the most widely used variations.
>
>The working group must not introduce any new syntax or new semantics
>not already in common use.
>
>The working group's specific deliverables are:
>* A standards-track document that is suitable to supersede RFC 2109
>  (likely based on draft-abarth-cookie)
>* An informational document cataloguing the differences between major
>  implementations
>
>In doing so, the working group should consider:
>
>* cookie_spec.html - Netscape Cookie Specification
> 
>http://web.archive.org/web/20070805052634/http://wp.netscape.com/newsref/std/cookie_spec.html
>* RFC 2109 - HTTP State Management Mechanism (Obsoleted by RFC 2965)
>   http://tools.ietf.org/html/rfc2109
>* RFC 2964 - Use of HTTP State Management
>   http://tools.ietf.org/html/rfc2964
>* RFC 2965 - HTTP State Management Mechanism (Obsoletes RFC 2109)
>   http://tools.ietf.org/html/rfc2965
>* I-D - HTTP State Management Mechanism v2
>   http://tools.ietf.org/html/draft-pettersen-cookie-v2
>* I-D - Cookie-based HTTP Authentication
>   http://tools.ietf.org/html/draft-broyer-http-cookie-auth
>* Widely Implemented - HTTPOnly
>   http://www.owasp.org/index.php/HTTPOnly
>* Browser Security Handbook - Cookies
> 
>http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies
>* HTTP Cookies: Standards, Privacy, and Politics by David M. Kristol
>   http://arxiv.org/PS_cache/cs/pdf/0105/0105018v1.pdf
>
>Goals and Milestones:
>
>Mar 2010 - Feature-complete Internet-Draft of Cookie specification
>May 2010 - Feature-complete test suite of Cookie specification
>Jun 2010 - Feature-complete draft of deviation description
>Jul 2010 - First fully conforming implementation in a major browser
>Sep 2010 - Last Call for Cookie specification
>Oct 2010 - Last Call for deviation description
>Dec 2010 - Second fully conforming implementation in a major browser
>Jan 2011 - Submit Cookie specification to IESG for consideration as
>           a Draft Standard
>Jan 2011 - Submit deviation description to IESG for consideration as
>           Informational
>Mar 2011 - Close or recharter
>_______________________________________________
>IETF-Announce mailing list
>IETF-Announce@ietf.org
>https://www.ietf.org/mailman/listinfo/ietf-announce