[owasp-intrinsic-security] HTTPOnly cookie flag

Bil Corry bil at corry.biz
Wed Nov 12 17:17:50 EST 2008

Jim Manico wrote on 11/12/2008 3:44 PM: 
> I'm in!

Yngve pointed me to these resources:

	The IETF Process: an Informal Guide

	Guidelines to Authors of Internet-Drafts

And he also mentioned using XMLmind to write the draft.  I tracked these resources down for that:

	Writing Internet Drafts and RFCs Using XML

	XMLmind XML Editor

I'll have to take some time to dig through all of that.  I haven't looked at the XMLmind XML Editor, but I'm far more attracted to using it than manually creating the draft by hand.

> I say - let's cover ALL use cases of HTTPOnly - including header
> filters. There needs to be at least one RFC in the world that discusses
> this topic completely and securely. Almost every other reference to
> HTTPOnly is either incomplete or wrong. Let's get the right in a
> complete way. :)

That sounds good to me.  I've created a list over at Google Groups, let's take the discussion over there:


- Bil

More information about the owasp-intrinsic-security mailing list