Integrity Cookie Management
draft-iayadi-cookie-integrity-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Authors | AYADI Ines , SERHROUCHNI Ahmed , Guy Pujolle | ||
| Last updated | 2010-10-18 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document defines an abstract syntax and semantic of HTTP cookies. This approach presents a new cookie attribute that ensures cookie integrity and improves source authentication of the cookie sent back to the server. Cookies are always used on the Web in order to store user identification data and sensible user information. Adversary can easily modify cookiesstored in the User Agent. Therefore, Origin Server has to be able to verify cookie integrity and ensure that the returned cookies are its own cookies. This document explains a way to calculate and apply the integrity attribute in HTTP cookie headers.
Authors
AYADI Ines
SERHROUCHNI Ahmed
Guy Pujolle
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)