I-D Action:draft-salgueiro-secure-state-management-01.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.

	Title           : Securing HTTP State Management Information
	Author(s)       : G. Salgueiro, P. Jones
	Filename        : draft-salgueiro-secure-state-management-01.txt
	Pages           : 11
	Date            : 2010-02-18

Virtually every application on the web today that allows a user to
log in or manipulate information stored on a server maintains some
form of state management information.  Usually, the session context
is established through the use of a Uniform Resource Locator (URL)
parameter or a Hypertext Transfer Protocol (HTTP) cookie that
identifies the session.  Without the use of Transport Layer Security
(TLS), such an information exchange introduces a security risk. For
a variety of reasons, TLS may not be desired or preferred in all
situations and, in those cases, users are left vulnerable. This memo
provides a simple method for providing a reasonable level of
security when exchanging state management information through HTTP
in situations where TLS is not employed.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-salgueiro-secure-state-management-01.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
<ftp://ftp.ietf.org/internet-drafts/draft-salgueiro-secure-state-management-01.txt>
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux