Incrementally Better Cookies vs RFC6265bis

[annevk]

Could someone please explain the history behind why we have two drafts (https://tools.ietf.org/html/draft-west-cookie-incrementalism and https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis) that are somewhat incompatible with each other? Could the proposals that have support from the WG move into RFC6265bis?

[mnot]

I see draft-west-cookie-incrementalism as a proposal for modifying RFC6265bis; @mikewest is that the intent?

[krgovind]

I humbly accept the mantle of moving these drafts along, and will be discussing logistics with @mikewest in two weeks.

Chrome is already shipping Lax-by-default and requires "Secure" for "SameSite=None", and is now tackling Schemeful SameSite. I think it make sense to at least fold those parts of draft-west-cookie-incrementalism-01 into RFC6265bis.

[annevk]

Great to hear you'll be taking on cookies @krgovind! Mozilla supports adding those to that draft and effectively having the HTTP WG adopt them.

[mnot]

The bar for getting something into 6265bis is what 'reflects implementation experience.' So, I think the next step here is to have a Call for Adoption for the draft; I've opened up httpwg/admin#13 to track that.

[chlily1]

Can we close this now (the Call for Adoption had strong support and the first three sections were merged in #1325, #1323, #1324), or should this remain open to track adoption of the remaining sections?

[annevk]

I'm happy, but I'll let @englehardt make the call as he's more closely involved.

[englehardt]

I'm happy, but I'll let @englehardt make the call as he's more closely involved.

We've pulled in the in-scope items, and the latter three aren't being seriously considered by vendors (AFAIK). Thus I think it's fine to close.