Re: [HASMAT] moving forward

Tobias Gondrom <tobias.gondrom@gondrom.org> Thu, 02 September 2010 18:06 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: hasmat@core3.amsl.com
Delivered-To: hasmat@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C2DC53A6BF4 for <hasmat@core3.amsl.com>; Thu, 2 Sep 2010 11:06:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -94.805
X-Spam-Level:
X-Spam-Status: No, score=-94.805 tagged_above=-999 required=5 tests=[AWL=0.557, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XsLdu5t9IiNj for <hasmat@core3.amsl.com>; Thu, 2 Sep 2010 11:06:49 -0700 (PDT)
Received: from lvps83-169-7-107.dedicated.hosteurope.de (lvps83-169-7-107.dedicated.hosteurope.de [83.169.7.107]) by core3.amsl.com (Postfix) with ESMTP id 2B5B03A6C25 for <hasmat@ietf.org>; Thu, 2 Sep 2010 10:52:27 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=s2r0C1z+9r2Cpqc7Y+eznwLQ2Zihk3hZazlAJRHUd7ySRik50v1JxJ/T0WmLuov4bgv2+/GF3clkUJ8eZk5yOmYENOwtF2/ziwSTmKr0UZNx13Izuizo2J38uJP3TGVb; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding;
Received: (qmail 20214 invoked from network); 2 Sep 2010 19:26:10 +0200
Received: from 94-194-102-93.zone8.bethere.co.uk (HELO seraphim.heaven) (94.194.102.93) by lvps83-169-7-107.dedicated.hosteurope.de with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Sep 2010 19:26:10 +0200
Message-ID: <4C7FDE3A.6050100@gondrom.org>
Date: Thu, 02 Sep 2010 18:26:18 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.8) Gecko/20100802 SUSE/3.1.2 Lightning/1.0b2 Thunderbird/3.1.2
MIME-Version: 1.0
To: hasmat@ietf.org, bsterne@mozilla.com
References: <4C6EC48A.5020803@stpeter.im> <4C7D6949.5040401@mozilla.com> <4C7ED5F9.30103@stpeter.im>
In-Reply-To: <4C7ED5F9.30103@stpeter.im>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [HASMAT] moving forward
X-BeenThere: hasmat@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HTTP Application Security Minus Authentication and Transport <hasmat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hasmat>
List-Post: <mailto:hasmat@ietf.org>
List-Help: <mailto:hasmat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Sep 2010 18:06:56 -0000

 On 09/01/2010 11:38 PM, Peter Saint-Andre wrote:
> On 8/31/10 2:42 PM, Brandon Sterne wrote:
>> On 08/20/2010 11:08 AM, Peter Saint-Andre wrote:
>>> 3. Name. Some people have said that "HASMAT" isn't very descriptive of
>>> the subject matter, and that we might want something like "WEBSEC". As
>>> long as folks don't think "WEBSEC" means that we'd be working on
>>> everything under the sun related to the security of the web, I'd be fine
>>> with a name like that. Other suggestions are welcome.
>> Personally, I do think WEBAPPSEC is the right name.  Someone pointed out
>> that webappsec.org is registered already, but that space is occupied by
>> the Web Application Security Consortium who generally go by the acronym
>> WASC.  Other than the domain issue, is this still a problem?
> The Secretariat strongly prefers (close to mandates) acronyms that are
> at most 8 characters. Database and other tooling issues ensure if we try
> to use longer acronyms.
>
> Peter
@Brandon: I agree with Peter on the length of the WG name. (after all
its a technical short name, the WG scope is defined in the charter). So
far a couple of people suggested websec, which would be very close to
your proposal.
May I ask, how do you think about that name? Do you see strong reasons
against it compared to webappsec?

Greetings, Tobias