Re: [HASMAT] moving forward

Tobias Gondrom <> Thu, 02 September 2010 18:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C2DC53A6BF4 for <>; Thu, 2 Sep 2010 11:06:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -94.805
X-Spam-Status: No, score=-94.805 tagged_above=-999 required=5 tests=[AWL=0.557, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XsLdu5t9IiNj for <>; Thu, 2 Sep 2010 11:06:49 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 2B5B03A6C25 for <>; Thu, 2 Sep 2010 10:52:27 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default;; b=s2r0C1z+9r2Cpqc7Y+eznwLQ2Zihk3hZazlAJRHUd7ySRik50v1JxJ/T0WmLuov4bgv2+/GF3clkUJ8eZk5yOmYENOwtF2/ziwSTmKr0UZNx13Izuizo2J38uJP3TGVb; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding;
Received: (qmail 20214 invoked from network); 2 Sep 2010 19:26:10 +0200
Received: from (HELO seraphim.heaven) ( by with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Sep 2010 19:26:10 +0200
Message-ID: <>
Date: Thu, 02 Sep 2010 18:26:18 +0100
From: Tobias Gondrom <>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20100802 SUSE/3.1.2 Lightning/1.0b2 Thunderbird/3.1.2
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [HASMAT] moving forward
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HTTP Application Security Minus Authentication and Transport <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 Sep 2010 18:06:56 -0000

 On 09/01/2010 11:38 PM, Peter Saint-Andre wrote:
> On 8/31/10 2:42 PM, Brandon Sterne wrote:
>> On 08/20/2010 11:08 AM, Peter Saint-Andre wrote:
>>> 3. Name. Some people have said that "HASMAT" isn't very descriptive of
>>> the subject matter, and that we might want something like "WEBSEC". As
>>> long as folks don't think "WEBSEC" means that we'd be working on
>>> everything under the sun related to the security of the web, I'd be fine
>>> with a name like that. Other suggestions are welcome.
>> Personally, I do think WEBAPPSEC is the right name.  Someone pointed out
>> that is registered already, but that space is occupied by
>> the Web Application Security Consortium who generally go by the acronym
>> WASC.  Other than the domain issue, is this still a problem?
> The Secretariat strongly prefers (close to mandates) acronyms that are
> at most 8 characters. Database and other tooling issues ensure if we try
> to use longer acronyms.
> Peter
@Brandon: I agree with Peter on the length of the WG name. (after all
its a technical short name, the WG scope is defined in the charter). So
far a couple of people suggested websec, which would be very close to
your proposal.
May I ask, how do you think about that name? Do you see strong reasons
against it compared to webappsec?

Greetings, Tobias