Re: [HASMAT] moving forward

Tobias Gondrom <tobias.gondrom@gondrom.org> Mon, 23 August 2010 14:59 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: hasmat@core3.amsl.com
Delivered-To: hasmat@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 817FA3A6817 for <hasmat@core3.amsl.com>; Mon, 23 Aug 2010 07:59:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -93.484
X-Spam-Level:
X-Spam-Status: No, score=-93.484 tagged_above=-999 required=5 tests=[AWL=-0.722, BAYES_50=0.001, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4iEVNAUOVTxZ for <hasmat@core3.amsl.com>; Mon, 23 Aug 2010 07:59:34 -0700 (PDT)
Received: from lvps83-169-7-107.dedicated.hosteurope.de (lvps83-169-7-107.dedicated.hosteurope.de [83.169.7.107]) by core3.amsl.com (Postfix) with ESMTP id 0027B3A657C for <hasmat@ietf.org>; Mon, 23 Aug 2010 07:59:33 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=VgI2UKu9u7ZRKapobZQajSKMkqL+KpaCJ8KLvYTRUD97pdbp+m1TfZKXzKdqyFmx9cLPArzPHV7TEyvsoqGKxrW0KG8lA2qyTqb0vuRiqSraIURS3YwhM3Bg235NozLK; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:X-Priority:References:In-Reply-To:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding;
Received: (qmail 28086 invoked from network); 23 Aug 2010 16:59:03 +0200
Received: from 94-194-102-93.zone8.bethere.co.uk (HELO seraphim.heaven) (94.194.102.93) by lvps83-169-7-107.dedicated.hosteurope.de with (DHE-RSA-AES256-SHA encrypted) SMTP; 23 Aug 2010 16:59:03 +0200
Message-ID: <4C728CC5.4070703@gondrom.org>
Date: Mon, 23 Aug 2010 15:59:17 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.8) Gecko/20100802 SUSE/3.1.2 Lightning/1.0b2 Thunderbird/3.1.2
MIME-Version: 1.0
To: hasmat@ietf.org
X-Priority: 4 (Low)
References: <4C6EC48A.5020803@stpeter.im>
In-Reply-To: <4C6EC48A.5020803@stpeter.im>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [HASMAT] moving forward
X-BeenThere: hasmat@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HTTP Application Security Minus Authentication and Transport <hasmat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hasmat>
List-Post: <mailto:hasmat@ietf.org>
List-Help: <mailto:hasmat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Aug 2010 14:59:35 -0000

 Hi all,

just a quick introduction for the ones who might not already know me:
Currently living in London, UK (timezone UTC/GMT+1). My background is in
Web application security, where until recently I spent the last couple
of years heading the security department of an ISV. I've been
co-chairing the LTANS WG in the security area for a couple of years
until this September when we successfully finish its work and close it.
Over the years I became a big fan of "rough consensus and running code".
;-) For me these principles helped a lot to get things done.
Besides enjoying IETF work, I am also member of OWASP (Open Web
Application Security Project) and probably have seen every web app
security problem in the book (and some which aren't).
When I read the drafts and saw the BOF proposal before Maastricht, I
feel very excited about it.
In the past I always worked around some of the problems posed by
underlying infrastructure and this is a great opportunity to remedy some
of the problems at the root!

Whatever I can do to help (even if it's not directly related to the WG),
please feel free to contact me via email, phone, skype,...  and of
course during IETF meetings. I am looking forward to work with you, the
progress of the WG, its charter and the three initial drafts and getting
things done!

Many greetings, Tobias


Ps.: as Peter mentioned we are still looking for a co-chair: Personally,
I feel a WG is faster and more productive with two co-chairs then just
one. So if you think about co-chairing with me, please please drop me a
note.


Tobias Gondrom
Sloan Fellowship 2009
London Business School
email: tobias.gondrom@gondrom.org
mobile: +447521003005


On 08/20/2010 07:08 PM, Peter Saint-Andre wrote:
> Following up on the successful BoF we held in Maastricht, I'd like to
> keep us moving toward formation of a working group. Here are some open
> tasks:
>
> 1. Chairs. Tobias Gondrom (currently co-chair of the LTANS WG in the
> Security Area) has stepped forward to volunteer and I think he'll make a
> good co-chair. Thanks, Tobias! However, we need someone to work with
> Tobias, preferably someone with (a) more experience in the Applications
> Area and (b) strong knowledge of HTTP. Please contact me if you're
> interested or you would like to suggest someone else.
>
> 2. Charter. We had some feedback at the BoF about charter revisions,
> especially focusing on the three drafts under immediate consideration
> and removing the text about developing a long-term framework for web
> security. Jeff or Hannes, could you send updated charter text to the
> list for discussion?
>
> 3. Name. Some people have said that "HASMAT" isn't very descriptive of
> the subject matter, and that we might want something like "WEBSEC". As
> long as folks don't think "WEBSEC" means that we'd be working on
> everything under the sun related to the security of the web, I'd be fine
> with a name like that. Other suggestions are welcome.
>
> Thanks!
>
> Peter
>