[HASMAT] Fwd: web security happenings
Peter Saint-Andre <stpeter@stpeter.im> Tue, 13 July 2010 16:50 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: hasmat@core3.amsl.com
Delivered-To: hasmat@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 219853A6B2B for <hasmat@core3.amsl.com>; Tue, 13 Jul 2010 09:50:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.719
X-Spam-Level:
X-Spam-Status: No, score=-2.719 tagged_above=-999 required=5 tests=[AWL=-0.120, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0fFpfQL-oG4S for <hasmat@core3.amsl.com>; Tue, 13 Jul 2010 09:50:21 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 391693A6A71 for <hasmat@ietf.org>; Tue, 13 Jul 2010 09:50:21 -0700 (PDT)
Received: from dhcp-64-101-72-121.cisco.com (dhcp-64-101-72-121.cisco.com [64.101.72.121]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 115D340E4D for <hasmat@ietf.org>; Tue, 13 Jul 2010 10:50:29 -0600 (MDT)
Message-ID: <4C3C9958.7080007@stpeter.im>
Date: Tue, 13 Jul 2010 10:50:32 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: hasmat@ietf.org
X-Enigmail-Version: 1.0.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: [HASMAT] Fwd: web security happenings
X-BeenThere: hasmat@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HTTP Application Security Minus Authentication and Transport <hasmat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hasmat>
List-Post: <mailto:hasmat@ietf.org>
List-Help: <mailto:hasmat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2010 16:50:22 -0000
FYI. -------- Original Message -------- Subject: web security happenings Date: Tue, 13 Jul 2010 10:49:20 -0600 From: Peter Saint-Andre <stpeter@stpeter.im> To: IETF discussion list <ietf@ietf.org> Just a quick note to clue folks in to some emerging activity on web security, mostly in the form of the HASMAT BoF at IETF 78. The theme here is better application-level security for the "modern" web, which uses fun technologies like AJAX but also opens up the possibility for new attacks (cross-site scripting, cross-site request forgery, malvertising, clickjacking, and all the rest). The proposed charter [0] lays out these issues in greater detail, and three Internet-Drafts [1] [2] [3] are currently being used as input to the conversation. If you go in for video, a relevant talk by BoF co-organizer Jeff Hodges was recorded at the recent Internet Identity Workshop. [4] The BoF organizers will hold an introductory / preparatory conference call tomorrow, July 14, at 16:00 UTC, and all those who are interested in the intersection of security and the web are welcome to participate in this call [5] and in the BoF on Tuesday, July 27, at 13:00 local time in Maastricht. [6] Thanks! Peter [0] http://www.ietf.org/mail-archive/web/hasmat/current/msg00006.html [1] https://datatracker.ietf.org/doc/draft-abarth-origin/ [2] https://datatracker.ietf.org/doc/draft-abarth-mime-sniff/ [3] https://datatracker.ietf.org/doc/draft-hodges-strict-transport-sec/ [4] http://idcoach.blip.tv/file/3650497 [5] http://www.ietf.org/mail-archive/web/hasmat/current/msg00034.html [6] https://datatracker.ietf.org/meeting/78/agenda.html _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- [HASMAT] Fwd: web security happenings Peter Saint-Andre