[saag] Input for conflict review of draft-secure-cookie-session-protocol

Barry Leiba <barryleiba@computer.org> Thu, 18 October 2012 02:13 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4B471F0417 for <saag@ietfa.amsl.com>; Wed, 17 Oct 2012 19:13:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.064
X-Spam-Level:
X-Spam-Status: No, score=-103.064 tagged_above=-999 required=5 tests=[AWL=-0.087, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4G49UvCZ1ovk for <saag@ietfa.amsl.com>; Wed, 17 Oct 2012 19:13:16 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 9DFF11F0381 for <saag@ietf.org>; Wed, 17 Oct 2012 19:13:16 -0700 (PDT)
Received: by mail-vb0-f44.google.com with SMTP id fc26so9049680vbb.31 for <saag@ietf.org>; Wed, 17 Oct 2012 19:13:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=M2n2m7PcvaxW/1rHQB9lPJR93UZOnUD6ncGGdaJPxjs=; b=eO/Fi1UlVdk5d+wGOkU7jy4bF+4eTjy7EWqMICDvmwSSEWblmTqmdD8PiYRBJWSfqt AfFJkq1dm0NvGzRYYjgoKGrlyfKuCW0yzYljmAOF5fNb0GKOzyRwctrvFgZ6/iJvL4vG b+rlFqoQP2O6mR5k5/HkxPKUhilZtVN2u6hILoMUNUIuj+2vM9EkyhBpq8ykrnjZIxKf PhW2chLhcgY52dkynZo4QZn46b8yo9p6qZDZxegnBrANW6+zuEzKOQRdWAbsvs98+SMQ oZTRh5WyemkJiAh+lKgr547AU3j3rlXyf2+kebV1wHxq3SCT9Bvd2OTbB/eU3H02Ijzr IRIg==
MIME-Version: 1.0
Received: by 10.52.65.51 with SMTP id u19mr10153962vds.3.1350526395631; Wed, 17 Oct 2012 19:13:15 -0700 (PDT)
Sender: barryleiba@gmail.com
Received: by 10.58.28.231 with HTTP; Wed, 17 Oct 2012 19:13:15 -0700 (PDT)
Date: Wed, 17 Oct 2012 22:13:15 -0400
X-Google-Sender-Auth: sbcG49MeyDHoNc6SlrVkvSjzLFw
Message-ID: <CALaySJKJR59dGJTPjnTRk+eo00+gyy8zs1=tLf8-v0EzP7TPuA@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: saag@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: [saag] Input for conflict review of draft-secure-cookie-session-protocol
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2012 02:13:17 -0000

A document titled "Secure Cookie Sessions for HTTP" has been submitted
to the Independent Stream Editor (ISE):
http://datatracker.ietf.org/doc/draft-secure-cookie-session-protocol/

The IESG has been asked to review the document, as specified in RFC
5742, Section 3.  The Security and Applications Area Directors are
looking for input for that review.  Please post any relevant comments
to this list, <saag@ietf.org>rg>, as soon as possible, and at least by 1
November 2012.

Please read RFC 5742, Section 3, and be aware that we are not looking
for detailed comments on the document itself (see below).  We
specifically need input on whether this document is in conflict with
work that's being done in the IETF.  Look at the five possible
responses specified in that section, and help us determine whether any
of 2 through 5 applies.  Please be specific in your response.

In addition to this, we're sure that the authors and the ISE would
appreciate comments about the document.  If you have those, you may
send them directly to the authors at
<draft-secure-cookie-session-protocol@tools.ietf.org>
and to the ISE at <rfc-ise@rfc-editor.org>rg>.
General discussion of the document on this list will likely not get to the
authors or the ISE.

Barry Leiba, Applications AD