[saag] Request for review and consensus -- draft-hartman-webauth-phishing
Lisa Dusseault <lisa@osafoundation.org> Thu, 04 September 2008 15:16 UTC
Return-Path: <saag-bounces@ietf.org>
X-Original-To: saag-archive@ietf.org
Delivered-To: ietfarch-saag-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CA6703A6943; Thu, 4 Sep 2008 08:16:52 -0700 (PDT)
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7AC423A6973; Wed, 3 Sep 2008 13:41:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.413
X-Spam-Level:
X-Spam-Status: No, score=-106.413 tagged_above=-999 required=5 tests=[AWL=0.187, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkm6+l9Qehn7; Wed, 3 Sep 2008 13:41:51 -0700 (PDT)
Received: from laweleka.osafoundation.org (laweleka.osafoundation.org [204.152.186.98]) by core3.amsl.com (Postfix) with ESMTP id 394913A6A90; Wed, 3 Sep 2008 13:41:42 -0700 (PDT)
Received: from localhost (laweleka.osafoundation.org [127.0.0.1]) by laweleka.osafoundation.org (Postfix) with ESMTP id 89D5314220E; Wed, 3 Sep 2008 13:41:48 -0700 (PDT)
X-Virus-Scanned: by amavisd-new and clamav at osafoundation.org
Received: from laweleka.osafoundation.org ([127.0.0.1]) by localhost (laweleka.osafoundation.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PRmrd+r3USrU; Wed, 3 Sep 2008 13:41:38 -0700 (PDT)
Received: from [10.1.1.121] (unknown [157.22.41.236]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by laweleka.osafoundation.org (Postfix) with ESMTP id 16CC914220C; Wed, 3 Sep 2008 13:41:38 -0700 (PDT)
Message-Id: <47490048-25ED-403E-96B9-0D385F764292@osafoundation.org>
From: Lisa Dusseault <lisa@osafoundation.org>
To: HTTP Working Group <ietf-http-wg@w3.org>, secdir@mit.edu, saag@ietf.org, Apps Discuss <discuss@ietf.org>
Mime-Version: 1.0 (Apple Message framework v928.1)
Date: Wed, 03 Sep 2008 13:41:39 -0700
X-Mailer: Apple Mail (2.928.1)
X-Mailman-Approved-At: Thu, 04 Sep 2008 08:16:51 -0700
Cc: ietf-http-auth@osafoundation.org
Subject: [saag] Request for review and consensus -- draft-hartman-webauth-phishing
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: saag-bounces@ietf.org
Errors-To: saag-bounces@ietf.org
You may have seen this draft a year ago; Sam is back working on it and produced version -09 last month. http://tools.ietf.org/html/draft-hartman-webauth-phishing-09 If you've reviewed it before, please take a look at the changes. If you'd like to review it, please do. I'm the shepherd for this draft, so comments can be sent to me, to Sam as author, to ietf-http-auth@osafoundation.org , or to the IETF general list as appropriate. In addition to getting general input, I'd like to get a sense of whether we have consensus on a couple things. a). The statement including "IETF recommends", from section 1.1 of the draft: "In publishing this memo, the IETF recommends making available authentication mechanisms that meet the requirements outlined in Section 4 in HTTP user agents including web browsers. It is hoped that these mechanisms will prove a useful step in fighting phishing. However this memo does not restrict work either in the IETF or any other organization. In particular, new authentication efforts are not bound to meet the requirements posed in this memo unless the charter for those efforts chooses to make these binding requirements. Less formally, the IETF presents this memo as an option to pursue while acknowledging that there may be other promising paths both now and in the future." b) Whether the document should require mutual authentication (section 4.4). Thanks, Lisa D. _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag
- [saag] Request for review and consensus -- draft-… Lisa Dusseault
- Re: [saag] Request for review and consensus -- dr… Peter Gutmann