[secdir] Fwd: RE: SecDir review of draft-williams-websec-session-continue-prob-00

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 06 February 2013 09:44 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FA5521F8550 for <secdir@ietfa.amsl.com>; Wed, 6 Feb 2013 01:44:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g6FewPDO81Pi for <secdir@ietfa.amsl.com>; Wed, 6 Feb 2013 01:44:43 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 841CB21F85E2 for <secdir@ietf.org>; Wed, 6 Feb 2013 01:44:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id CC28ABE1E for <secdir@ietf.org>; Wed, 6 Feb 2013 09:44:20 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xequTM+ItFMx for <secdir@ietf.org>; Wed, 6 Feb 2013 09:44:20 +0000 (GMT)
Received: from [10.87.48.11] (unknown [86.41.62.183]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id CB8E9BE35 for <secdir@ietf.org>; Wed, 6 Feb 2013 09:44:19 +0000 (GMT)
Message-ID: <511225F1.7010008@cs.tcd.ie>
Date: Wed, 06 Feb 2013 09:44:17 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2
MIME-Version: 1.0
To: "secdir@ietf.org" <secdir@ietf.org>
References: <4613980CFC78314ABFD7F85CC30277211199D0A8@IL-EX10.ad.checkpoint.com>
In-Reply-To: <4613980CFC78314ABFD7F85CC30277211199D0A8@IL-EX10.ad.checkpoint.com>
X-Enigmail-Version: 1.5
X-Forwarded-Message-Id: <4613980CFC78314ABFD7F85CC30277211199D0A8@IL-EX10.ad.checkpoint.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [secdir] Fwd: RE: SecDir review of draft-williams-websec-session-continue-prob-00
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 09:44:45 -0000

Hi the websec WG would like to get an early review of this
one as they consider adopting it. Any takers?

Ta,
S


-------- Original Message --------
Subject: RE: SecDir review of draft-williams-websec-session-continue-prob-00
Date: Wed, 6 Feb 2013 08:40:01 +0000
From: Yoav Nir <ynir@checkpoint.com>
To: Sean P. Turner <turners@ieca.com>om>,        Stephen Farrell
<stephen.farrell@cs.tcd.ie>
CC: Tobias Gondrom <tobias.gondrom@gondrom.org>

Sean?  Stephen?

-----Original Message-----
From: Yoav Nir
Sent: Wednesday, January 30, 2013 7:02 AM
To: Sean P. Turner; Stephen Farrell
Cc: Tobias Gondrom
Subject: SecDir review of draft-williams-websec-session-continue-prob-00

Hi

The subject draft is about creating a session management protocol for
HTTP, that will be (a) more secure than using cookies and (b) tied to
authentication.

This is a proposed work item for the WebSec working group, and is not
(yet) part of our charter.

I think having a security review this early on will help the working
group reach a decision (hopefully in or around Orlando), and may help us
find that we've missed some really important issues and requirements.

Would you be willing to ask SecDir to review this?

Thanks

Yoav