Re: [websec] Meeting in Orlando

Tobias Gondrom <> Tue, 26 February 2013 09:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5EFB321F8A25 for <>; Tue, 26 Feb 2013 01:54:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -95.295
X-Spam-Status: No, score=-95.295 tagged_above=-999 required=5 tests=[AWL=0.067, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5UZXTNUmU0n5 for <>; Tue, 26 Feb 2013 01:54:03 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 560FD21F8A22 for <>; Tue, 26 Feb 2013 01:54:03 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default;; b=ZtQysOkNHgKoohZYNENsHZkmmyzVKXdDI+m+Yd8KwUg02LzzIRlyVsxRpfX8NJIM0By+yWH1ppemwla2vDLNfph0AEpDwWxfVrF7JXN8FtN0plcJB1gsVxU3PEZaB3ZZ; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding;
Received: (qmail 28647 invoked from network); 26 Feb 2013 10:54:02 +0100
Received: from (HELO ? ( by with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 26 Feb 2013 10:54:02 +0100
Message-ID: <>
Date: Tue, 26 Feb 2013 17:53:59 +0800
From: Tobias Gondrom <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2
MIME-Version: 1.0
References: <>
In-Reply-To: <>
X-Enigmail-Version: 1.5
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [websec] Meeting in Orlando
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 26 Feb 2013 09:54:04 -0000

Hi all,

just a quick comment:
As I did not see any complicated feedback on XFO during the WGLC, I
think we probably won't need time for the XFO draft in Orlando (though I
will be open for any discussion topics that might still be there and any
additional feedback you may have).

It would be great if we could focus on the other three open drafts and
achieve progress with them
- Framework Requirements
- Key Pinning
- and the new draft on Session Continuation

Especially we should now focus and try to make progress on Framework
Requirements and Pinning!

If you have any other topics you think are important for websec, please
let Yoav and me know ASAP, so we can put them into the WG meeting agenda
which we have to finish by Mar-4!

Kind regards, Tobias

On 20/02/13 06:16, Yoav Nir wrote:
> Hi all
> The WebSec working group will meet in Orlando, on Wednesday, March 13th at 15:10.
> On the agenda are our current work items (framework requirements and key pinning) plus discussion of a proposed item, session continuation (or "session management")
> We have a two hour session, which should suffice. If anyone would like to request a time slot to present or discuss some other issue, please contact Tobias and me really soon. 
> For your convenience, here are links to the drafts we will be discussing:
> - Framework Requirements:
> - Key Pinning:
> - X-Frame-Options:
> - Session Continuation:
> Yoav & Tobias
> WG Chairs
> _______________________________________________
> websec mailing list