[websec] Fwd: [saag] WebSec status

Yoav Nir <ynir@checkpoint.com> Thu, 02 August 2012 18:40 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20B1021E8129 for <websec@ietfa.amsl.com>; Thu, 2 Aug 2012 11:40:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.331
X-Spam-Level:
X-Spam-Status: No, score=-10.331 tagged_above=-999 required=5 tests=[AWL=0.267, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WF-cNcwwhobu for <websec@ietfa.amsl.com>; Thu, 2 Aug 2012 11:40:32 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 3311621E8128 for <websec@ietf.org>; Thu, 2 Aug 2012 11:40:31 -0700 (PDT)
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id q72IeUPe013780 for <websec@ietf.org>; Thu, 2 Aug 2012 21:40:30 +0300
X-CheckPoint: {501AC705-6-1B221DC2-4FFFF}
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Thu, 2 Aug 2012 21:40:29 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: IETF WebSec WG <websec@ietf.org>
Date: Thu, 2 Aug 2012 21:40:27 +0300
Thread-Topic: [saag] WebSec status
Thread-Index: Ac1w3knOZJZOe76iTDeO/hhx8jqntg==
Message-ID: <B903AC47-343F-4674-A5E8-55ABE57238DE@checkpoint.com>
References: <3AACCB72-00F2-4CB5-992E-3578DB840461@checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: multipart/alternative; boundary="_000_B903AC47343F4674A5E855ABE57238DEcheckpointcom_"
MIME-Version: 1.0
Subject: [websec] Fwd: [saag] WebSec status
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Aug 2012 18:40:33 -0000

Sorry. forgot to CC this list.

Begin forwarded message:

From: Yoav Nir <ynir@checkpoint.com<mailto:ynir@checkpoint.com>>
Subject: [saag] WebSec status
Date: August 2, 2012 9:15:07 AM PDT
To: "saag@ietf.org<mailto:saag@ietf.org>" <saag@ietf.org<mailto:saag@ietf.org>>

WebSec met at 9:00 AM on Tuesday morning.

HSTS is at IETF LC. All issues are resolved, and a new revision should go to the IESG soon.
Cert Pinning is coming along, with several issues to be discussed on the list
Still no editor for Mime-sniffing. If none is found soon, we may consider dropping this item, but there are issues with HTML5 spec referencing it.
The Frame-Options drafts (X- and non-X-) are coming along OK, but the non-X may become part of CSP and move to W3C

Yoav