Re: [websec] Meeting minutes uploaded
=JeffH <Jeff.Hodges@KingsMountain.com> Wed, 14 November 2012 18:33 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC9A121F852D for <websec@ietfa.amsl.com>; Wed, 14 Nov 2012 10:33:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.265
X-Spam-Level:
X-Spam-Status: No, score=-102.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LJZFr6Acg1QN for <websec@ietfa.amsl.com>; Wed, 14 Nov 2012 10:33:27 -0800 (PST)
Received: from oproxy7-pub.bluehost.com (oproxy7-pub.bluehost.com [67.222.55.9]) by ietfa.amsl.com (Postfix) with SMTP id EA15521F87A6 for <websec@ietf.org>; Wed, 14 Nov 2012 10:33:26 -0800 (PST)
Received: (qmail 7592 invoked by uid 0); 14 Nov 2012 18:33:03 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy7.bluehost.com with SMTP; 14 Nov 2012 18:33:03 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=cX8VJ3QOspl+T84m6MyjF8xxJFWB2U+KNF2Il0YGq4I=; b=UND83RgvaCbts+Igc6vc2XT7ke7M5qXqvPpIUURYwDTfyzNgGQGF2AYpTZV2vXKdFhrIr2gK3jljYwGAZTOxAtsmBO82umfXk2UgF71vTUERCRAV6ftbq+IDRc40mR9X;
Received: from [216.113.168.128] (port=14771 helo=[10.244.136.180]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1TYhlm-0001cd-Qg for websec@ietf.org; Wed, 14 Nov 2012 11:33:02 -0700
Message-ID: <50A3E3E0.7020708@KingsMountain.com>
Date: Wed, 14 Nov 2012 10:33:04 -0800
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121011 Thunderbird/16.0.1
MIME-Version: 1.0
To: IETF WebSec WG <websec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Subject: Re: [websec] Meeting minutes uploaded
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Nov 2012 18:33:27 -0000
> I've uploaded the minutes. Please reply to this message for any corrections. > The minutes are here: > http://www.ietf.org/proceedings/85/minutes/minutes-85-websec > > Thanks again to Cyrus for taking the notes. thanks to Yoav & Cyrus doin' up the minutes. For convenience, here they are directly and in plain text... ### WebSec Minutes IETF-85 Atlanta The WebSec working group met on Thursday, November 8th at 17:30 for 1 hour. Cyrus Daboo scribed on Jabber (thanks, Cyrus!) HSTS is now in the RFC Editor's queue, and should be published soon. The chairs also reminded the participants of X-Frame-Options that is now in WGLC. We've had some good reviews, but more would be better. Gordon Hemsley (not present) had taken on writing a mime-sniffing document at WHAT-WG. This has been a charter item in WebSec, but we have not done any work on this for over a year. The W3C has documents referencing the mime-? sniffing document. Nobody in the group objected to having this move to WHAT-WG, and according to Larry Manister, the W3C is also fine with referencing the WHAT-?WG document, so the work item will be removed from our charter. Similarly, the WebAppSec group at W3C has asked to have the Frame-Options document move to them as part of a UI-Safety document which they are in the process of writing. Brad Hill argued for moving it, while Tobias Gondrom argued against. While there are some technical concerns about the solution in W3C, those can also be debated and resolved in W3C. As there was little objection to the move, this work item will also be removed from our charter after the chairs handle the move through the liaisons. Jeff Hodges presented his security framework draft. This is part of our charter, but no document has so far been adopted. The feeling in the room was that there would be consensus to adopt this, and we will take it to the list after Jeff submits the next revision. 4 people raised their hands when asked who would be willing to review the draft. That is not a lot, but I was not counting chairs / ADs. Ryan Sleevi presented on the progress on cert-pinning. There are some open issues that should be discussed on the list. The two most sticky among them are the issue of UA behavior in the face of a TLS proxy (issue #53), and interaction between this and HSTS (also in the face of a TLS proxy). Ryan said that he and the authors had more time to spend on this document now, so hopefully progress will be swifter. Alexey announced that he would be stepping down as WG chair. ###
- [websec] Meeting minutes uploaded Yoav Nir
- Re: [websec] Meeting minutes uploaded =JeffH
- Re: [websec] Meeting minutes uploaded Larry Masinter
- Re: [websec] Meeting minutes uploaded Yoav Nir