[websec] fyi: I-D Action: draft-hodges-websec-framework-reqs-01
=JeffH <Jeff.Hodges@KingsMountain.com> Thu, 08 September 2011 23:50 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04B7B21F8BE8 for <websec@ietfa.amsl.com>; Thu, 8 Sep 2011 16:50:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.644
X-Spam-Level:
X-Spam-Status: No, score=-100.644 tagged_above=-999 required=5 tests=[AWL=-0.376, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, SARE_SUB_OBFU_Q1=0.227, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ldIjdgOfg1mN for <websec@ietfa.amsl.com>; Thu, 8 Sep 2011 16:50:38 -0700 (PDT)
Received: from oproxy7-pub.bluehost.com (oproxy7.bluehost.com [IPv6:2605:dc00:100:2::a7]) by ietfa.amsl.com (Postfix) with SMTP id 56DA021F8B6F for <websec@ietf.org>; Thu, 8 Sep 2011 16:50:38 -0700 (PDT)
Received: (qmail 2364 invoked by uid 0); 8 Sep 2011 23:52:30 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy7.bluehost.com with SMTP; 8 Sep 2011 23:52:30 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=Te8uVfs8JMdJeon9yRVzQfajEeGZzoUD2/vqjX9FjKg=; b=MbmOA6elKown/7Gz5mhujJgjZ5CybQggW57jgysVwwxegthgAnBh9CPoCygGijKLRN+s0EG6qZtUqZ5VfUszQOJxhcsyE2sbrQLj0kqdETZjM3VDfE86bVmOL6nBdLJJ;
Received: from outbound4.ebay.com ([216.113.168.128] helo=[10.244.137.209]) by box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1R1oOU-0006tX-Cd for websec@ietf.org; Thu, 08 Sep 2011 17:52:30 -0600
Message-ID: <4E69553F.8000609@KingsMountain.com>
Date: Thu, 08 Sep 2011 16:52:31 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.21) Gecko/20110831 Thunderbird/3.1.13
MIME-Version: 1.0
To: IETF WebSec WG <websec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Subject: [websec] fyi: I-D Action: draft-hodges-websec-framework-reqs-01
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2011 23:50:39 -0000
see below. I re-sub'd with only date change in order to avoid expiration. will revise a fair bit later here in Sept. though, now's a good time to review this doc, at least the high level taxonomy. There's been recent discussion in various quarters wrt "certificate pinning" and means to convey such, as well as various other web sec policies folks are anticipating/designing to convey in HTTP headers -- Thomas Roessler remarked on this in our session @IETF-82 Quebec -- e.g. in various w3c WGs, so time's getting ripe to think about this stuff overall. =JeffH Subject: I-D Action: draft-hodges-websec-framework-reqs-01.txt From: internet-drafts@ietf.org Date: Thu, 08 Sep 2011 15:26:06 -0700 To: i-d-announce@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Web Security Framework: Problem Statement and Requirements Author(s) : Jeff Hodges Filename : draft-hodges-websec-framework-reqs-01.txt Pages : 23 Date : 2011-09-08 Web-based malware and attacks are proliferating rapidly on the Internet. New web security mechanisms are also rapidly growing in number, although in an incoherent fashion. This document provides a brief overview of the present situation and the various seemingly piece-wise approaches being taken to mitigate the threats. It then provides an overview of requirements as presently being expressed by the community in various online and face-to-face discussions. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-hodges-websec-framework-reqs-01.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-hodges-websec-framework-reqs-01.txt _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt