Re: [websec] HTTP Integrity header / Session Continuation scheme

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 15 November 2012 09:05 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E9E221F8639 for <websec@ietfa.amsl.com>; Thu, 15 Nov 2012 01:05:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v6E6g+y8HPEq for <websec@ietfa.amsl.com>; Thu, 15 Nov 2012 01:05:56 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id CDA5B21F85C4 for <websec@ietf.org>; Thu, 15 Nov 2012 01:05:54 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 32500BE1C; Thu, 15 Nov 2012 09:05:30 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hy90zZ08ZlY7; Thu, 15 Nov 2012 09:05:29 +0000 (GMT)
Received: from [10.87.48.10] (unknown [86.44.71.235]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 63C14BDCC; Thu, 15 Nov 2012 09:05:29 +0000 (GMT)
Message-ID: <50A4B059.4020004@cs.tcd.ie>
Date: Thu, 15 Nov 2012 09:05:29 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121028 Thunderbird/16.0.2
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>
References: <CAMm+Lwh2c4NsHErsbsf3awJn8kt3V1D_KAo7fOW_oSsHA-_BvA@mail.gmail.com>
In-Reply-To: <CAMm+Lwh2c4NsHErsbsf3awJn8kt3V1D_KAo7fOW_oSsHA-_BvA@mail.gmail.com>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: websec <websec@ietf.org>
Subject: Re: [websec] HTTP Integrity header / Session Continuation scheme
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Nov 2012 09:05:56 -0000

Just on one point...

On 11/15/2012 01:53 AM, Phillip Hallam-Baker wrote:
> But right now the scheme could fit in WebSec or could fit in HTTPbis or
> even the proposed Web Authentication WG.

The proposal is for an HTTP authentication WG and not for
a broader web authentication WG. Only worth pointing out
since that caused some confusion at the BoF.

Ta,
S.