W3C home > Mailing lists > Public > public-web-security@w3.org > April 2014

RE: IETF/W3C STRINT workshop report draft published

From: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
Date: Wed, 30 Apr 2014 16:09:08 +0200
To: "Hodges, Jeff" <jeff.hodges@paypal.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <239D7A53E5B17B4BB20795A7977613A40207EB524F83@CROEXCFWP04.gemalto.com>
Thanks Jeff,

It looks to me that the take away related to points 7/8/10 in the IETF report mentioned below may have an impact on W3C activities. W3C Web Security IG may have those items in its radar, in collaboration with PING.
In addition, point 3, which is a follow up on security threat model is key to keep a common knowledge of risks and possible countermeasures.
Regards,
Virginie


3.   Work should continue on progressing the PM threat model
        draft[I-D.barnes-pervasive-problem] discussed in the workshop.

7.      Many User Interfaces (UI) could be better in terms of how they
        present security state, though this is a significantly hard
        problem.  There may be benefits if certain dangerous choices
        were simply not offered anymore.  But that could require
        significant co-ordination among competing software makers,
        otherwise some will be considered "broken" by users.

8.   Ways to better integrate UI issues into the processes of IETF
        and W3C needs further discussion.

10.  The IETF and W3C can do more so that default ("out-of-the-box")
        settings for protocols better protect security and privacy.

-----Original Message-----
From: Hodges, Jeff [mailto:jeff.hodges@paypal.com]
Sent: mardi 29 avril 2014 17:56
To: public-web-security@w3.org
Cc: Stephen Farrell
Subject: IETF/W3C STRINT workshop report draft published

See...

https://tools.ietf.org/html/draft-iab-strint-report-00

https://www.w3.org/2014/strint/report.html
(has STRINT minutes etc.)

HTH,

=JeffH

> -----Original Message-----
> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
> Sent: Tuesday, March 25, 2014 4:38 AM
> To: Arthur Barstow; GALINDO Virginie; public-web-security@w3.org
> Subject: Re: W3C Web Security IG - IETF/W3C STRINT workshop
> contributions are public
>
>
>
> On 03/25/2014 11:11 AM, Arthur Barstow wrote:
> > On 2/10/14 8:13 AM, ext GALINDO Virginie wrote:
> >>
> >> Hi all,
> >>
> >> The STRINT workshop on strengthening the internet will be held on
> >> 27^th feb /1^st march. All contributions are available under
> >> https://www.w3.org/2014/strint/report.html.
> >>
> >> I guess, we will have to track the results of the discussions.
> >>
> >
> > Thanks for this info Virginie!
> >
> > The above indicates a report "will be published _soon_". Does anyone
> > know the ETA? I am especially interested in whether or not there is
> > consensus to do related work in W3C and if so, the high priority
> > work items.
>
> ETA == soon:-)
>
> Unfortunately some day job things (and workshop/IETF meeting
> recovery) have gotten in the way 'till now. I hope we can get a
> version done in the next week or two.
>
> Cheers,
> S.
>
>
> >
> > -Thanks, ArtB
> >
> >
> >
> >



This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus
Received on Wednesday, 30 April 2014 14:09:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:21 UTC