W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2012

wrt Review of IETF 83 (Jeff Hodges, EKR)

From: =JeffH <Jeff.Hodges@PayPal.com>
Date: Tue, 10 Apr 2012 14:10:29 -0700
Message-ID: <4F84A1C5.1090403@PayPal.com>
To: W3C Web App Security WG <public-webappsec@w3.org>
below's what I have in my notes re IETF 83 that would seem of interest to 
WebAppSec denizens.
HTH,

=JeffH
------



more relevant:
--------------


WebSec WG
  HSTS spec in WG Last Call
   various comments received, working through them, no showstoppers
   -07 revision Real Soon Now

  draft-hodges-websec-framework-reqs-01
   to be rev'd here in April




IAB Tech Plenary
"Implementation Challenges for Browser Security"
http://www.ietf.org/proceedings/83/slides/slides-83-iab-7-technical-plenary.pptx

When Good Standards Go Bad
http://www.ietf.org/proceedings/83/slides/slides-83-iab-8-technical-plenary.pptx

How do we get to TLS Everywhere?
http://www.ietf.org/proceedings/83/slides/slides-83-iab-9-technical-plenary.pdf

Lessons Learned from WebSockets
http://www.ietf.org/proceedings/83/slides/slides-83-iab-10-technical-plenary.pdf

Cryptography Infrastructure
http://www.ietf.org/proceedings/83/slides/slides-83-iab-11-technical-plenary.pdf

It's Not the End of the World
http://www.ietf.org/proceedings/83/slides/slides-83-iab-12-technical-plenary.pdf



dnsapi side meeting
  work on a dns API accommodating async operations and DNSSEC data is 
progressing (small group effort)



PKIX
  massimiliano pala of NYU
  "Revocation and SSL Replacements/Enhancements"
  https://www.ietf.org/proceedings/83/slides/slides-83-pkix-10.pdf

  Proposed thoughts of "Must Staple OCSP" by PHB
  [ PHB not in attendance, slides not discussed in WG session, but available
   nonetheless ]
  https://www.ietf.org/proceedings/83/slides/slides-83-pkix-9.pdf


HTTPbis
   HTTP/1.1 (RFC2616bis) Parts 4 - 7 are in WGLC

   Parts 1 - 3 entering WGLC "soon"


   HTTP/2.0
    note that the 2.0 moniker means not wire-compatible

    Process and requirements overview by Mark Nottingham
    https://www.ietf.org/proceedings/83/slides/slides-83-httpbis-6.pdf

    requirements gathering for HTTP/2.0 is at..
    http://bit.ly/http2reqs

    nominal proposals on proverbial table:

      SPDY
      https://www.ietf.org/proceedings/83/slides/slides-83-httpbis-3.pdf

      Microsoft "HTTP Speed+Mobility"
      https://www.ietf.org/proceedings/83/slides/slides-83-httpbis-4.pdf

      WAKA
      https://www.ietf.org/proceedings/83/slides/slides-83-httpbis-5.pdf



less relevant:
-------------


CFRG - Crypto Function Research Group

  two "password-authenticated key exchange (pake)"-like schemes presented

  Bellovin: "hashed pswd exchange"
  https://www.ietf.org/proceedings/83/slides/slides-83-cfrg-2.pdf

  dan harkins: dragonfly: a pake scheme
http://www.ietf.org/proceedings/83/slides/slides-83-cfrg-0.pdf



ISOC authn & authz: next steps for openid & oauth - side meeting



SAAG (sec area advisory group)

  Hannes Tschofenig's report on Smart Object Security Workshop
  http://www.lix.polytechnique.fr/hipercom/SmartObjectSecurity/

  position papers..
  http://www.tschofenig.priv.at/sos-papers/PositionPapers.htm

  Eric Rescorla, "A Brief Survey of Imprinting Options for Constrained Devices"
  http://www.tschofenig.priv.at/sos-papers/EricRescorla.pdf
  "imprinting" == "introducing constrained device (smart object) into new 
network (eg your home)"



---
end
Received on Tuesday, 10 April 2012 21:11:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 10 April 2012 21:11:01 GMT