- From: =JeffH <Jeff.Hodges@PayPal.com>
- Date: Tue, 10 Apr 2012 14:10:29 -0700
- To: W3C Web App Security WG <public-webappsec@w3.org>
below's what I have in my notes re IETF 83 that would seem of interest to
WebAppSec denizens.
HTH,
=JeffH
------
more relevant:
--------------
WebSec WG
HSTS spec in WG Last Call
various comments received, working through them, no showstoppers
-07 revision Real Soon Now
draft-hodges-websec-framework-reqs-01
to be rev'd here in April
IAB Tech Plenary
"Implementation Challenges for Browser Security"
http://www.ietf.org/proceedings/83/slides/slides-83-iab-7-technical-plenary.pptx
When Good Standards Go Bad
http://www.ietf.org/proceedings/83/slides/slides-83-iab-8-technical-plenary.pptx
How do we get to TLS Everywhere?
http://www.ietf.org/proceedings/83/slides/slides-83-iab-9-technical-plenary.pdf
Lessons Learned from WebSockets
http://www.ietf.org/proceedings/83/slides/slides-83-iab-10-technical-plenary.pdf
Cryptography Infrastructure
http://www.ietf.org/proceedings/83/slides/slides-83-iab-11-technical-plenary.pdf
It's Not the End of the World
http://www.ietf.org/proceedings/83/slides/slides-83-iab-12-technical-plenary.pdf
dnsapi side meeting
work on a dns API accommodating async operations and DNSSEC data is
progressing (small group effort)
PKIX
massimiliano pala of NYU
"Revocation and SSL Replacements/Enhancements"
https://www.ietf.org/proceedings/83/slides/slides-83-pkix-10.pdf
Proposed thoughts of "Must Staple OCSP" by PHB
[ PHB not in attendance, slides not discussed in WG session, but available
nonetheless ]
https://www.ietf.org/proceedings/83/slides/slides-83-pkix-9.pdf
HTTPbis
HTTP/1.1 (RFC2616bis) Parts 4 - 7 are in WGLC
Parts 1 - 3 entering WGLC "soon"
HTTP/2.0
note that the 2.0 moniker means not wire-compatible
Process and requirements overview by Mark Nottingham
https://www.ietf.org/proceedings/83/slides/slides-83-httpbis-6.pdf
requirements gathering for HTTP/2.0 is at..
http://bit.ly/http2reqs
nominal proposals on proverbial table:
SPDY
https://www.ietf.org/proceedings/83/slides/slides-83-httpbis-3.pdf
Microsoft "HTTP Speed+Mobility"
https://www.ietf.org/proceedings/83/slides/slides-83-httpbis-4.pdf
WAKA
https://www.ietf.org/proceedings/83/slides/slides-83-httpbis-5.pdf
less relevant:
-------------
CFRG - Crypto Function Research Group
two "password-authenticated key exchange (pake)"-like schemes presented
Bellovin: "hashed pswd exchange"
https://www.ietf.org/proceedings/83/slides/slides-83-cfrg-2.pdf
dan harkins: dragonfly: a pake scheme
http://www.ietf.org/proceedings/83/slides/slides-83-cfrg-0.pdf
ISOC authn & authz: next steps for openid & oauth - side meeting
SAAG (sec area advisory group)
Hannes Tschofenig's report on Smart Object Security Workshop
http://www.lix.polytechnique.fr/hipercom/SmartObjectSecurity/
position papers..
http://www.tschofenig.priv.at/sos-papers/PositionPapers.htm
Eric Rescorla, "A Brief Survey of Imprinting Options for Constrained Devices"
http://www.tschofenig.priv.at/sos-papers/EricRescorla.pdf
"imprinting" == "introducing constrained device (smart object) into new
network (eg your home)"
---
end
Received on Tuesday, 10 April 2012 21:11:01 UTC