RE: What problems are we trying to solve? from Close, Tyler J. on 2006-12-08 (public-wsc-wg@w3.org from December 2006)

From: Close, Tyler J. <tyler.close@hp.com>
Date: Fri, 8 Dec 2006 16:00:41 -0600
To: <public-wsc-wg@w3.org>
Message-ID: <08CA2245AFCF444DB3AC415E47CC40AF508CC5@G3W0072.americas.hpqcorp.net>

Is the comment below about IDS-like processing the answer to my question
for clarification in
<http://lists.w3.org/Archives/Public/public-wsc-wg/2006Dec/0058.html>?

So,

"code based techniques to detect spoofing attacks"

and:

"calculations, algorithms, and functions that attempt to determine
whether or not an attack is underway"

both refer to IDS-like processing being out of scope? Does IDS-like
processing mean heuristic based detection? So for example, spam filter
like detection of phishing attacks is out of scope?

Tyler

-----Original Message-----
From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org]
On Behalf Of Thomas Roessler
Sent: Friday, December 08, 2006 10:55 AM
To: Mary Ellen Zurko
Cc: public-wsc-wg@w3.org
Subject: Re: What problems are we trying to solve?

Well, in looking at security context information (and how to present
it), we might arrive at the conclusion that there is just nothing useful
out there in some particular circumstance.  That conclusion would be
something to document.

On the other hand, I agree that the charter doesn't even go near
specifying any kind of sophisticated, IDS-like processing of context
information.

Cheers,
--
Thomas Roessler, W3C  <tlr@w3.org>

On 2006-12-08 08:22:10 -0500, Mary Ellen Zurko wrote:
> From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
> To: Thomas Roessler <tlr@w3.org>
> Cc: public-wsc-wg@w3.org
> Date: Fri, 8 Dec 2006 08:22:10 -0500
> Subject: Re: What problems are we trying to solve?
> X-Spam-Level: 
> 
> > when I had first seen your list, I had read that point with an
> > emphasis on "discovered an attack", and had thought of heuristic
> > techniques, IDS-like stuff, and so on.
> 
> Yes, that aspect too is out of scope.
> 
> > I do think that discussion on how user agents ought to react to
> > failures of security protocols is in scope -- the prime example here
> > being the MITM detection in SSL which is subverted by giving users
> > an override button that they'll of course push.
> 
> It's my understanding that the charter defines our scope (our goals
can be 
> more targetted than the scope allows for). Is my understanding wrong?
If 
> not, what part of the charter supports that?
>         Mez
>

Received on Friday, 8 December 2006 22:01:06 UTC