- From: Lisa Dusseault <lisa@osafoundation.org>
- Date: Wed, 3 Sep 2008 13:41:39 -0700
- To: HTTP Working Group <ietf-http-wg@w3.org>, secdir@mit.edu, saag@ietf.org, Apps Discuss <discuss@ietf.org>
- Cc: ietf-http-auth@osafoundation.org
You may have seen this draft a year ago; Sam is back working on it and
produced version -09 last month.
http://tools.ietf.org/html/draft-hartman-webauth-phishing-09
If you've reviewed it before, please take a look at the changes. If
you'd like to review it, please do. I'm the shepherd for this draft,
so comments can be sent to me, to Sam as author, to ietf-http-auth@osafoundation.org
, or to the IETF general list as appropriate.
In addition to getting general input, I'd like to get a sense of
whether we have consensus on a couple things.
a). The statement including "IETF recommends", from section 1.1 of
the draft:
"In publishing this memo, the IETF recommends making available
authentication mechanisms that meet the requirements outlined in
Section 4 in HTTP user agents including web browsers. It is hoped
that these mechanisms will prove a useful step in fighting phishing.
However this memo does not restrict work either in the IETF or any
other organization. In particular, new authentication efforts are
not bound to meet the requirements posed in this memo unless the
charter for those efforts chooses to make these binding
requirements.
Less formally, the IETF presents this memo as an option to pursue
while acknowledging that there may be other promising paths both now
and in the future."
b) Whether the document should require mutual authentication (section
4.4).
Thanks,
Lisa D.
Received on Wednesday, 3 September 2008 20:42:27 UTC