Re: Transition Request: Subresource Integrity to FPWD

On 3/20/2014 7:11 AM, Wendy Seltzer wrote:
> On 03/20/2014 09:32 AM, Henry S. Thompson wrote:
>> So I'm curious, perhaps even concerned, about the overlap between this
>> work and the IETF.  Is the WG, or are you personally, regularly in
>> touch with the right people at the IETF to be sure you're not stepping
>> on toes over there, with respect to WebAppSec in general, and this
>> document's proposals in particular?

We once tried to get this concept done in the IETF, in the form of "link
fingerprints".
http://www.gerv.net/security/link-fingerprints/

Mozilla even had an experimental implementation
https://bugzilla.mozilla.org/show_bug.cgi?id=377245

It got shut down in the IETF, with the suggestion that it didn't belong
in URLs but should rather be done as document metadata in the W3C. The
concept took a vacation for half a decade but that's where we now are:
in the W3C at the request of the IETF.

-Dan Veditz

Received on Friday, 21 March 2014 01:35:16 UTC