RE: What problems are we trying to solve? from Mary Ellen Zurko on 2006-12-11 (public-wsc-wg@w3.org from December 2006)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Mon, 11 Dec 2006 11:28:24 -0500
To: tyler.close@hp.com
Cc: public-wsc-wg@w3.org
Message-ID: <OF64C49159.40AD7FDF-ON85257241.00596B22-85257241.005A7D91@LocalDomain>

As discussions with Thomas on the list have shown, they're certainly 
related. The former was meant to cover active anti spoofing functionality 
like comparing something about one site to something about another 
("paypa1 is pretty close to paypal, or 95% of the images on this site are 
identical to a site you have bookmarked"). The latter was meant to get at 
more traditional intrusion or virus detect algorithms (sense of self, 
"signatures" of known attacks). 

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect

"Close, Tyler J." <tyler.close@hp.com> 
Sent by: public-wsc-wg-request@w3.org
12/07/2006 08:32 PM

To
<public-wsc-wg@w3.org>
cc

Subject
RE: What problems are we trying to solve?

Hi Mez,

Thanks, that was helpful.

For now, I've summarized that point in the wiki as:

"Any recommendation to prohibit the user from interacting with a web
page"

I also need more information on:

"code based techniques to detect spoofing attacks"

as well as how that relates to:

"calculations, algorithms, and functions that attempt to determine
whether or not an attack is underway"

Are these two the same?

Thanks,
Tyler

________________________________

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org]
On Behalf Of Mary Ellen Zurko
Sent: Thursday, December 07, 2006 3:05 PM
To: Close, Tyler J.
Cc: public-wsc-wg@w3.org
Subject: RE: What problems are we trying to solve?

Since our charter is recommendations on secure and usable presentation
of web security context information, it does not cover recommendations
on what browsers should do should they display or determine that web
security context information indicates (the potential for) an attack.
For example, stating whether or not users should be allowed to go to
sites under particular circumstances would be out of charter. 
        Mez

"Close, Tyler J." <tyler.close@hp.com> 
Sent by: public-wsc-wg-request@w3.org 

12/05/2006 02:08 PM

To
                 <public-wsc-wg@w3.org> 
cc

Subject
                 RE: What problems are we trying to solve?

Mary Ellen Zurko wrote:
> Out of scope: 
> *                 techniques to stop the user from taking an action
because
>     an attack has been discovered 

Could you clarify the above item?

Thanks,
Tyler

Received on Monday, 11 December 2006 16:28:54 UTC