RE: IETF Web Authentication Resistant to Phishing from Dan Schutzer on 2007-12-19 (public-wsc-wg@w3.org from December 2007)

From: Dan Schutzer <dan.schutzer@fstc.org>
Date: Wed, 19 Dec 2007 11:13:41 -0500
To: "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>, <michael.mccormick@wellsfargo.com>, <public-wsc-wg@w3.org>
Cc: "'Michael Versace'" <michael.versace@fstc.org>
Message-ID: <01a101c8425a$20153610$6500a8c0@dschutzer>

FSTC's Dec 13th Security Standing Committee call had Sam present at our call
to present his ideas.

The full agenda is provided below. Michael Versace can you summarize this
discussion, unfortunately I was not able to make the meeting? Incidentally,
anyone on this distribution list that is interested can be added to the
Security Standing Committee distribution list and participate in these
calls.

Dan Schutzer 

The next Security and Infrastructure Committee Call of the FSTC is scheduled
for December 13, 2007, at 1:00 pm EST.  The agenda includes:

1.       Sam Hartman, MIT - Designing Web Authentication to Protect Identity
(see attached Sam Hartman - FSTC SCOM 1207.ppt)

2.       Mary Ruddy, Project Higgins - User-centered Identity Management
(see attached Higgins-FSTC-Intro-zip)

3.       FSTC Annual Report Draft (see - attached FSTC Annual Report -
2msv.doc)

4.       Key Project Activities

-----Original Message-----
From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Stephen Farrell
Sent: Wednesday, December 19, 2007 10:55 AM
To: michael.mccormick@wellsfargo.com; public-wsc-wg@w3.org
Subject: Re: IETF Web Authentication Resistant to Phishing

Thomas Roessler wrote:
> On 2007-12-13 12:42:14 -0600, michael.mccormick@wellsfargo.com wrote:
> 
>> http://tools.ietf.org/internet-drafts/draft-hartman-webauth-phishing-06.
>> txt
>>
>> Shouldn't W3C and IETF be coordinating these efforts?  They seem
>> interdependent since any new web security protocols require secure UIs
>> (and possibly vice-versa).
> 
> Note that this is an individual submission (by a very influential
> individual, nonetheless; yet, not uncontested) trying to mostly
> address some requirements analysis.  I know that several folks at
> W3C have been carefully watching the discussion around this one.
> General coordination happens during regular calls between W3C staff
> and the IESG.
> 
> Also, if this working group wanted to review the current draft and
> send comments, that would certainly a worthwhile endeavour.
> 
> See also:
>   http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0177.html  

That I-D was one of the subjects of the HTTP authentication bar bof
in Vancouver. There was talk of arranging a workshop sometime and
discussion is taking place on some list I can't recall right now.

S.

Received on Wednesday, 19 December 2007 16:14:16 UTC