11/28 Minutes
ACTION-214 OPEN solicit commentary on Threat Trees from MITRE INFOSEC
ACTION-214 OPEN solicit commentary on Threat Trees from MITREINFOSEC
ACTION-304: Lo Fi demo opf Secure Letterhead
ACTION-318: Draft a new subsection to section 7 discussing the mixing of trusted/untrusted information in the UI
ACTION-318: Draft a new subsection to section 7 discussing themixing of trusted/untrusted information in the UI
ACTION-326: Transfer RobustSharedSecret into section 8.2
ACTION-329 Review 8.2 to ensure suitability of language in non-visual contexts Bruno von Niman 2007-11-12
ACTION-344, ISSUE-120: Proposed normative material on audio logotypes
ACTION-346 - Suggest alternate text for 8.1.2
ACTION-347: Chinese Whispers
ACTION-348: cert related terminology
ACTION-349: verify that normative material from WhatIsASecurePage was fully incorporated in wsc-xit
ACTION-355: Describe algorithms commonly used to create display names of certificates
ACTION-358 (ISSUE-116) Proposed Language
ACTION-363 Ian's WSC-XIT review
ACTION-381: Draft a new subsection discussing the mixing of trusted/untrusted information in the UI
Agenda: WSC WG distributed meeting, Wednesday, 2007-12-05
Agenda: WSC WG distributed meeting, Wednesday, 2007-12-12
Agenda: WSC WG distributed meeting, Wednesday, 2007-12-19
CA DN collisions?
Certificate status checks vs validity period; self-signed certs(Re: Current state of editor's draft / IdentitySignal)
Comments on Draft
Comments on: Access Control for Cross-site Requests
- Hal Lockhart (Monday, 17 December)
- Doyle, Bill (Monday, 17 December)
- Thomas Roessler (Monday, 17 December)
- Mary Ellen Zurko (Wednesday, 12 December)
- Doyle, Bill (Tuesday, 11 December)
- Mary Ellen Zurko (Wednesday, 5 December)
- Close, Tyler J. (Wednesday, 5 December)
December 5 regrets
Discontinuation of ANEC representation
IETF Web Authentication Resistant to Phishing
ISSUE-123 - Safe Form Bar: HTTP assumptions in "no TLS" section
ISSUE-126: Define "picture-in-picture attack" [Techniques]
ISSUE-131 (Code outside browser): Executing code outside of browser in 8.3.2.3 is vague / scary [All]
ISSUE-133 (Plugin Problems): How do our definition of Web Page and the Robustiness section interact? [wsc-xit]
ISSUE-134: Let others besides industry define AAC criteria [wsc-xit]
ISSUE-135 (SSC assertions): Not trusting any SSC assertion seems overbroad [wsc-xit]
ISSUE-136: Allow new established patterns to redefine what's expected in terms of strong TLS protection [wsc-xit]
ISSUE-137: Require Identity Signal whenever URLs are displayed [wsc-xit]
ISSUE-138: Downgrade strength of Issuer field's Organziation attribute [wsc-xit]
ISSUE-139: Clarify UX of CoSL [wsc-xit]
ISSUE-140: Don't show certificate information as identity when its weak [wsc-xit]
ISSUE-141: More history that may be part of additional security context information [wsc-xit]
ISSUE-142: Page Security Score does not yet have enough content behind it [wsc-xit]
ISSUE-143: MITM cert handling needs some sketching out of examples [wsc-xit]
ISSUE-144: Do we need to specify mixed content in more detail? [wsc-xit]
ISSUE-145: WhatIsASecurePage not fully incorporated [wsc-xit]
Jan Vidar's review of wsc-xit
Larry Seltzer proclaims DNSSEC DOA
Linking certs
Luis Barriga's WSC-XIT Review
Meeting record: 2007-11-28
Meeting record: 2007-12-12
Mez' review of wsc-xit
need to adjust action items
Opera's wsc-xit review comments
Social Networks, Phishing and Privacy
threats Re: Comments on draft documents posted to the WSC wiki
usecases comments Re: Comments on draft documents posted to the WSC wiki
Weekly WSC conference call 12/05 - regrets
WSC meetings - Holiday schedule
WSC Open Action Items
wsc-xit review comments
wsc-xit review notes
xit comments Re: Comments on draft documents posted to the WSC wiki
Yngve's wsc-xit review
Last message date: Friday, 28 December 2007 19:52:35 UTC