Re: IETF seeking review: draft-hartman-webauth-phishing-03.txt from Thomas Roessler on 2007-06-24 (public-wsc-wg@w3.org from June 2007)

From: Thomas Roessler <tlr@w3.org>
Date: Sun, 24 Jun 2007 16:33:18 -0700
To: Dan Schutzer <dan.schutzer@fstc.org>
Cc: public-wsc-wg@w3.org, ldusseault@commerce.net
Message-ID: <20070624233318.GB3883@raktajino.does-not-exist.org>

As Dan noticed in an off-list message, I used the wrong e-mail
address for Lisa.  This message should reach her.
-- 
Thomas Roessler, W3C  <tlr@w3.org>






On 2007-06-24 06:53:05 -0400, Dan Schutzer wrote:
> From: Dan Schutzer <dan.schutzer@fstc.org>
> To: 'Thomas Roessler' <tlr@w3.org>, public-wsc-wg@w3.org
> Cc: lisa@commerce.net
> Date: Sun, 24 Jun 2007 06:53:05 -0400
> Subject: RE: IETF seeking review: draft-hartman-webauth-phishing-03.txt
> X-Spam-Level: 
> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5
> 
> FSTC will be interested in providing a comment, and would be glad to work on
> a group comment. What are the next steps?
> 
> Dan Schutzer
> Dan.schutzer@fstc.org
> 
> -----Original Message-----
> From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
> Behalf Of Thomas Roessler
> Sent: Saturday, June 23, 2007 9:44 AM
> To: public-wsc-wg@w3.org
> Cc: lisa@commerce.net
> Subject: IETF seeking review: draft-hartman-webauth-phishing-03.txt
> 
> 
> Sam Hartman's Internet Draft "Requirements for Web Authentication
> Resistant to Phishing" [1] is currently in IETF Last Call; Lisa
> Dusseault (copied here) is the sponsoring Area Director.
> 
> Abstract:
> 
>   This memo proposes requirements for protocols between web identity
>   providers and users and for requirements for protocols between
>   identity providers and relying parties.  These requirements
>   minimize the likelihood that criminals will be able to gain the
>   credentials necessary to impersonate a user or be able to
>   fraudulently convince users to disclose personal information.  To
>   meet these requirements browsers must change.  Websites must never
>   receive information such as passwords that can be used to
>   impersonate the user to third parties.  Browsers should perform
>   mutual authentication and flag situations when the target website
>   is not authorized to accept the identity being offered as this is
>   a strong indication of fraud.
> 
> I understand that review comments from this Working Group would be
> very welcome, and that such comments would be most useful if they
> arrived during the next two weeks.
> 
> If anybody is interested in putting together a group review, please
> let me know.  Individual comments are fine as well.
> 
> 1. http://www.ietf.org/internet-drafts/draft-hartman-webauth-phishing-03.txt
> 
> Regards,
> -- 
> Thomas Roessler, W3C  <tlr@w3.org>
> 
> 
> 
>

Received on Sunday, 24 June 2007 23:33:41 UTC