from January 2008 by subject

A review of Web Security Context's Scope and Use Cases -- Last Call

ACTION-214 solicit commentary on Threat Trees from MITRE INFOSEC community Bill Doyle

ACTION-317: Different notions of KCM in different parts of the document

ACTION-334: Propose language on Bookmarks API

ACTION-336 OPEN Propose material for ISSUE-106 Stephen Farrell 2007-12-21

ACTION-340 OPEN Gather data about cost of TLS deployment Phillip Hallam-Baker 2007-12-10

ACTION-343 OPEN Begin examining some of the recommendations, write down the underlying assumptions for success, then list any prior studies that have already examined those assumptions, and possibly how to test the untested assumptions Serge Egelman 2007-12-21 User Studies

ACTION-344, ISSUE-120: Proposed normative material on audio logotypes

ACTION-345 OPEN Begin designing lo-fi user study for Browser Lockdown Maritza Johnson 2007-11-30

ACTION-353: Convert Mozilla FPWD review notes into issues

ACTION-356: picture-in-picture attacks

ACTION-357: less conspicuous hovering effects

ACTION-360: Mez's editorial nits; petnames in identity signal?

ACTION-361 OPEN review wsc-xit Phillip Hallam-Baker 2008-01-01

ACTION-362 OPEN review wsc-xit William Eburn 2008-01-01

ACTION-369: webarch implications of 7.2

ACTION-372: Proposed replacement for 7.6

ACTION-373 Poll al G about shoulder surfing attacks in context of assistive technologies

ACTION-374 - proposed re-written text for 6.3, Page Security Score

ACTION-377: Hook for UIs in seciton 7.8

ACTION-380: Text for ISSUE-131

ACTION-381: ISSUE-130 (consistent across devices) done

Agenda: WSC WG distributed meeting, Wednesday, 2008-01-09

Agenda: WSC WG distributed meeting, Wednesday, 2008-01-16

Agenda: WSC WG distributed meeting, Wednesday, 2008-01-23

Agenda: WSC WG weekly 2008-01-30

call for demos for the f2f

Form editor question

How to write a good issue

IE Favorites Feature May Allow Phishing

Is the padlock a page security score?

ISSUE-127: Safe Form Bar: Separate MITM handling? [Techniques]

ISSUE-131 (Code outside browser): Executing code outside of browser in is vague / scary [All]

ISSUE-142: Page Security Score does not yet have enough content behind it [wsc-xit]

ISSUE-146: 7.1 to reference where xit talks about how identity is presented [wsc-xit]

ISSUE-147: Descriptions of certificate matching rules in SWFE need explanations somewhere [wsc-xit]

ISSUE-148: Downgrade ability to update an organization's name and address to SHOULD [wsc-xit]

ISSUE-149: Condense 7.2 to its first normative directive only [wsc-xit]

ISSUE-150: Abstract how user navigates to a site for establishing a new relationship

ISSUE-151: Make "similar" clearer (in choosing petnames) [wsc-xit]

ISSUE-152: Clarify the point of "distinguishing" between static and other text in messages [wsc-xit]

ISSUE-153: Tie SWFE to secondary SCI [wsc-xit]

ISSUE-154: Provide unique labels for each message and use them consistently as references [wsc-xit]

ISSUE-155: Remove references to contacts option [wsc-xit]

ISSUE-156: Tighten and abstract seleting the text string [wsc-xit]

ISSUE-157: Masking only MUST for passwords [wsc-xit]

ISSUE-158: Abstracting and tightening editing of stored history [wsc-xit]

ISSUE-159: Merge 7.8 into 8.2 [wsc-xit]

ISSUE-160: Remove section 7.9 [wsc-xit]

ISSUE-161: Be clearer about security indicator images [wsc-xit]

ISSUE-162: Recognize there are other forms of network security [wsc-xit]

ISSUE-163: Make (sure) 9.4 is internally consistent [wsc-xit]

ISSUE-164: SSC != CoSL [wsc-xit]

ISSUE-165: Allow for (non default) configuration of notification of first time TLS interaction with a site [wsc-xit]

ISSUE-166: Consider dropping section 5.2 in favour of "standard" matching algo, if appropriate.

ISSUE-167: Should Section 5.3.1 specify normative details for a theoretical technology?

ISSUE-168: Section 5.5.2 might be over-restrictive, especially on first-visit-redirect [wsc-xit]

ISSUE-169: Section 5.5.3 creates a burden on browsers to remember past certificates

ISSUE-170: 6.3 Seems more like extension/experimentation than standardization [wsc-xit]

ISSUE-171: 7.8 Is unclear about data retention requirements [wsc-xit]

ISSUE-172: 7.9 Normative text assumes a service we don't otherwise mention or expect to exist [wsc-xit]

ISSUE-173: 8.1.1 Requires user testing for the purposes of conformance [wsc-xit]

ISSUE-174 (5.4 wsc-xit comments): review wsc-xit - general comments section 5.4 (public comment) [wsc-xit]

ISSUE-175 (wsc-xit comment section 6.5): general comment section 6.5 table and bullet list (public comment) [wsc-xit]

ISSUE-176 (wsc-xit comment section 6.5 tls/ssl): general comment section 6.5 tls/ssl processing (public comment) [wsc-xit]

ISSUE-177 (wsc-xit comment section 6.5 tls/ssl pt2): general comment section 6.5 tls/ssl pt2 (public comment) [wsc-xit]

ISSUE-178 (wsc-xit comment section 10.2.2): general comment section 10.2.2 conceptual model (public comment) [wsc-xit]

ISSUE-179 (wsc-xit comment section 10.2.3): general comment section 10.2.3 (public comment) [wsc-xit]

ISSUE-180 (wsc-xit spelling mistakes ): wsc-xit spelling mistakes (public comment) [wsc-xit]

ISSUE-181: Should there be an authoring practice suggesting http/https URI space consistency [wsc-xit]

May f2f plans - query on joint meeting with CABForum

meeting conflict - only available for first 1/2 hour

Meeting record: WSC WG weekly 2007-12-19

Meeting record: WSC WG weekly 2008-01-09

Meeting record: WSC WG weekly 2008-01-16

Open Issues added to xit

Please review ACTION-367 results

Regrets for Jan-30 call

TLS/SSL robustness - high, medium, low

Troubles with KCM

usecases comments Re: Comments on draft documents posted to the WSC wiki

weekly call on 30 January

WSC Open Action Items

WSC WG distributed meeting, Wednesday, 2008-01-16

wsc-usecases comments Re: Comments on draft documents posted to the WSC wiki

wsc-xit next steps

WSC-XIT review

ยป Even SSL Gmail can get sidejacked | Zero Day |

Last message date: Thursday, 31 January 2008 17:10:44 UTC