A review of Web Security Context's Scope and Use Cases -- Last Call
ACTION-214 solicit commentary on Threat Trees from MITRE INFOSEC community Bill Doyle
ACTION-317: Different notions of KCM in different parts of the document
ACTION-334: Propose language on Bookmarks API
ACTION-336 OPEN Propose material for ISSUE-106 Stephen Farrell 2007-12-21
ACTION-340 OPEN Gather data about cost of TLS deployment Phillip Hallam-Baker 2007-12-10
ACTION-343 OPEN Begin examining some of the recommendations, write down the underlying assumptions for success, then list any prior studies that have already examined those assumptions, and possibly how to test the untested assumptions Serge Egelman 2007-12-21 User Studies
ACTION-344, ISSUE-120: Proposed normative material on audio logotypes
ACTION-345 OPEN Begin designing lo-fi user study for Browser Lockdown Maritza Johnson 2007-11-30
ACTION-353: Convert Mozilla FPWD review notes into issues
ACTION-356: picture-in-picture attacks
ACTION-357: less conspicuous hovering effects
ACTION-360: Mez's editorial nits; petnames in identity signal?
ACTION-361 OPEN review wsc-xit Phillip Hallam-Baker 2008-01-01
ACTION-362 OPEN review wsc-xit William Eburn 2008-01-01
ACTION-369: webarch implications of 7.2
ACTION-372: Proposed replacement for 7.6
ACTION-373 Poll al G about shoulder surfing attacks in context of assistive technologies
ACTION-374 - proposed re-written text for 6.3, Page Security Score
- Mary Ellen Zurko (Thursday, 24 January)
- Johnathan Nightingale (Thursday, 24 January)
- William Eburn (Thursday, 24 January)
- michael.mccormick@wellsfargo.com (Thursday, 24 January)
- Serge Egelman (Thursday, 24 January)
- Serge Egelman (Thursday, 24 January)
- Ian Fette (Thursday, 24 January)
- michael.mccormick@wellsfargo.com (Thursday, 24 January)
- Dan Schutzer (Thursday, 24 January)
- Ian Fette (Thursday, 24 January)
- Timothy Hahn (Thursday, 24 January)
- Ian Fette (Wednesday, 23 January)
- Timothy Hahn (Wednesday, 23 January)
- Ian Fette (Wednesday, 23 January)
- Timothy Hahn (Wednesday, 23 January)
- Mary Ellen Zurko (Wednesday, 23 January)
- michael.mccormick@wellsfargo.com (Wednesday, 23 January)
- Timothy Hahn (Wednesday, 23 January)
ACTION-377: Hook for UIs in seciton 7.8
ACTION-380: Text for ISSUE-131
ACTION-381: ISSUE-130 (consistent across devices) done
Agenda: WSC WG distributed meeting, Wednesday, 2008-01-09
Agenda: WSC WG distributed meeting, Wednesday, 2008-01-16
Agenda: WSC WG distributed meeting, Wednesday, 2008-01-23
Agenda: WSC WG weekly 2008-01-30
call for demos for the f2f
Form editor question
How to write a good issue
IE Favorites Feature May Allow Phishing
Is the padlock a page security score?
- Robert Yonaitis (Monday, 14 January)
- Dan Schutzer (Monday, 14 January)
- Dan Schutzer (Monday, 14 January)
- Thomas Roessler (Sunday, 13 January)
- Michael Versace (Friday, 11 January)
- michael.mccormick@wellsfargo.com (Friday, 11 January)
- Serge Egelman (Friday, 11 January)
- Anil Saldhana (Friday, 11 January)
- Ian Fette (Friday, 11 January)
- Anil Saldhana (Friday, 11 January)
- Mike Beltzner (Friday, 11 January)
- michael.mccormick@wellsfargo.com (Friday, 11 January)
- Mike Beltzner (Friday, 11 January)
- michael.mccormick@wellsfargo.com (Friday, 11 January)
- michael.mccormick@wellsfargo.com (Friday, 11 January)
- Timothy Hahn (Friday, 11 January)
- William Eburn (Friday, 11 January)
- Ian Fette (Friday, 11 January)
- William Eburn (Friday, 11 January)
- Doyle, Bill (Friday, 11 January)
- Robert Yonaitis (Friday, 11 January)
- Mary Ellen Zurko (Friday, 11 January)
- Mike Beltzner (Friday, 11 January)
- Dan Schutzer (Friday, 11 January)
- Dan Schutzer (Friday, 11 January)
- Serge Egelman (Friday, 11 January)
- Robert Yonaitis (Thursday, 10 January)
- michael.mccormick@wellsfargo.com (Thursday, 10 January)
- Serge Egelman (Thursday, 10 January)
- michael.mccormick@wellsfargo.com (Thursday, 10 January)
- michael.mccormick@wellsfargo.com (Thursday, 10 January)
- Ian Fette (Thursday, 10 January)
- Serge Egelman (Thursday, 10 January)
- William Eburn (Thursday, 10 January)
- Serge Egelman (Thursday, 10 January)
- Serge Egelman (Thursday, 10 January)
- William Eburn (Thursday, 10 January)
- Robert Yonaitis (Thursday, 10 January)
- Anil Saldhana (Thursday, 10 January)
- Serge Egelman (Thursday, 10 January)
- michael.mccormick@wellsfargo.com (Thursday, 10 January)
- William Eburn (Thursday, 10 January)
- Serge Egelman (Thursday, 10 January)
- William Eburn (Thursday, 10 January)
- Serge Egelman (Thursday, 10 January)
- Anil Saldhana (Thursday, 10 January)
- Ian Fette (Thursday, 10 January)
- Robert Yonaitis (Thursday, 10 January)
- Serge Egelman (Thursday, 10 January)
- Anil Saldhana (Thursday, 10 January)
- Anil Saldhana (Thursday, 10 January)
- Robert Yonaitis (Thursday, 10 January)
- William Eburn (Thursday, 10 January)
- Serge Egelman (Thursday, 10 January)
- michael.mccormick@wellsfargo.com (Thursday, 10 January)
- Serge Egelman (Thursday, 10 January)
- Serge Egelman (Thursday, 10 January)
- Ian Fette (Thursday, 10 January)
- Anil Saldhana (Thursday, 10 January)
- Ian Fette (Thursday, 10 January)
- Dan Schutzer (Thursday, 10 January)
- Mike Beltzner (Thursday, 10 January)
- michael.mccormick@wellsfargo.com (Thursday, 10 January)
- Ian Fette (Thursday, 10 January)
- Dan Schutzer (Thursday, 10 January)
- Ian Fette (Thursday, 10 January)
- Ian Fette (Thursday, 10 January)
- michael.mccormick@wellsfargo.com (Thursday, 10 January)
- Timothy Hahn (Thursday, 10 January)
- Ian Fette (Thursday, 10 January)
- michael.mccormick@wellsfargo.com (Thursday, 10 January)
- michael.mccormick@wellsfargo.com (Thursday, 10 January)
- Ian Fette (Thursday, 10 January)
- Mike Beltzner (Thursday, 10 January)
- michael.mccormick@wellsfargo.com (Thursday, 10 January)
- Ian Fette (Thursday, 10 January)
- Anil Saldhana (Thursday, 10 January)
- michael.mccormick@wellsfargo.com (Thursday, 10 January)
- Timothy Hahn (Thursday, 10 January)
- Johnathan Nightingale (Thursday, 10 January)
- Mary Ellen Zurko (Thursday, 10 January)
ISSUE-127: Safe Form Bar: Separate MITM handling? [Techniques]
- Close, Tyler J. (Tuesday, 8 January)
- Mary Ellen Zurko (Tuesday, 8 January)
- Ian Fette (Monday, 7 January)
- Close, Tyler J. (Monday, 7 January)
- Ian Fette (Monday, 7 January)
- Mary Ellen Zurko (Monday, 7 January)
- Close, Tyler J. (Monday, 7 January)
- Mary Ellen Zurko (Friday, 4 January)
ISSUE-131 (Code outside browser): Executing code outside of browser in 8.3.2.3 is vague / scary [All]
ISSUE-142: Page Security Score does not yet have enough content behind it [wsc-xit]
ISSUE-146: 7.1 to reference where xit talks about how identity is presented [wsc-xit]
ISSUE-147: Descriptions of certificate matching rules in SWFE need explanations somewhere [wsc-xit]
ISSUE-148: Downgrade ability to update an organization's name and address to SHOULD [wsc-xit]
ISSUE-149: Condense 7.2 to its first normative directive only [wsc-xit]
ISSUE-150: Abstract how user navigates to a site for establishing a new relationship
ISSUE-151: Make "similar" clearer (in choosing petnames) [wsc-xit]
ISSUE-152: Clarify the point of "distinguishing" between static and other text in messages [wsc-xit]
ISSUE-153: Tie SWFE to secondary SCI [wsc-xit]
ISSUE-154: Provide unique labels for each message and use them consistently as references [wsc-xit]
ISSUE-155: Remove references to contacts option [wsc-xit]
ISSUE-156: Tighten and abstract seleting the text string [wsc-xit]
ISSUE-157: Masking only MUST for passwords [wsc-xit]
ISSUE-158: Abstracting and tightening editing of stored history [wsc-xit]
ISSUE-159: Merge 7.8 into 8.2 [wsc-xit]
ISSUE-160: Remove section 7.9 [wsc-xit]
ISSUE-161: Be clearer about security indicator images [wsc-xit]
ISSUE-162: Recognize there are other forms of network security [wsc-xit]
ISSUE-163: Make (sure) 9.4 is internally consistent [wsc-xit]
ISSUE-164: SSC != CoSL [wsc-xit]
ISSUE-165: Allow for (non default) configuration of notification of first time TLS interaction with a site [wsc-xit]
ISSUE-166: Consider dropping section 5.2 in favour of "standard" matching algo, if appropriate.
ISSUE-167: Should Section 5.3.1 specify normative details for a theoretical technology?
ISSUE-168: Section 5.5.2 might be over-restrictive, especially on first-visit-redirect [wsc-xit]
ISSUE-169: Section 5.5.3 creates a burden on browsers to remember past certificates
ISSUE-170: 6.3 Seems more like extension/experimentation than standardization [wsc-xit]
ISSUE-171: 7.8 Is unclear about data retention requirements [wsc-xit]
ISSUE-172: 7.9 Normative text assumes a service we don't otherwise mention or expect to exist [wsc-xit]
ISSUE-173: 8.1.1 Requires user testing for the purposes of conformance [wsc-xit]
ISSUE-174 (5.4 wsc-xit comments): review wsc-xit - general comments section 5.4 (public comment) [wsc-xit]
ISSUE-175 (wsc-xit comment section 6.5): general comment section 6.5 table and bullet list (public comment) [wsc-xit]
ISSUE-176 (wsc-xit comment section 6.5 tls/ssl): general comment section 6.5 tls/ssl processing (public comment) [wsc-xit]
ISSUE-177 (wsc-xit comment section 6.5 tls/ssl pt2): general comment section 6.5 tls/ssl pt2 (public comment) [wsc-xit]
ISSUE-178 (wsc-xit comment section 10.2.2): general comment section 10.2.2 conceptual model (public comment) [wsc-xit]
ISSUE-179 (wsc-xit comment section 10.2.3): general comment section 10.2.3 (public comment) [wsc-xit]
ISSUE-180 (wsc-xit spelling mistakes ): wsc-xit spelling mistakes (public comment) [wsc-xit]
ISSUE-181: Should there be an authoring practice suggesting http/https URI space consistency [wsc-xit]
May f2f plans - query on joint meeting with CABForum
meeting conflict - only available for first 1/2 hour
Meeting record: WSC WG weekly 2007-12-19
Meeting record: WSC WG weekly 2008-01-09
Meeting record: WSC WG weekly 2008-01-16
Open Issues added to xit
Please review ACTION-367 results
Regrets for Jan-30 call
TLS/SSL robustness - high, medium, low
Troubles with KCM
usecases comments Re: Comments on draft documents posted to the WSC wiki
weekly call on 30 January
WSC Open Action Items
WSC WG distributed meeting, Wednesday, 2008-01-16
wsc-usecases comments Re: Comments on draft documents posted to the WSC wiki
wsc-xit next steps
WSC-XIT review
ยป Even SSL Gmail can get sidejacked | Zero Day | ZDNet.com
Last message date: Thursday, 31 January 2008 17:10:44 UTC