FW: MashSSL XG Final Report published; XG closed from Bajaj, Siddharth on 2010-07-30 (public-xg-mashssl@w3.org from July 2010)

From: Bajaj, Siddharth <SBajaj@verisign.com>
Date: Fri, 30 Jul 2010 13:02:51 -0700
To: <public-xg-mashssl@w3.org>
Cc: "Bajaj, Siddharth" <SBajaj@verisign.com>
Message-ID: <F4E86EE3B25D5B4686A74658EB3593E1016D7BBF@mou1wnexmb03.vcorp.ad.vrsn.com>

Hi All,

The MashSSL XGR was published yesterday. With this we have successfully
delivered on the commitments identified in the XG charter. 

I want to thank all of you for your participation and contribution to
the XG. 

It would be good to see this work being adopted to address real-world
scenarios. At the very least, would be great if all of us can do our
part and spread the word. Also, if you have any other thoughts on this
topic, you can use this DL - it will remain active. 

We will also work with W3C and try to identify next steps to take this
work along a more formal standards track.

Regards,

Siddharth


-----Original Message-----
From: w3c-ac-forum-request@w3.org [mailto:w3c-ac-forum-request@w3.org]
On Behalf Of Ian Jacobs
Sent: Thursday, July 29, 2010 9:27 AM
To: W3C Members
Subject: MashSSL XG Final Report published; XG closed

Dear Advisory Committee Representative,

I'm pleased to announce publication of:

  MashSSL XG Final Report
  http://www.w3.org/2005/Incubator/MashSSL/XGR-MashSSL-20100727/

The Incubator Group researched and validated the premise that the  
pattern of two web services communicating through a potentially  
untrusted user (or untrusted browser) was an extremely common  
'pattern', whose prevalence is only likely to increase as mashups  
become a dominant web application architecture. How do the two web  
services mutually authenticate and establish a trusted path through an  
adversary? More critically, how do we achieve this without creating a  
brand new trust protocol and infrastructure?

Using the cryptographic innovation of a "friend in the middle", the  
incubator group created a protocol that uses the widely used and  
trusted SSL protocol as starting point. The resulting protocol,  
MashSSL, in addition to inheriting some of SSL's trust properties, can  
leverage the existing SSL certificate infrastructure. The group  
defined MashSSL both for the core motivating three party use case, as  
well as for the two party case, which can someday be used between a  
browser and a server. In addition, the group advanced SSL by defining  
a single REQUEST-RESPONSE handshake method of optimizing the SSL  
abbreviated handshake. Such an optimization is now also being proposed  
in the IETF TLS community.

The protocol outlined in the report is "implementation ready", but  
needs to be further refined and expanded by a potential W3C Working  
Group.

Congratulations to the XG. With this publication, the MashSSL  
Incubator Group is now closed.

For Coralie Mercier, Incubator Activity Lead;
Ian Jacobs, Head of W3C Communications
--
Ian Jacobs (ij@w3.org)    http://www.w3.org/People/Jacobs/
Tel:                                      +1 718 260 9447

Received on Friday, 30 July 2010 20:03:53 UTC