-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just a quick note to clue folks in to some emerging activity on web security, mostly in the form of the HASMAT BoF at IETF 78. The theme here is better application-level security for the "modern" web, which uses fun technologies like AJAX but also opens up the possibility for new attacks (cross-site scripting, cross-site request forgery, malvertising, clickjacking, and all the rest). The proposed charter [0] lays out these issues in greater detail, and three Internet-Drafts [1] [2] [3] are currently being used as input to the conversation. If you go in for video, a relevant talk by BoF co-organizer Jeff Hodges was recorded at the recent Internet Identity Workshop. [4] The BoF organizers will hold an introductory / preparatory conference call tomorrow, July 14, at 16:00 UTC, and all those who are interested in the intersection of security and the web are welcome to participate in this call [5] and in the BoF on Tuesday, July 27, at 13:00 local time in Maastricht. [6] Thanks! Peter [0] http://www.ietf.org/mail-archive/web/hasmat/current/msg00006.html [1] https://datatracker.ietf.org/doc/draft-abarth-origin/ [2] https://datatracker.ietf.org/doc/draft-abarth-mime-sniff/ [3] https://datatracker.ietf.org/doc/draft-hodges-strict-transport-sec/ [4] http://idcoach.blip.tv/file/3650497 [5] http://www.ietf.org/mail-archive/web/hasmat/current/msg00034.html [6] https://datatracker.ietf.org/meeting/78/agenda.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkw8mRAACgkQNL8k5A2w/vzyJwCeOvTYH3RWjIqmVMD27UR1tolf magAn0kT3gCi1urMliqVJs92szGMYEB3 =B/sX -----END PGP SIGNATURE----- _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf