On 7/13/10 3:26 PM, Iljitsch van Beijnum wrote: > On 13 jul 2010, at 18:49, Peter Saint-Andre wrote: > >> fun technologies like AJAX but also opens up the possibility for >> new attacks (cross-site scripting, cross-site request forgery, >> malvertising, clickjacking, and all the rest). > > Isn't this W3C stuff? Good question. We've had discussions about that with folks from the W3C and there's broad agreement that we'll divide up the work by having the IETF focus on topics that are more closely related to HTTP (e.g., new headers) and by having the W3C focus on topics that are more closely related to HTML and web browsers (e.g., Mozilla's Content Security Policy and the W3C's "Web Security Context: User Interface Guidelines" document). But the exact dividing line for that division of labor is a good issue for discussion at the HASMAT BoF. Peter -- Peter Saint-Andre https://stpeter.im/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf