The problems are not necessarily caused by any specific spec on its own. Many Web security issues occur because the components are developed in isolation and people really don't have a good model for how they behave as a group. The IETF needs to be involved in this work. Quite how that happens is another matter. One of the weaknesses of the IETF way of doing things is that there is no clear mechanism for performing maintenance. On Wed, Jul 14, 2010 at 11:33 AM, Cullen Jennings <fluffy@xxxxxxxxx> wrote: > > On Jul 13, 2010, at 22:26 , Iljitsch van Beijnum wrote: > >> On 13 jul 2010, at 18:49, Peter Saint-Andre wrote: >> >>> fun technologies like AJAX but also opens up the possibility for >>> new attacks (cross-site scripting, cross-site request forgery, >>> malvertising, clickjacking, and all the rest). >> >> Isn't this W3C stuff? > > It's important stuff - if they are not making progress on it, some SDO with people that have skill and expertise in this area should do work on it. A BOF is a great way to find out if we have people with the expertise and the interest to do work. My gut feeling is that we probably do. > > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > -- Website: http://hallambaker.com/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf