Hi, IETF Secretariat <ietf-secretariat@xxxxxxxx> writes: > A new IETF non-working group email list has been created. > > List address: unbearable@xxxxxxxx > Archive: http://www.ietf.org/mail-archive/web/unbearable/ > To subscribe: https://www.ietf.org/mailman/listinfo/unbearable > > Purpose: > > This list is for discussion of proposals for doing better than bearer > tokens (e.g. HTTP cookies, OAuth tokens etc.) for web > applications. The specific goal is chartering a WG focused on > preventing security token export and replay attacks. The OAUTH Working Group is already (and has been for a while!) looking into "holder of key" protocols to improve upon Bearer Tokens. I would suggest that this work happen there instead of creating a whole new group for it. -derek > For additional information, please contact the list administrators. -- Derek Atkins 617-623-3745 derek@xxxxxxxxx www.ihtfp.com Computer and Internet Security Consultant