On 7/13/10 3:26 PM, Iljitsch van Beijnum wrote:
On 13 jul 2010, at 18:49, Peter Saint-Andre wrote:
fun technologies like AJAX but also opens up the possibility for
new attacks (cross-site scripting, cross-site request forgery,
malvertising, clickjacking, and all the rest).
Isn't this W3C stuff?
Good question. We've had discussions about that with folks from the W3C
and there's broad agreement that we'll divide up the work by having the
IETF focus on topics that are more closely related to HTTP (e.g., new
headers) and by having the W3C focus on topics that are more closely
related to HTML and web browsers (e.g., Mozilla's Content Security
Policy and the W3C's "Web Security Context: User Interface Guidelines"
document).
But the exact dividing line for that division of labor is a good issue
for discussion at the HASMAT BoF.
Peter
--
Peter Saint-Andre
https://stpeter.im/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf