The problems are not necessarily caused by any specific spec on its
own. Many Web security issues occur because the components are
developed in isolation and people really don't have a good model for
how they behave as a group.
The IETF needs to be involved in this work. Quite how that happens is
another matter. One of the weaknesses of the IETF way of doing things
is that there is no clear mechanism for performing maintenance.
On Wed, Jul 14, 2010 at 11:33 AM, Cullen Jennings <fluffy(_at_)cisco(_dot_)com>
wrote:
On Jul 13, 2010, at 22:26 , Iljitsch van Beijnum wrote:
On 13 jul 2010, at 18:49, Peter Saint-Andre wrote:
fun technologies like AJAX but also opens up the possibility for
new attacks (cross-site scripting, cross-site request forgery,
malvertising, clickjacking, and all the rest).
Isn't this W3C stuff?
It's important stuff - if they are not making progress on it, some SDO with
people that have skill and expertise in this area should do work on it. A BOF
is a great way to find out if we have people with the expertise and the
interest to do work. My gut feeling is that we probably do.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
--
Website: http://hallambaker.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf