IETF/W3C coordination ()

Peter Saint-Andre | 20 Jul 2011 03:44

Minutes of the W3C/IETF Coordination Call, July 18, 2011

Minutes of the W3C/IETF Coordination Call, July 18, 2011

Attending: Mark Nottingham, Peter Saint-Andre, Pete Resnick, Sean
Turner, Robert Sparks, Gabriel Montenegro, Alissa Cooper, Thomas
Roessler, Brian Raymor, John Klensin, Adrian Bateman

Regrets: Philippe Le Hagaret, Russ Housley, Stephen Farrell

- Action Item Status (for context, see
<http://www.w3.org/mid/4DFB7645.4030301 <at> stpeter.im>)

ACTION: Pete to send notice of RFC3536bis Last Call to the public list,
mailto:public-ietf-w3c <at> w3.org
-- done; document is approved and heading to RFC editor.

ACTION: liaisons on both sides to gather list of current activities /
interests in prep for discussions in Quebec City.

ACTION: Peter to send reminder for feedback about same-origin to
mailto:public-ietf-w3c <at> w3.org
-- WGLC in WEBSEC WG after IETF 81, will send reminder then

ACTION: Mark to follow up on finding a home for John Kemp's work on HTTP
Security.
-- done.

- IETF HYBI / W3C WebSockets API  [ Gabriel / Thomas ]

   - deflate-stream
     - this is a MAY in the spec right now

(Continue reading)

headers

Gabriel Montenegro | 26 Jul 2011 00:52

RE: HTTP, websockets, and redirects

Thanks Adam,

By discussed on some  mailing list, do you mean a *W3C* mailing list? Also, allowing the users to handle these
explicitly implies that the API does not mandate dropping the connection. Currently, the API does not
have this flexibility, nor does it allow other uses of non-101 codes, like for authentication. I
understand the potential risks with redirects in browsers, and I thought at one moment we were going to
augment the security considerations with your help for additional guidance. If websec has already
worked on similar language in some draft that we could reuse that would be great, or, similarly, if we could
work with you on that text.

Thanks,

Gabriel

> -----Original Message-----
> From: Adam Barth [mailto:w3c <at> adambarth.com]
> Sent: Sunday, July 24, 2011 13:35
> To: Thomas Roessler
> Cc: public-ietf-w3c <at> w3.org; WebApps WG; Salvatore Loreto; Gabriel
> Montenegro; Art Barstow; François Daoust; Eric Rescorla; Harald Alvestrand;
> Tobias Gondrom
> Subject: Re: HTTP, websockets, and redirects
> 
> This issue was discussed on some mailing list a while back (I forget which).  The
> consensus seemed to be that redirects are the source of a large number of
> security vulnerabilities in HTTP and we'd like users of the WebSocket API to
> handle them explicitly.
> 
> I'm not sure I understand your question regarding WebRTC, but the general
> answer to that class of questions is that WebRTC relies, in large part, on ICE to

(Continue reading)

Mon	Tue	Wed	Thu	Fri	Sat	Sun

				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

1	June 2013
1	May 2013
2	March 2013
2	February 2013
1	January 2013
4	November 2012
4	October 2012
42	September 2012
14	August 2012
2	July 2012
5	March 2012
1	February 2012
2	January 2012
7	December 2011
5	October 2011
5	August 2011
2	July 2011
5	June 2011
1	April 2011
4	March 2011
7	February 2011
3	December 2010
1	November 2010
3	September 2010
13	August 2010
1	July 2010
6	June 2010
9	May 2010
7	April 2010
7	March 2010
4	February 2010
5	January 2010
1	December 2009
4	November 2009
13	October 2009
4	September 2009
6	July 2009
3	June 2009
1	May 2009
5	April 2009
15	March 2009
2	February 2009
10	January 2009
2	October 2008
7	August 2008
1	May 2008