< draft-tschofenig-secure-the-web-02.txt   draft-tschofenig-secure-the-web-03.txt >
Network Working Group H. Tschofenig Network Working Group H. Tschofenig
Internet-Draft Nokia Siemens Networks Internet-Draft Nokia Siemens Networks
Intended status: Informational S. Turner Intended status: Informational S. Turner
Expires: January 16, 2013 IECA, Inc. Expires: January 17, 2013 IECA, Inc.
S. Farrell
Trinity College Dublin
M. Hanson M. Hanson
Mozilla Mozilla
July 15, 2012 July 16, 2012
An Inquiry into the Nature and the Causes of Web Insecurity An Inquiry into the Nature and the Causes of Web Insecurity
draft-tschofenig-secure-the-web-02.txt draft-tschofenig-secure-the-web-03.txt
Abstract Abstract
The year 2011 has been quite exciting from a Web security point of The year 2011 has been quite exciting from a Web security point of
view: a number of high-profile security incidents have gotten a lot view: a number of high-profile security incidents have gotten a lot
of press attention but also new initiatives, such as the National of press attention but also new initiatives, such as the National
Strategy for Trusted Identities in Cyberspace (NSTIC), had been Strategy for Trusted Identities in Cyberspace (NSTIC), had been
launched to improve the Web identity eco-system. The NSTIC strategy launched to improve the Web identity eco-system. The NSTIC strategy
paper, for example, observes problems with Internet security due to paper, for example, observes problems with Internet security due to
the widespread usage of low-entropy passwords and the lack of widely the widespread usage of low-entropy passwords and the lack of widely
skipping to change at page 1, line 45 skipping to change at page 1, line 43
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 16, 2013. This Internet-Draft will expire on January 17, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 17, line 34 skipping to change at page 17, line 34
[RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265, [RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265,
April 2011. April 2011.
[RFC2965] Kristol, D. and L. Montulli, "HTTP State Management [RFC2965] Kristol, D. and L. Montulli, "HTTP State Management
Mechanism", RFC 2965, October 2000. Mechanism", RFC 2965, October 2000.
9.2. Informative References 9.2. Informative References
[I-D.ietf-oauth-v2] [I-D.ietf-oauth-v2]
Hardt, D. and D. Recordon, "The OAuth 2.0 Authorization Hardt, D. and D. Recordon, "The OAuth 2.0 Authorization
Framework", draft-ietf-oauth-v2-29 (work in progress), Framework", draft-ietf-oauth-v2-30 (work in progress),
July 2012. July 2012.
[RFC5849] Hammer-Lahav, E., "The OAuth 1.0 Protocol", RFC 5849, [RFC5849] Hammer-Lahav, E., "The OAuth 1.0 Protocol", RFC 5849,
April 2010. April 2010.
[I-D.ietf-websec-origin] [I-D.ietf-websec-origin]
Barth, A., "The Web Origin Concept", Barth, A., "The Web Origin Concept",
draft-ietf-websec-origin-06 (work in progress), draft-ietf-websec-origin-06 (work in progress),
October 2011. October 2011.
skipping to change at page 19, line 26 skipping to change at page 19, line 26
Sean Turner Sean Turner
IECA, Inc. IECA, Inc.
3057 Nutley Street, Suite 106 3057 Nutley Street, Suite 106
Fairfax, VA 22031 Fairfax, VA 22031
USA USA
Phone: Phone:
Email: turners@ieca.com Email: turners@ieca.com
Stephen Farrell
Trinity College Dublin
Dublin, 2
Ireland
Phone: +353-1-896-2354
Email: stephen.farrell@cs.tcd.ie
Mike Hanson Mike Hanson
Mozilla Mozilla
Phone: Phone:
Email: mhanson@mozilla.com Email: mhanson@mozilla.com
 End of changes. 6 change blocks. 
15 lines changed or deleted 5 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/