- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 23 May 2007 22:01:40 +0200
- To: WSC WG <public-wsc-wg@w3.org>
The minutes from last week's meeting were accepted.
http://www.w3.org/2007/05/16-wsc-minutes
A text version is included.
--
Thomas Roessler, W3C <tlr@w3.org>
[1]W3C
WSC WG weekly
16 May 2007
[2]Agenda
See also: [3]IRC log
Attendees
Present
Shawn, Thomas, Johnath, jvkrey, asaldhan, yngve, ses, Hal_Lockhart,
Tyler, PHB, rachna, Bill_Doyle, johnath, Audian
Regrets
MEZ, Maritza, Chuck, MichaelMcC, beltzner, DanSchutzer, SergeEgelman,
PaulHill
Chair
tlr
Scribe
yngve
Contents
* [4]Topics
1. [5]administrivia
2. [6]approve last meeting's minutes,
http://www.w3.org/2007/05/02-wsc-minutes
3. [7]Action item closures, ACTION-185, ACTION-186, ACTION-168
4. [8]Review recommendation template and state of adoption
http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/Reco
Templ
5. [9]Face-to-face planning
6. [10]IdentitySignal http://www.w3.org/2006/WSC/wiki/IdentitySignal
7. [11]Following up on DNSSEC indicator discussion
http://lists.w3.org/Archives/Public/public-wsc-wg/2007Apr/0354.html
8. [12]Rachna's proposal, if any (ACTION-213)
9. [13]RobustSecurityIndicators
http://www.w3.org/2006/WSC/wiki/RobustSecurityIndicators
10. [14]Secure Letterhead
* [15]Summary of Action Items
_________________________________________________________________
administrivia
<tlr> ScribeNick: yngve
<ses> Advance regrets for next meeting --- it's during IEEE Security and
Privacy (Oakland)
approve last meeting's minutes, [16]http://www.w3.org/2007/05/02-wsc-minutes
tlr: minutes accepted
Action item closures, ACTION-185, ACTION-186, ACTION-168
diffmk highlights changes ?
tlr: yes
<tlr> ACTION-185, ACTION-186, ACTION-168 to be closed
Review recommendation template and state of adoption
[17]http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/RecoTempl
tyler: two people looked at it.
... yngve has worked with the template
<tlr> RecRevisitingPastDecisions
<tlr>
[18]http://lists.w3.org/Archives/Public/public-wsc-wg/2007May/0023.html
<rachna> I have a question about the template content.
rachna: should template include attacks?
tyler: need list of attacks
rachna: have a list of attacks in mind
tlr: updated threath tree
rachna: will put list on wiki
<ses> (I wouldn't be so sure that all threats in Rachna's mind are on the
tree. The tree definitely has missing branches)
<tlr> [19]http://www.w3.org/2006/WSC/wiki/ThreatTrees
rachna: example threat is spoofing
<bill-d> yes
bill-d: we have an info-sec group internally
<tlr> ACTION: doyle to solicit commentary on Thread Trees from MITRE INFOSEC
community - due 2007-06-15 [recorded in
[20]http://www.w3.org/2007/05/16-wsc-minutes.html#action01]
<trackbot> Created ACTION-214 - solicit commentary on Thread Trees from
MITRE INFOSEC community [on Bill Doyle - due 2007-06-15].
<tlr> due date on ACTION-214 tentative; action dependent on ACTION-215
<tlr> ACTION: rdhamija2 to revisit threat trees, match to her list of
attacks, make explicit, turn into note material [recorded in
[21]http://www.w3.org/2007/05/16-wsc-minutes.html#action03]
<trackbot> Created ACTION-215 - to revisit threat trees, match to her list
of attacks, make explicit, turn into note material [on Rachna Dhamija - due
2007-05-23].
tlr: what do tyler think about adding attacks
tyler: will not hurt
<tlr> proposed: use cases and attacks that are addressed go into the
template; attacks not addressed listed as limitations
<tlr> ACTION: tyler to update template accordingly [recorded in
[22]http://www.w3.org/2007/05/16-wsc-minutes.html#action04]
<trackbot> Created ACTION-216 - Update template accordingly [on Tyler Close
- due 2007-05-23].
tlr: uncertain about timeline moving all recommendations into template
tyler: completion will probably be delayed
... will look at yngve's submission
<tlr> agendum for next meeting: check in on status of editing for
recommendation
<rachna> can you explain what conformance clause means? Sorry I missed it.
<tlr> tlr: conformance clause is the thing that you comply with or not
<tlr> ... abstract away from concrete user interfaces ...
<tlr> ... augment with implementation techniques ...
<tlr> phb: haven't given lightning talk on Secure Letterhead, yet, might
have been confused with EV
<tlr> tlr: phb, please put it into the Wiki under "to be discussed"
<tlr> ACTION: hallam-baker to enter Secure Letterhead proposal into Wiki;
link from "to be discussed" [recorded in
[23]http://www.w3.org/2007/05/16-wsc-minutes.html#action05]
<trackbot> Created ACTION-217 - Enter Secure Letterhead proposal into Wiki;
link from \"to be discussed\" [on Phillip Hallam-Baker - due 2007-05-23].
<tlr> ACTION: thomas to start e-mail thread on conformance sections
[recorded in [24]http://www.w3.org/2007/05/16-wsc-minutes.html#action06]
<trackbot> Created ACTION-218 - Start e-mail thread on conformance sections
[on Thomas Roessler - due 2007-05-23].
Face-to-face planning
tlr: f2f in two weeks
<tlr>
[25]http://lists.w3.org/Archives/Public/public-wsc-wg/2007May/0050.html
tlr: planned discussion about QA, testing etc.
... what are our remaining steps about notes
... missing agenda: how are we going to update note
<tlr> deadline for update of note is 2 June
tyler: lots of w3c process that must be discussed
tlr: may do updated draft without approval
... what should be discussed before f2f, and what can be discussed at f2f?
tyler : should check own action items [scribe's understanding: all members]
<sduffy> tyler, I will be available to help close those out as soon as you
and I catch up offline
scribe: may put what is declared as having concesus into draft
<tlr> agendum for next call: updated working draft of Note, to be done
before 2 June
scribe: suggest roll call of open actions items against draft next phone
meeting
<tlr> tyler will lead agendum 11 (note issues discussion) at face-to-face
tlr: no further comments about f2f agenda
<asaldhan> tlr: f2f can be attended by phone?
tlr: f2f can be attended by phone
IdentitySignal [26]http://www.w3.org/2006/WSC/wiki/IdentitySignal
johnath: broken padock
... padlock mixes signals, used to deduce trust [even if it is not designed
for it]
... MS moving to green bar
... need an indicator in primary UI for verifiable identity
... safety is slippery concept
... can't [really] tell if it is safe to shop even with EV
tlr: coming close to discussion about selfsigned certs
... problem with second guessing what the user wants
hal: must view in context of other proposals
audian: [identity indicator] have more tech integrity than padlock
... bigger question: does it mean safe to shop?
audian: better than padlock
sduffy: consumer assumes padlock anywhere means its OK
?:user do not think about difference between chrome and content
<asaldhan> I support this signal because it is a functionality of an user
agent and not some web page.
<rachna> An illegitimate site may copy Larry into the content. Users will
have to recognize two Larry's and know about the new ritual to click on the
right one in the address bar. This is something we can test.
<asaldhan> provided the security verification service is somebody credible
bill-d: padlock bundles lots of things
... perhaps break things out of padlock?
<tlr> Larry = the guy checking the passport
johnath: breaking the padlock apart may separate questions about identity,
safe to shop, etc...
<johnath> johnath: we resist this being a new padlock, because it's not
about safety. Spoofing is always a concern, but spoofing an identity
indicator is less valuable because on a legit site, they don't need to, and
a scam site will not benefit as much since there is always an identity
indicator present, unlike the padlock
tlr: is there a notion about type of interactions to get information
... e.g trust ratings
... should be part of a proposal
<johnath> blame the time overrun on my voip issues
audian: like ev cert, but chrome can be spoofed
<rachna> I agree with Audian. Picture in Picture attacks are hard for users
to detect. Trust indicators whether they be identity or security indicators
lend credibility and will always be spoofed. The only improvement here may
be if users learn the new ritual.
johnath: mozilla moving padock, ev might impede some phishing
... green bar not competing with anything in chrome
johnath: identtiy instead of safety will [missed that]
<tlr> ACTION: nightingale to update IdentitySignal to cover discussion on
call, and match RecTemplate [recorded in
[27]http://www.w3.org/2007/05/16-wsc-minutes.html#action08]
<trackbot> Created ACTION-219 - to update IdentitySignal to cover discussion
on call, and match RecTemplate [on Johnathan Nightingale - due 2007-05-23].
Following up on DNSSEC indicator discussion
[28]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Apr/0354.html
<tlr> deferred due to lack of critical parties
Rachna's proposal, if any (ACTION-213)
<rachna> I will need to be bumped as well
<tlr> tlr: bumped to when?
<rachna> sorry. next week is fine
RobustSecurityIndicators
[29]http://www.w3.org/2006/WSC/wiki/RobustSecurityIndicators
<tlr> to be done when MEZ is here
Secure Letterhead
<tlr> to be done next week or later
tlr: meeting adjourned
Summary of Action Items
[NEW] ACTION: doyle to solicit commentary on Thread Trees from MITRE INFOSEC
community - due 2007-06-15 [recorded in
[30]http://www.w3.org/2007/05/16-wsc-minutes.html#action01]
[NEW] ACTION: hallam-baker to enter Secure Letterhead proposal into Wiki;
link from "to be discussed" [recorded in
[31]http://www.w3.org/2007/05/16-wsc-minutes.html#action05]
[NEW] ACTION: nightingale to update IdentitySignal to cover discussion on
call, and match RecTemplate [recorded in
[32]http://www.w3.org/2007/05/16-wsc-minutes.html#action08]
[NEW] ACTION: rdhamija2 to revisit threat trees, match to her list of
attacks, make explicit, turn into note material [recorded in
[33]http://www.w3.org/2007/05/16-wsc-minutes.html#action03]
[NEW] ACTION: thomas to start e-mail thread on conformance sections
[recorded in [34]http://www.w3.org/2007/05/16-wsc-minutes.html#action06]
[NEW] ACTION: tyler to update template accordingly [recorded in
[35]http://www.w3.org/2007/05/16-wsc-minutes.html#action04]
[End of minutes]
_________________________________________________________________
Minutes formatted by David Booth's [36]scribe.perl version 1.128 ([37]CVS
log)
$Date: 2007-05-23$
References
1. http://www.w3.org/
2. http://lists.w3.org/Archives/Public/public-wsc-wg/2007May/0052.html
3. http://www.w3.org/2007/05/16-wsc-irc
4. file://localhost/home/roessler/W3C/WWW/2007/05/16-wsc-minutes.html#agenda
5. file://localhost/home/roessler/W3C/WWW/2007/05/16-wsc-minutes.html#item01
6. file://localhost/home/roessler/W3C/WWW/2007/05/16-wsc-minutes.html#item02
7. file://localhost/home/roessler/W3C/WWW/2007/05/16-wsc-minutes.html#item03
8. file://localhost/home/roessler/W3C/WWW/2007/05/16-wsc-minutes.html#item04
9. file://localhost/home/roessler/W3C/WWW/2007/05/16-wsc-minutes.html#item06
10. file://localhost/home/roessler/W3C/WWW/2007/05/16-wsc-minutes.html#item07
11. file://localhost/home/roessler/W3C/WWW/2007/05/16-wsc-minutes.html#item08
12. file://localhost/home/roessler/W3C/WWW/2007/05/16-wsc-minutes.html#item09
13. file://localhost/home/roessler/W3C/WWW/2007/05/16-wsc-minutes.html#item10
14. file://localhost/home/roessler/W3C/WWW/2007/05/16-wsc-minutes.html#item11
15. file://localhost/home/roessler/W3C/WWW/2007/05/16-wsc-minutes.html#ActionSummary
16. http://www.w3.org/2007/05/02-wsc-minutes
17. http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/RecoTempl
18. http://lists.w3.org/Archives/Public/public-wsc-wg/2007May/0023.html
19. http://www.w3.org/2006/WSC/wiki/ThreatTrees
20. http://www.w3.org/2007/05/16-wsc-minutes.html#action01
21. http://www.w3.org/2007/05/16-wsc-minutes.html#action03
22. http://www.w3.org/2007/05/16-wsc-minutes.html#action04
23. http://www.w3.org/2007/05/16-wsc-minutes.html#action05
24. http://www.w3.org/2007/05/16-wsc-minutes.html#action06
25. http://lists.w3.org/Archives/Public/public-wsc-wg/2007May/0050.html
26. http://www.w3.org/2006/WSC/wiki/IdentitySignal
27. http://www.w3.org/2007/05/16-wsc-minutes.html#action08
28. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Apr/0354.html
29. http://www.w3.org/2006/WSC/wiki/RobustSecurityIndicators
30. http://www.w3.org/2007/05/16-wsc-minutes.html#action01
31. http://www.w3.org/2007/05/16-wsc-minutes.html#action05
32. http://www.w3.org/2007/05/16-wsc-minutes.html#action08
33. http://www.w3.org/2007/05/16-wsc-minutes.html#action03
34. http://www.w3.org/2007/05/16-wsc-minutes.html#action06
35. http://www.w3.org/2007/05/16-wsc-minutes.html#action04
36. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
37. http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 23 May 2007 20:01:52 UTC