%% You should probably cite draft-tschofenig-secure-the-web-04 instead of this revision. @techreport{tschofenig-secure-the-web-03, number = {draft-tschofenig-secure-the-web-03}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-tschofenig-secure-the-web/03/}, author = {Hannes Tschofenig and Sean Turner and Mike Hanson}, title = {{An Inquiry into the Nature and the Causes of Web Insecurity}}, pagetotal = 19, year = 2012, month = jul, day = 16, abstract = {The year 2011 has been quite exciting from a Web security point of view: a number of high-profile security incidents have gotten a lot of press attention but also new initiatives, such as the National Strategy for Trusted Identities in Cyberspace (NSTIC), had been launched to improve the Web identity eco-system. The NSTIC strategy paper, for example, observes problems with Internet security due to the widespread usage of low-entropy passwords and the lack of widely deployed authentication and attribute assurance services. With this memorandum we try to develop a shared vision for how to deal with the most pressing Web security problems.}, }