<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
span.EmailStyle18
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:"Courier New";}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:28579601;
        mso-list-type:hybrid;
        mso-list-template-ids:841373878 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:45.0pt;
        text-indent:-18.0pt;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:81.0pt;
        text-indent:-18.0pt;}
@list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        margin-left:117.0pt;
        text-indent:-9.0pt;}
@list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:153.0pt;
        text-indent:-18.0pt;}
@list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:189.0pt;
        text-indent:-18.0pt;}
@list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        margin-left:225.0pt;
        text-indent:-9.0pt;}
@list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:261.0pt;
        text-indent:-18.0pt;}
@list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:297.0pt;
        text-indent:-18.0pt;}
@list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        margin-left:333.0pt;
        text-indent:-9.0pt;}
@list l1
        {mso-list-id:524828129;
        mso-list-type:hybrid;
        mso-list-template-ids:1010098160 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l1:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l1:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l1:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l1:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l1:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l1:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l1:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l1:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l2
        {mso-list-id:845097358;
        mso-list-type:hybrid;
        mso-list-template-ids:-646421752 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l2:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l2:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l2:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l2:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l2:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l2:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l2:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l2:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l3
        {mso-list-id:1710716281;
        mso-list-type:hybrid;
        mso-list-template-ids:1493842418 67698703 67698689 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l3:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l3:level2
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l3:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l3:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l3:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l3:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l3:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l3:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l3:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l4
        {mso-list-id:1778209653;
        mso-list-type:hybrid;
        mso-list-template-ids:-345471772 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l4:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l4:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l4:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l4:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l4:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l4:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l4:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l4:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l4:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
ol
        {margin-bottom:0cm;}
ul
        {margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Since you are all very quiet, I understand that WAFEC 2 will solve my pain and needs only </span><span style='font-family:Wingdings;color:#1F497D'>J</span><span style='color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>To that end, let me start with summarizing issues raised in the previous discussions on the mailing list (which I actually went and read…).<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>No specific order intended. This is what you wrote, though I must say I think it captures well the issues I am aware of and that generally speaking I agree with most.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l3 level1 lfo4'><![if !supportLists]><span style='color:#1F497D'><span style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'>       </span></span></span><![endif]><span dir=LTR></span><b><u><span style='color:#1F497D'>Remove non WAF related criteria</span></u></b><span style='color:#1F497D'> for example around application delivery. <o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo4'><![if !supportLists]><span style='font-family:Symbol;color:#1F497D'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>         </span></span></span><![endif]><span dir=LTR></span><span style='color:#1F497D'>While integrating a WAF with other solutions is compelling to the client, it is not directly about WAFs and is also unbounded. This does present the challenge deciding what is relevant to a WAF in border cases such as an SSO functionality <o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l3 level1 lfo4'><![if !supportLists]><span style='color:#1F497D'><span style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'>       </span></span></span><![endif]><span dir=LTR></span><b><u><span style='color:#1F497D'>Update the list of threats covered</span></u></b><span style='color:#1F497D'><o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l3 level1 lfo4'><![if !supportLists]><span style='color:#1F497D'><span style='mso-list:Ignore'>3.<span style='font:7.0pt "Times New Roman"'>       </span></span></span><![endif]><span dir=LTR></span><b><u><span style='color:#1F497D'>Focus on customer use cases rather than how a WAF operates</span></u></b><span style='color:#1F497D'><o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo4'><![if !supportLists]><span style='font-family:Symbol;color:#1F497D'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>         </span></span></span><![endif]><span dir=LTR></span><span style='color:#1F497D'>I think there was some hidden controversy here as I read opinions to focus on “technical” which I take to be opposite. I personally very much agree with this comment. <o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l3 level1 lfo4'><![if !supportLists]><span style='color:#1F497D'><span style='mso-list:Ignore'>4.<span style='font:7.0pt "Times New Roman"'>       </span></span></span><![endif]><span dir=LTR></span><b><u><span style='color:#1F497D'>Not just a laundry list</span></u></b><span style='color:#1F497D'> – <o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo4'><![if !supportLists]><span style='font-family:Symbol;color:#1F497D'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>         </span></span></span><![endif]><span dir=LTR></span><span style='color:#1F497D'>Classify the importance of requirements. I believe that a minimal approach specifying several levels, for example: “mandatory”, “important”, “nice to have” and “site specific”.<o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo4'><![if !supportLists]><span style='font-family:Symbol;color:#1F497D'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>         </span></span></span><![endif]><span dir=LTR></span><span style='color:#1F497D'>Another complementing idea is to classify requirements as “security”/”functionality”/”performance” etc. letting the user determine if he prefers security over functionality etc.<o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo4'><![if !supportLists]><span style='font-family:Symbol;color:#1F497D'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>         </span></span></span><![endif]><span dir=LTR></span><span style='color:#1F497D'>This would also provide the minimum requirements for a solution to be a WAF – the “mandatory” requirements.<o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo4'><![if !supportLists]><span style='font-family:Symbol;color:#1F497D'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>         </span></span></span><![endif]><span dir=LTR></span><span style='color:#1F497D'>Regarding site specific requirements, it should be easy to the user to determine his own requirements, for example using a decision tree.<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l3 level1 lfo4'><![if !supportLists]><b><span style='color:#1F497D'><span style='mso-list:Ignore'>5.<span style='font:7.0pt "Times New Roman"'>       </span></span></span></b><![endif]><span dir=LTR></span><b><u><span style='color:#1F497D'>The “ethical” questions:<o:p></o:p></span></u></b></p><p class=MsoListParagraph style='margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo4'><![if !supportLists]><span style='font-family:Symbol;color:#1F497D'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>         </span></span></span><![endif]><span dir=LTR></span><span style='color:#1F497D'>How to address alternative solutions such as fixing the code?<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l3 level1 lfo4'><![if !supportLists]><span style='color:#1F497D'><span style='mso-list:Ignore'>6.<span style='font:7.0pt "Times New Roman"'>       </span></span></span><![endif]><span dir=LTR></span><b><u><span style='color:#1F497D'>Outreach</span></u></b><span style='color:#1F497D'> – beyond the document<o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo4'><![if !supportLists]><span style='font-family:Symbol;color:#1F497D'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>         </span></span></span><![endif]><span dir=LTR></span><span style='color:#1F497D'>Approaching NSS, ICSA and the likes to use WAFEC<o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo4'><![if !supportLists]><span style='font-family:Symbol;color:#1F497D'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>         </span></span></span><![endif]><span dir=LTR></span><span style='color:#1F497D'>Release process, PR etc.<o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo4'><![if !supportLists]><span style='font-family:Symbol;color:#1F497D'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>         </span></span></span><![endif]><span dir=LTR></span><span style='color:#1F497D'>Managing a list of public references to WAFEC<o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo4'><![if !supportLists]><span style='font-family:Symbol;color:#1F497D'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>         </span></span></span><![endif]><span dir=LTR></span><span style='color:#1F497D'>Promote actual evaluations data sharing - No more spreadsheets.<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l3 level1 lfo4'><![if !supportLists]><span style='color:#1F497D'><span style='mso-list:Ignore'>7.<span style='font:7.0pt "Times New Roman"'>       </span></span></span><![endif]><span dir=LTR></span><span style='color:#1F497D'>Specific notes on V1, I have collected for further work.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>A major question raised with opinions on both sides was a re-write vs. an update. I do think that understanding the requirements should direct that. Some issues raised which directly relate to that are:<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l4 level1 lfo6'><![if !supportLists]><span style='color:#1F497D'><span style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'>       </span></span></span><![endif]><span dir=LTR></span><span style='color:#1F497D'>Is the order of sections correct?<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l4 level1 lfo6'><![if !supportLists]><span style='color:#1F497D'><span style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'>       </span></span></span><![endif]><span dir=LTR></span><span style='color:#1F497D'>Incorporating the German OWASP chapter work on the same subject: </span><span style='color:black'><a href="http://www.owasp.org/index.php/Best_Practices:_Web_Application_Firewalls">http://www.owasp.org/index.php/Best_Practices:_Web_Application_Firewalls</a></span><span style='color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='color:#1F497D'>~ Ofer<o:p></o:p></span></p></div><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Ofer Shezaf [mailto:ofer@shezaf.com] <br><b>Sent:</b> Thursday, May 31, 2012 1:45 PM<br><b>To:</b> wasc-wafec@lists.webappsec.org<br><b>Subject:</b> WAFEC 2.0 phase 1: exploratory discussion (deadline: June 14th)<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thanks to all who volunteered to contribute to this project going forward (and those who didn’t – you still can!)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I would like to boot up the project with a short exploratory phase identifying why we need a new release and therefore what we need in it.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>To guide the discussion, I think that the reasons we need v2 fall into two categories:<o:p></o:p></p><p class=MsoNormal style='margin-left:45.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo2;vertical-align:middle'><![if !supportLists]><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><span style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'>      </span></span></span><![endif]><span dir=LTR></span>Things that have changed - new (or obsolete) deployment modes, techniques, attacks, or even something new altogether.<span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:45.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo2;vertical-align:middle'><![if !supportLists]><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><span style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'>      </span></span></span><![endif]><span dir=LTR></span>Issues we discovered in WAFEC over the years. Some issues I encountered are identifying specific requirements and sorting out what’s important and what’s not.<span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p></o:p></span></p><p class=MsoNormal style='vertical-align:middle'><o:p> </o:p></p><p class=MsoNormal style='vertical-align:middle'>From this discussion I hope to derive a mission statement, a tasks list and therefore a schedule for the V2 project. All those will be the next phase. <o:p></o:p></p><p class=MsoNormal style='vertical-align:middle'><o:p> </o:p></p><p class=MsoNormal style='vertical-align:middle'><b>I would give this phase two weeks (until June 14<sup>th</sup>), however I am on vacation from the 9<sup>th</sup>, so would accept input but not join the discussion on the last few days.<o:p></o:p></b></p><p class=MsoNormal style='vertical-align:middle'><b><o:p> </o:p></b></p><p class=MsoNormal style='vertical-align:middle'>I would also want to thank Thorsten and Mirko for leading the project until now. I do hope that I will get from you all more cooperation than they did! I would also want to extend a personal apology to Thorsten and Mirko as the leader switch was not well coordinated. Thorsten and I discussed this over the last week and he gracefully agreed to let me give a try to leading this project forward.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thank you all!<o:p></o:p></p><p class=MsoNormal>~ Ofer<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Ofer Shezaf<o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt'>[+972-54-4431119; <a href="mailto:ofer@shezaf.com">ofer@shezaf.com</a>, <a href="http://www.shezaf.com">www.shezaf.com</a>]<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>