SecurityEngineering/MeetingNotes/03-01-12

03/01/2012

Standing agenda

• Review currently active (P1) features against their established milestones, identify any blockers - https://wiki.mozilla.org/Security/Roadmap + https://wiki.mozilla.org/Privacy/Roadmap
• Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
• Suggest additions or changes to roadmaps
• Detailed discussion of features or outstanding issues as time permits

UI-UX https://wiki.mozilla.org/SecurityUI-UX

• Upcoming events, OOO/travel, etc.
  • Sid is in DC (for an IAPP privacy summit) Tuesday-Friday (6-9 March)
  • Tanvi Cansecwest (Tuesday - Saturday, March 6-10)
  • Lucas out Tues-Mon

Additional Topics

• CA/B Forum - Certificate Authority & Browser Forum

Paypal presented a suggestion for replacing it for a real standards body. After hearing Paypals proposal, going to form a working group to reform the forum. And propose changes, adopt them, etc and hopefully get public involvement. http://cabforum.org/org_announcement.html

• RSA - the conference, not the cryptosystem

Panel - Revocation for SSL certificates

• Summer of Code.
  Background: Google gives a stipend per student and $500 for organization for the overhead. Selection of organizations is starting very soon. And then you select the projects. Vetted by Googles. March 9th deadline.
  Ideas:
  • Tor support features
  • CSP the web - User supplied CSP.

Timeline:http://www.google-melange.com/document/show/gsoc_program/google/gsoc2012/faqs#timeline Contacts : gerv or chofmann

• Chrome Default CSP Policy for Extensions
  • http://blog.chromium.org/2012/02/more-secure-extensions-by-default.html

Public meetings

• with published public notes
• x342
• starting 3/15/2012