SecurityEngineering/MeetingNotes/09-20-12

From MozillaWiki
Jump to: navigation, search

Standing Agenda

  • Q3 Goals Recap -
    • Implement security model for basecamp
    • Achieve go / no-go for Firefox sandboxing
    • Land "final" Click to Play experience (address correctness and UX)
    • Ship CSP compliant with W3C 1.0 spec (also helps B2G)
    • Lead security/privacy dev community event or workshop
  • Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
  • Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
  • Suggest additions or changes to roadmaps
  • Detailed discussion of features or outstanding issues as time permits
  • Additional Items
  • Upcoming events, OOO/travel, etc.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/09-05-12

Goals

  • [ON TRACK] Security Model for basecamp
  • [DONE] Sandboxing
    • we have a plan (Windows 8 metro) and buy into this plan from Asa
  • [AT RISK] C2P user experience is on track
  • [AT RISK] CSP 1.0 compliance
    • inline styles being discussed on mailing list, spec needs clarification
    • initial round of patches are done, waiting on sid to take a look
    • big issues are : deprecation plan for old header, localization, and warning text
  • [DROPPED] community event or workshop

Roadmap

  • Mixed Content -
    • Part 1 landed - bug 62178. Caused regression bug 792101. Debugging.
  • per site 3rd party cookies - backend landed, front end needs review
  • CA Pinning, NSS prereq patch targeting nss 3.14 next tuesday.
    • YAY!
  • HSTS Preload List
    • Whatever happened with the knockouts and the hole punches?
    • We only put a site on the list if they have set a header with a max-age > 18 weeks + Are on the google list (showing that they have talked to someone / opt'ed into the list)
    • The change to the script that 1processes google's list has been written and is pending review

Contextual Identity wiki

https://wiki.mozilla.org/Security/Contextual_Identity_Project https://docs.google.com/presentation/d/1qhzkAOuhoeOEieYce9uN7FvRCvpRIrXlPEiLnegZdSk/edit

Meeting Announcements

  • need a volunteer to send out the meeting announcement for the next few meetings !
  • mmc has volunteered, thank you ! :D

L33T Brown Bag

  • What is the topic? Completed Roadmap items & P1 Roadmap Items / Roadmap Items that are being actively worked on.
  • Tuesday, November 13th Lunch.
  • Tanvi to file a bug for it.

2013 Roadmap

  • Be on the lookout for discussions on a 2013 Roadmap. We should be involved if possible.

DOMCrypt API mention

  • See bug