SecurityEngineering/MeetingNotes/09-20-12
From MozillaWiki
Contents
Standing Agenda
- Q3 Goals Recap -
- Implement security model for basecamp
- Achieve go / no-go for Firefox sandboxing
- Land "final" Click to Play experience (address correctness and UX)
- Ship CSP compliant with W3C 1.0 spec (also helps B2G)
- Lead security/privacy dev community event or workshop
- Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
- Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
- Suggest additions or changes to roadmaps
- Detailed discussion of features or outstanding issues as time permits
- Additional Items
- Upcoming events, OOO/travel, etc.
Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/09-05-12
Goals
- [ON TRACK] Security Model for basecamp
- [DONE] Sandboxing
- we have a plan (Windows 8 metro) and buy into this plan from Asa
- [AT RISK] C2P user experience is on track
- [AT RISK] CSP 1.0 compliance
- inline styles being discussed on mailing list, spec needs clarification
- initial round of patches are done, waiting on sid to take a look
- big issues are : deprecation plan for old header, localization, and warning text
- [DROPPED] community event or workshop
Roadmap
- Mixed Content -
- Part 1 landed - bug 62178. Caused regression bug 792101. Debugging.
- per site 3rd party cookies - backend landed, front end needs review
- CA Pinning, NSS prereq patch targeting nss 3.14 next tuesday.
- YAY!
- HSTS Preload List
- Whatever happened with the knockouts and the hole punches?
- We only put a site on the list if they have set a header with a max-age > 18 weeks + Are on the google list (showing that they have talked to someone / opt'ed into the list)
- The change to the script that 1processes google's list has been written and is pending review
Contextual Identity wiki
https://wiki.mozilla.org/Security/Contextual_Identity_Project https://docs.google.com/presentation/d/1qhzkAOuhoeOEieYce9uN7FvRCvpRIrXlPEiLnegZdSk/edit
Meeting Announcements
- need a volunteer to send out the meeting announcement for the next few meetings !
- mmc has volunteered, thank you ! :D
L33T Brown Bag
- What is the topic? Completed Roadmap items & P1 Roadmap Items / Roadmap Items that are being actively worked on.
- Tuesday, November 13th Lunch.
- Tanvi to file a bug for it.
2013 Roadmap
- Be on the lookout for discussions on a 2013 Roadmap. We should be involved if possible.
DOMCrypt API mention
- See bug