SecurityEngineering/MeetingNotes/2013-04-28

From MozillaWiki
Jump to: navigation, search

Agenda 2014-04-28 CHAIR: Monica Agenda:

  • 2014 Q2 Goals recap - do we want to add a goal around CRL sets? (and postpone a current goal?)
  • DNT (working group last call + telemetry stats) [sid]
    • Tracking Preference Expression (TPE) is standard for DNT, the header
    • Little guidance on compliance from the working group, prioritizing technical expression (compliance doc is forthcoming)
  • SF is going to be a MV day tomorrow (Cantina)
    • Cantina in all offices for Australis!
  • Privacy Badger release estimated for Wednesday
  • New CTO! Also, welcome new management overlord rbarnes
  • Bug bounty update?
    • None so far
    • Testing is much better than the rest of gecko
  • Heartbleed monitor add-on update (https://addons.mozilla.org/en-US/firefox/addon/heartbleed_monitor/ )
    • New version of addon out
    • No publicity planned, missed the market (buzz?) window
  • CSP parser on track to land mostly by May 16
  • Webcrypto reviews out, good feedback from keeler, camilo, bz, should be landed by end of May
  • Starting FF 31, mozpkix enabled for all platforms/channels
  • TBPL + sandbox: windows logging non-existing, try using procmon as service
  • CRLSets: work channeled into addon with rbarnes and ggp

Action items for next week:

  • (tanvi) create nsIContentPolicy replacement wiki
  • (grobinson, ckerschb, sid) Start landing CSP parser
  • (rbarnes) Land WebCrypto IDL interfaces
  • (rbarnes) Make github for CRLSet addon
  • (rbarnes) Document CRLSet/OCSP workflow