SecurityEngineering/MeetingNotes/2013-11-07
From MozillaWiki
Standing Agenda
- Q3 Goals Recap ( https://wiki.mozilla.org/SecurityEngineering/2013/Q3Goals#Q3_Goals )
- Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
- Detailed discussion of features or outstanding issues as time permits
- Additional Items
- Upcoming events, OOO/travel, etc.
- Planning for next meeting (chair selection, etc)
Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/2013-10-31 Q4 Goals:
- Sandboxing
- Outcome: Next set of steps towards a exploit-containing platform.
- DRI: sid (+keeler +christoph)
- Tasks:
- [NEW] Implement: Chromium-sandbox: make it possible to compile and activate on mozilla-central - (keeler + bbondy)
- [NEW] Implement: b2g/e10s security feature tests: Get CSP tests passing in e10s with help from overholt on platform team (garrett + sid + mwobensmith)
- [ON TRACK] Implement: enable seccomp-bpf for linux desktop - bug 935111 (christoph)
- Roadmaps
- Outcome: More visibility and aim for our team's projects.
- DRI: monica (+sid +garrett +cviecco +briansmith)
- Tasks:
- [NEW] Consult: security roadmap update (sid + briansmith + product teams)
- [NEW] Consult: privacy roadmap update (monica + sid + product teams)
- [NEW] Consult: anonymity (tor) roadmap update (sid + mikeperry)
- NetSec
- Outcome: Massive improvement in channel security for SSL sites that want protection from decryption.
- DRI: briansmith (+cviecco)
- Tasks:
- [NEW] Land Insanity::PKIX - bug 878932 (briansmith + cviecco)
- [DONE] Implement: TLS 1.2 enabled on nightly requires server intolerance + telemetry (cviecco + briansmith)
- Mixed Content wrap up
- Outcome: Mixed script is blocked widely on the web in a stable way (and has no more urgent follow-ups.)
- DRI: christoph (+tanvi)
- Tasks:
- [NEW] Implement: redirect bug - bug 418354 (started looking into that)
- [DONE] Implement: don't show mixed content on http pages - bug 909920
- Template:Reopened - bug 915951 (see Bug 934843)
- [ON TRACK] Implement: persistency for child tabs - bug 906190 (feedback+, ready to land)
- CSP
- Outcome: Wider adoption of CSP when Firefox supports these features (and beginning of CSP v1.1)
- DRI: garrett (+sid)
- Tasks:
- [ON TRACK] Implement: script nonce landed behind a pref. bug 855326 (garrett + sid)
- [ON TRACK] Implement: script hash landed behind a pref. bug 883975 (garrett + sid)
- [DONE] Evaluate: profile CSP on desktop and B2G to develop a plan to optimize CSP by rewriting in C++ or otherwise (https://bugzilla.mozilla.org/show_bug.cgi?id=924337#c26) [garrett + christoph] (FAST PATH PROOF: bug 927493)
Agenda 7-Nov-2013 ☠
CHAIR: Christoph Action Items:
- sid will review script nonce after this meeting
Additional Items:
- What happened to the Cookie Clearinghouse?
- Taking longer due to many reasons.
- Need help finding a reviewer for bug 932116 (or help w/ XUL)
- Come to the Aaron Swartz Memorial hackathon!
- Next meeting 14-Nov-2013?
- CHAIR: Garrett
- https://wiki.mozilla.org/SecurityEngineering#Who_is_involved