W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2013

Re: Agenda for January 29 Teleconference

From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 29 Jan 2013 10:19:35 -0800
Message-ID: <CABcZeBPGF9R0TYg+=4nXaEVDB9dOT92nBS97GWa442xErLR5_w@mail.gmail.com>
To: Neil Matatall <neilm@twitter.com>
Cc: public-webappsec <public-webappsec@w3.org>
Let's add it to today's agenda.

On Mon, Jan 28, 2013 at 6:36 PM, Neil Matatall <neilm@twitter.com> wrote:

>  Did this item drop off from last time? Or has there been some consensus?
>
> 22:37 - 22:39 Line #s in CSP reports only for same-origin, CORS?
>
> - Neil
>
> On Monday, January 28, 2013 at 6:01 PM, Eric Rescorla wrote:
>
>
> DATE: Jan, 29 2013
> TIME: 22:00-23:00 UTC (14:00-15:00 PST)
>
> +1.617.761.6200; PIN 92794 ('WASWG') and  #webappsec on irc.w3.org:6665
> (Or VoIP via the Zakim SIP bridge:
> http://www.w3.org/2006/tools/wiki/Zakim-SIP)
>
> 22:00 - 22:03    Scribe Selection (Default -> Eric Rescorla)
> 22:03 - 22:05    Roll Call
> 22:05 - 22:06    Minutes Approval
> 22:07 - 22:08    Agenda Bashing
> 22:08 - 22:09    News: CSP 1.0 to CR
> 22:10 - 22:15    Review of open actions in tracker
> 22:15 - 22:30    Review raised+open issues, assign actions
> 22:30 - 22:35    default-src violation types
>     http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0036.html
> 22:35 - 22:40    CSP and HSTS
>     http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0034.html
> 22:40 - 22:45    Defaults for clipping and selectors
>     http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0045.html
> 22:45 - 22:57    UI Safety ISSUE 2
>     "The restriction to a single additional host source value was
>     based on the request of the Websec WG as part of moving this
>     feature to this document. This decision should be evaluated in the
>     context of CSP. For example, while standalone implementations of
>     X-Frame-Options may not have wanted to incur the complexity of
>     parsing potentially large lists of origins, CSP implementaions
>     must already be robust in their handling of such lists. The
>     inclusion of multiple origins may reveal details of the security
>     model of a resource that chooses to publish such a policy and
>     risks associated with this should be discussed in the Security
>     Considerations section if any change is made."
> 22:57 - 23:00    Move of testing repos to github
>     http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0044.html
>
> Scribe Rotation. We go down the list in order. Please advise if you
> cannot scribe for some reason, or if you are not listed here and
> should be.
>
> Adam Barth
> Jeff Hodges
> David Huang
> Gopal Raghavan
> Eric Rescorla <--
> Jacob Rossi
> Tanvi Vyas
> Peleus Uhley
> Dan Veditz
> Ryan Ware
> Jim O'Leary
> Adam Bresee
> Ian Melven
>
>
>
Received on Tuesday, 29 January 2013 18:20:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 29 January 2013 18:20:43 GMT