Re: Agenda for January 29 Teleconference from Neil Matatall on 2013-01-29 (public-webappsec@w3.org from January 2013)

From: Neil Matatall <neilm@twitter.com>
Date: Mon, 28 Jan 2013 18:36:17 -0800
To: Eric Rescorla <ekr@rtfm.com>
Cc: public-webappsec <public-webappsec@w3.org>
Message-ID: <C61674043DE3474AB0C3BE45B93F7C0D@twitter.com>

Did this item drop off from last time? Or has there been some consensus? 

22:37 - 22:39 Line #s in CSP reports only for same-origin, CORS? 

- Neil 

On Monday, January 28, 2013 at 6:01 PM, Eric Rescorla wrote:

> 
> DATE: Jan, 29 2013
> TIME: 22:00-23:00 UTC (14:00-15:00 PST)
>  
> +1.617.761.6200 (tel:%2B1.617.761.6200); PIN 92794 ('WASWG') and  #webappsec on irc.w3.org:6665 (http://irc.w3.org:6665/)
> (Or VoIP via the Zakim SIP bridge: http://www.w3.org/2006/tools/wiki/Zakim-SIP)
> 
> 22:00 - 22:03    Scribe Selection (Default -> Eric Rescorla)
> 22:03 - 22:05    Roll Call
> 22:05 - 22:06    Minutes Approval
> 22:07 - 22:08    Agenda Bashing
> 22:08 - 22:09    News: CSP 1.0 to CR
> 22:10 - 22:15    Review of open actions in tracker
> 22:15 - 22:30    Review raised+open issues, assign actions
> 22:30 - 22:35    default-src violation types
>     http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0036.html
> 22:35 - 22:40    CSP and HSTS
>     http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0034.html
> 22:40 - 22:45    Defaults for clipping and selectors
>     http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0045.html
> 22:45 - 22:57    UI Safety ISSUE 2
>     "The restriction to a single additional host source value was
>     based on the request of the Websec WG as part of moving this
>     feature to this document. This decision should be evaluated in the
>     context of CSP. For example, while standalone implementations of
>     X-Frame-Options may not have wanted to incur the complexity of
>     parsing potentially large lists of origins, CSP implementaions
>     must already be robust in their handling of such lists. The
>     inclusion of multiple origins may reveal details of the security
>     model of a resource that chooses to publish such a policy and
>     risks associated with this should be discussed in the Security
>     Considerations section if any change is made."
> 22:57 - 23:00    Move of testing repos to github
>     http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0044.html
> 
> Scribe Rotation. We go down the list in order. Please advise if you
> cannot scribe for some reason, or if you are not listed here and
> should be.
> 
> Adam Barth
> Jeff Hodges
> David Huang
> Gopal Raghavan 
> Eric Rescorla <--
> Jacob Rossi
> Tanvi Vyas
> Peleus Uhley
> Dan Veditz
> Ryan Ware
> Jim O'Leary
> Adam Bresee
> Ian Melven
> 
>

Received on Tuesday, 29 January 2013 02:36:49 UTC