- From: Tobias Gondrom <tobias.gondrom@gondrom.org>
- Date: Wed, 30 Jan 2013 07:35:09 +0800
- To: public-webappsec@w3.org
- Message-ID: <51085CAD.5000300@gondrom.org>
Dear all, my apologies for missing the call this morning/afternoon/evening. Seems my calendar screwed up between UTC and winter time in UK - again. And I missed the call by one hour. *arghh* :-( :-( :-( Anyway I just learned that " UI Safety ISSUE 2" will be taken to the list and I will be glad to join that discussion via email as I think this is an important question. Best regards, Tobias On 29/01/13 10:01, Eric Rescorla wrote: > > DATE: Jan, 29 2013 > TIME: 22:00-23:00 UTC (14:00-15:00 PST) > > +1.617.761.6200 <tel:%2B1.617.761.6200>; PIN 92794 ('WASWG') and > #webappsec on irc.w3.org:6665 <http://irc.w3.org:6665/> > (Or VoIP via the Zakim SIP > bridge: http://www.w3.org/2006/tools/wiki/Zakim-SIP) > > 22:00 - 22:03 Scribe Selection (Default -> Eric Rescorla) > 22:03 - 22:05 Roll Call > 22:05 - 22:06 Minutes Approval > 22:07 - 22:08 Agenda Bashing > 22:08 - 22:09 News: CSP 1.0 to CR > 22:10 - 22:15 Review of open actions in tracker > 22:15 - 22:30 Review raised+open issues, assign actions > 22:30 - 22:35 default-src violation types > http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0036.html > 22:35 - 22:40 CSP and HSTS > http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0034.html > 22:40 - 22:45 Defaults for clipping and selectors > http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0045.html > 22:45 - 22:57 UI Safety ISSUE 2 > "The restriction to a single additional host source value was > based on the request of the Websec WG as part of moving this > feature to this document. This decision should be evaluated in the > context of CSP. For example, while standalone implementations of > X-Frame-Options may not have wanted to incur the complexity of > parsing potentially large lists of origins, CSP implementaions > must already be robust in their handling of such lists. The > inclusion of multiple origins may reveal details of the security > model of a resource that chooses to publish such a policy and > risks associated with this should be discussed in the Security > Considerations section if any change is made." > 22:57 - 23:00 Move of testing repos to github > http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0044.html > > Scribe Rotation. We go down the list in order. Please advise if you > cannot scribe for some reason, or if you are not listed here and > should be. > > Adam Barth > Jeff Hodges > David Huang > Gopal Raghavan > Eric Rescorla <-- > Jacob Rossi > Tanvi Vyas > Peleus Uhley > Dan Veditz > Ryan Ware > Jim O'Leary > Adam Bresee > Ian Melven
Received on Tuesday, 29 January 2013 23:35:39 UTC