Re: Agenda for January 29 Teleconference from Tobias Gondrom on 2013-01-29 (public-webappsec@w3.org from January 2013)

From: Tobias Gondrom <tobias.gondrom@gondrom.org>
Date: Wed, 30 Jan 2013 07:35:09 +0800
To: public-webappsec@w3.org
Message-ID: <51085CAD.5000300@gondrom.org>

Dear all,

my apologies for missing the call this morning/afternoon/evening.
Seems my calendar screwed up between UTC and winter time in UK - again.
And I missed the call by one hour. *arghh* :-( :-( :-(

Anyway I just learned that " UI Safety ISSUE 2" will be taken to the
list and I will be glad to join that discussion via email as I think
this is an important question.

Best regards, Tobias



On 29/01/13 10:01, Eric Rescorla wrote:
>
> DATE: Jan, 29 2013
> TIME: 22:00-23:00 UTC (14:00-15:00 PST)
>  
> +1.617.761.6200 <tel:%2B1.617.761.6200>; PIN 92794 ('WASWG') and
>  #webappsec on irc.w3.org:6665 <http://irc.w3.org:6665/>
> (Or VoIP via the Zakim SIP
> bridge: http://www.w3.org/2006/tools/wiki/Zakim-SIP)
>
> 22:00 - 22:03    Scribe Selection (Default -> Eric Rescorla)
> 22:03 - 22:05    Roll Call
> 22:05 - 22:06    Minutes Approval
> 22:07 - 22:08    Agenda Bashing
> 22:08 - 22:09    News: CSP 1.0 to CR
> 22:10 - 22:15    Review of open actions in tracker
> 22:15 - 22:30    Review raised+open issues, assign actions
> 22:30 - 22:35    default-src violation types
>     http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0036.html
> 22:35 - 22:40    CSP and HSTS
>     http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0034.html
> 22:40 - 22:45    Defaults for clipping and selectors
>     http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0045.html
> 22:45 - 22:57    UI Safety ISSUE 2
>     "The restriction to a single additional host source value was
>     based on the request of the Websec WG as part of moving this
>     feature to this document. This decision should be evaluated in the
>     context of CSP. For example, while standalone implementations of
>     X-Frame-Options may not have wanted to incur the complexity of
>     parsing potentially large lists of origins, CSP implementaions
>     must already be robust in their handling of such lists. The
>     inclusion of multiple origins may reveal details of the security
>     model of a resource that chooses to publish such a policy and
>     risks associated with this should be discussed in the Security
>     Considerations section if any change is made."
> 22:57 - 23:00    Move of testing repos to github
>     http://lists.w3.org/Archives/Public/public-webappsec/2013Jan/0044.html
>
> Scribe Rotation. We go down the list in order. Please advise if you
> cannot scribe for some reason, or if you are not listed here and
> should be.
>
> Adam Barth
> Jeff Hodges
> David Huang
> Gopal Raghavan 
> Eric Rescorla <--
> Jacob Rossi
> Tanvi Vyas
> Peleus Uhley
> Dan Veditz
> Ryan Ware
> Jim O'Leary
> Adam Bresee
> Ian Melven

Received on Tuesday, 29 January 2013 23:35:39 UTC