[CSP] Clarifications on nonces
[CSP] Dynamic CSP
[MIX] 4 possible solutions to the problem of Mixed Content Blocking stalling HTTPS deployment
[MIX] Require HTTPS scripts to be able to anything HTTP scripts can do.
[Referrer] Adding a referrer attribute delivery mechanism
- Brian Smith (Friday, 13 February)
- Brian Smith (Friday, 13 February)
- Scott Beardsley (Friday, 13 February)
- Mike West (Friday, 13 February)
- Scott Beardsley (Thursday, 12 February)
- Francois Marier (Friday, 13 February)
- Devdatta Akhawe (Friday, 13 February)
- Francois Marier (Friday, 13 February)
- Devdatta Akhawe (Friday, 13 February)
- Mike West (Thursday, 12 February)
- Anne van Kesteren (Thursday, 12 February)
- Anne van Kesteren (Thursday, 12 February)
- Mike West (Thursday, 12 February)
- Mike West (Thursday, 12 February)
- Anne van Kesteren (Thursday, 12 February)
- Martin Thomson (Thursday, 12 February)
- Brian Smith (Thursday, 12 February)
- Martin Thomson (Thursday, 12 February)
- Brian Smith (Thursday, 12 February)
- Jim Manico (Thursday, 12 February)
- Francois Marier (Thursday, 12 February)
[SRI] unsupported hashes and invalid metadata
[Unbearable] IETF seeking feedback on proposed "Token Binding" Working Group
[webappsec] agenda - coming soon
[webappsec] Teleconference Agenda, 09-Feb-2015
[webappsec] Teleconference Agenda, 23-Feb-2015
Always on SSL
An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header)
- Brad Hill (Thursday, 5 February)
- Chris Palmer (Thursday, 5 February)
- Brad Hill (Thursday, 5 February)
- Mike West (Thursday, 5 February)
- Peter Eckersley (Thursday, 5 February)
- Mike West (Thursday, 5 February)
- Peter Eckersley (Wednesday, 4 February)
- Mike West (Wednesday, 4 February)
- Peter Eckersley (Wednesday, 4 February)
- Anne van Kesteren (Wednesday, 4 February)
- Mike West (Wednesday, 4 February)
- Anne van Kesteren (Wednesday, 4 February)
- Crispin Cowan (Tuesday, 3 February)
- Mike West (Tuesday, 3 February)
- Peter Eckersley (Tuesday, 3 February)
- Eduardo' Vela\ (Tuesday, 3 February)
- Anne van Kesteren (Tuesday, 3 February)
- Anne van Kesteren (Tuesday, 3 February)
- Eduardo' Vela\ (Tuesday, 3 February)
- Mike West (Tuesday, 3 February)
Asynchronous decision making (Re: WebAppSec re-charter status)
- Frederik Braun (Thursday, 5 February)
- Mike West (Thursday, 5 February)
- Brad Hill (Wednesday, 4 February)
- Wendy Seltzer (Wednesday, 4 February)
- Arthur Barstow (Wednesday, 4 February)
- Mike West (Wednesday, 4 February)
- Anne van Kesteren (Wednesday, 4 February)
- Brad Hill (Wednesday, 4 February)
- Mike West (Wednesday, 4 February)
- Wendy Seltzer (Wednesday, 4 February)
- Mike West (Wednesday, 4 February)
- Frederik Braun (Wednesday, 4 February)
BIKESHED: Rename "Powerful features"?
- Jeffrey Yasskin (Tuesday, 24 February)
- Yan Zhu (Monday, 23 February)
- Crispin Cowan (Monday, 23 February)
- Mike West (Monday, 23 February)
- Jeffrey Yasskin (Monday, 23 February)
- Jeffrey Yasskin (Monday, 23 February)
- Mike West (Monday, 23 February)
- Oda, Terri (Saturday, 21 February)
- Alex Russell (Thursday, 19 February)
- Crispin Cowan (Wednesday, 18 February)
- Mark Watson (Wednesday, 18 February)
- Crispin Cowan (Wednesday, 18 February)
- Jeffrey Yasskin (Wednesday, 18 February)
- Yan Zhu (Wednesday, 18 February)
- Mark Watson (Wednesday, 18 February)
- Eduardo' Vela\ (Wednesday, 18 February)
- Mike West (Wednesday, 18 February)
- Michal Zalewski (Wednesday, 18 February)
- Mark Watson (Wednesday, 18 February)
- Mike West (Wednesday, 18 February)
CfC approved: CSP Level 2 to Candidate Recommendation
CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th.
- Mike West (Monday, 16 February)
- Mike West (Thursday, 12 February)
- Brian Smith (Wednesday, 11 February)
- Crispin Cowan (Wednesday, 11 February)
- Daniel Kahn Gillmor (Wednesday, 11 February)
- Mike West (Wednesday, 11 February)
- Mike West (Wednesday, 11 February)
- Tanvi Vyas (Tuesday, 10 February)
- Brad Hill (Tuesday, 10 February)
- Jim Manico (Tuesday, 10 February)
- Crispin Cowan (Tuesday, 10 February)
- Mike West (Tuesday, 10 February)
- Mike West (Tuesday, 10 February)
CfC to publish FPWD of CSP Pinning; deadline Feb. 9th
CfC: Transition CSP2 to CR.
- Bjoern Hoehrmann (Wednesday, 11 February)
- Brian Smith (Wednesday, 11 February)
- Bjoern Hoehrmann (Wednesday, 11 February)
- Brian Smith (Wednesday, 11 February)
- Mike West (Tuesday, 10 February)
- Francois Marier (Monday, 9 February)
- Bjoern Hoehrmann (Monday, 9 February)
- Mike West (Monday, 9 February)
- Brian Smith (Monday, 9 February)
- Mike West (Monday, 9 February)
- Brian Smith (Monday, 9 February)
- Devdatta Akhawe (Monday, 9 February)
- Francois Marier (Monday, 9 February)
- Brad Hill (Saturday, 7 February)
- Mike West (Saturday, 7 February)
- Bjoern Hoehrmann (Saturday, 7 February)
- Mike West (Saturday, 7 February)
- Brian Smith (Friday, 6 February)
- Mike West (Friday, 6 February)
CfC: Transition Mixed Content to CR; deadline Feb 23rd.
CORS explained simply
CORS performance
- Anne van Kesteren (Wednesday, 25 February)
- Jonas Sicking (Tuesday, 24 February)
- Anne van Kesteren (Tuesday, 24 February)
- Jonas Sicking (Monday, 23 February)
- Anne van Kesteren (Monday, 23 February)
- Jonas Sicking (Monday, 23 February)
- Henri Sivonen (Monday, 23 February)
- Jonas Sicking (Thursday, 19 February)
- Bjoern Hoehrmann (Thursday, 19 February)
- henry.story@bblfish.net (Thursday, 19 February)
- Martin Thomson (Thursday, 19 February)
- Brad Hill (Thursday, 19 February)
- Jonas Sicking (Thursday, 19 February)
- Jonas Sicking (Thursday, 19 February)
- James M Snell (Thursday, 19 February)
- Brian Smith (Thursday, 19 February)
- Dale Harvey (Thursday, 19 February)
- Dale Harvey (Thursday, 19 February)
- Brian Smith (Thursday, 19 February)
- Dale Harvey (Thursday, 19 February)
- Brian Smith (Thursday, 19 February)
- Dale Harvey (Thursday, 19 February)
- Brian Smith (Thursday, 19 February)
- Anne van Kesteren (Thursday, 19 February)
- Dale Harvey (Thursday, 19 February)
- Brian Smith (Thursday, 19 February)
- Anne van Kesteren (Thursday, 19 February)
- Anne van Kesteren (Thursday, 19 February)
- Brian Smith (Thursday, 19 February)
- Mike West (Thursday, 19 February)
- Eric Mill (Wednesday, 18 February)
- Bjoern Hoehrmann (Tuesday, 17 February)
- Devdatta Akhawe (Tuesday, 17 February)
- Brad Hill (Tuesday, 17 February)
- Anne van Kesteren (Tuesday, 17 February)
- Bjoern Hoehrmann (Tuesday, 17 February)
- Anne van Kesteren (Tuesday, 17 February)
CORS performance proposal
- Jonas Sicking (Monday, 23 February)
- Jonas Sicking (Monday, 23 February)
- Anne van Kesteren (Sunday, 22 February)
- Martin Thomson (Saturday, 21 February)
- Anne van Kesteren (Saturday, 21 February)
- Jonas Sicking (Friday, 20 February)
- Anne van Kesteren (Friday, 20 February)
- Bjoern Hoehrmann (Friday, 20 February)
- Martin Thomson (Friday, 20 February)
- Bjoern Hoehrmann (Thursday, 19 February)
- Brian Smith (Thursday, 19 February)
- Martin Thomson (Thursday, 19 February)
- Jonas Sicking (Thursday, 19 February)
- Dale Harvey (Thursday, 19 February)
- Anne van Kesteren (Thursday, 19 February)
Credentials Management API & multiple-credentials.
CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison)
- Anne van Kesteren (Thursday, 5 February)
- Brian Smith (Thursday, 5 February)
- Martin Thomson (Thursday, 5 February)
- Oda, Terri (Thursday, 5 February)
- Mike West (Thursday, 5 February)
- Martin Thomson (Wednesday, 4 February)
- Mike West (Wednesday, 4 February)
- Martin Thomson (Wednesday, 4 February)
- Mike West (Wednesday, 4 February)
- Oda, Terri (Wednesday, 4 February)
draft minutes from 23-Feb teleconference available
Entry Point Regulation vs Simpler Solutions (was Re: WebAppSec re-charter status)
Fetch, MSE, and MIX
Follow-up to TAG meeting on Powerful Features
IETF seeking feedback on proposed "Token Binding" Working Group
iframe sandbox for third-party widgets and ads (was Re: [CSP] Clarifications on nonces)
- Mike West (Thursday, 12 February)
- Brian Smith (Wednesday, 11 February)
- Brian Smith (Wednesday, 11 February)
- Brian Smith (Wednesday, 11 February)
- Jim Manico (Monday, 9 February)
- Crispin Cowan (Monday, 9 February)
- Jim Manico (Monday, 9 February)
- Brad Hill (Monday, 9 February)
- Jim Manico (Monday, 9 February)
- Brad Hill (Monday, 9 February)
- Devdatta Akhawe (Monday, 9 February)
- Jim Manico (Monday, 9 February)
- Mike West (Monday, 9 February)
- Brian Smith (Monday, 9 February)
Intent to deprecate: Insecure usage of powerful features
Issues with reflected-xss (was Re: CfC: Transition CSP2 to CR.)
last charter update
Private Devices and IoT (was Proposal: Marking HTTP As Non-Secure)
Process? (was Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th.)
Proposal: A pinning mechanism for CSP?
- Mike West (Thursday, 12 February)
- Brian Smith (Wednesday, 11 February)
- Mike West (Monday, 9 February)
- Brian Smith (Monday, 9 February)
- Mike West (Monday, 9 February)
- Eric Mill (Saturday, 7 February)
- Mike West (Saturday, 7 February)
- Brian Smith (Friday, 6 February)
- Mike West (Monday, 2 February)
- Daniel Veditz (Sunday, 1 February)
referrer spec and backwards compatibility
Requiring Authenticated Origins for Geolocation API's: Status
RfC: Manifest for web application; review deadline March 5
Server Certificates, Internal Names, and Browser support after October 2016
Service Workers and MIX (was Re: MIX: Exiting last call?)
Signed CSP
- Yan Zhu (Tuesday, 17 February)
- Crispin Cowan (Monday, 16 February)
- Scott Arciszewski (Monday, 16 February)
- Michal Zalewski (Monday, 16 February)
- Scott Arciszewski (Monday, 16 February)
- Scott Arciszewski (Monday, 16 February)
- Crispin Cowan (Monday, 16 February)
- Scott Arciszewski (Sunday, 15 February)
- Crispin Cowan (Sunday, 15 February)
- Scott Arciszewski (Sunday, 15 February)
- Crispin Cowan (Sunday, 15 February)
- Scott Arciszewski (Sunday, 15 February)
Upgrade mixed content URLs through HTTP header
- =JeffH (Monday, 23 February)
- David Walp (Tuesday, 17 February)
- Ryan Sleevi (Tuesday, 17 February)
- Tom Ritter (Tuesday, 17 February)
- Mike West (Monday, 9 February)
- Xiaoyin Liu (Friday, 6 February)
- Tanvi Vyas (Friday, 6 February)
- Mike West (Friday, 6 February)
- John Wong (Friday, 6 February)
- Mike West (Friday, 6 February)
- Devdatta Akhawe (Friday, 6 February)
- Mike West (Friday, 6 February)
- Devdatta Akhawe (Friday, 6 February)
- Mike West (Wednesday, 4 February)
- Emily Stark (Wednesday, 4 February)
- Emily Stark (Tuesday, 3 February)
- Mike West (Wednesday, 4 February)
- Anne van Kesteren (Wednesday, 4 February)
- Daniel Kahn Gillmor (Wednesday, 4 February)
- Jacob Hoffman-Andrews (Wednesday, 4 February)
- Tom Ritter (Wednesday, 4 February)
- Austin William Wright (Wednesday, 4 February)
- David Bruant (Tuesday, 3 February)
- Anne van Kesteren (Tuesday, 3 February)
- Mike West (Tuesday, 3 February)
- Anne van Kesteren (Tuesday, 3 February)
- Mike West (Tuesday, 3 February)
- Wendy Seltzer (Tuesday, 3 February)
- Peter Eckersley (Tuesday, 3 February)
- Anne van Kesteren (Tuesday, 3 February)
- Peter Eckersley (Tuesday, 3 February)
- Ryan Sleevi (Tuesday, 3 February)
- Mike West (Tuesday, 3 February)
- Peter Eckersley (Tuesday, 3 February)
- Peter Eckersley (Tuesday, 3 February)
- Peter Eckersley (Tuesday, 3 February)
- Eduardo' Vela\ (Tuesday, 3 February)
- Anne van Kesteren (Tuesday, 3 February)
- Eduardo' Vela\ (Tuesday, 3 February)
- Mike West (Tuesday, 3 February)
- Eduardo' Vela\ (Tuesday, 3 February)
- Mike West (Tuesday, 3 February)
- Anne van Kesteren (Tuesday, 3 February)
- Daniel Kahn Gillmor (Monday, 2 February)
- Mike West (Monday, 2 February)
- Jim Manico (Monday, 2 February)
- Anne van Kesteren (Monday, 2 February)
- Jim Manico (Monday, 2 February)
- Mike West (Monday, 2 February)
- Anne van Kesteren (Monday, 2 February)
- Mike West (Monday, 2 February)
- Anne van Kesteren (Monday, 2 February)
UPGRADE: Feature detection?
- Mike West (Friday, 13 February)
- Julian Reschke (Thursday, 12 February)
- Daniel Kahn Gillmor (Wednesday, 11 February)
- Bjoern Hoehrmann (Thursday, 12 February)
- Mike West (Thursday, 12 February)
- Martin Thomson (Thursday, 12 February)
- Mike West (Thursday, 12 February)
- Martin Thomson (Thursday, 12 February)
- Mike West (Thursday, 12 February)
- Jacob Hoffman-Andrews (Wednesday, 11 February)
- Daniel Kahn Gillmor (Wednesday, 11 February)
- Mike West (Wednesday, 11 February)
- Anne van Kesteren (Wednesday, 11 February)
- Mike West (Wednesday, 11 February)
UPGRADE: Goals? (was Re: CfC to publish FPWD of "Upgrade Insecure Resources"; Deadline Feb 17th.)
WebAppSec re-charter status
- Eduardo' Vela\ (Friday, 13 February)
- Anne van Kesteren (Friday, 13 February)
- Bjoern Hoehrmann (Friday, 13 February)
- Eduardo' Vela\ (Friday, 13 February)
- Brad Hill (Friday, 13 February)
- Bjoern Hoehrmann (Friday, 13 February)
- Bjoern Hoehrmann (Friday, 13 February)
- David Ross (Thursday, 12 February)
- Eduardo' Vela\ (Thursday, 12 February)
- Anne van Kesteren (Thursday, 12 February)
- Eduardo' Vela\ (Thursday, 12 February)
- Anne van Kesteren (Thursday, 12 February)
- Eduardo' Vela\ (Thursday, 12 February)
- Anne van Kesteren (Thursday, 12 February)
- David Ross (Thursday, 12 February)
- Anne van Kesteren (Thursday, 12 February)
- David Ross (Wednesday, 11 February)
- Devdatta Akhawe (Monday, 9 February)
- Deian Stefan (Monday, 9 February)
- Devdatta Akhawe (Monday, 9 February)
- Deian Stefan (Monday, 9 February)
- Devdatta Akhawe (Monday, 9 February)
- Martin Thomson (Monday, 9 February)
- Deian Stefan (Monday, 9 February)
- Devdatta Akhawe (Monday, 9 February)
- Deian Stefan (Monday, 9 February)
- Martin Thomson (Monday, 9 February)
- Brad Hill (Sunday, 8 February)
- Jeffrey Yasskin (Friday, 6 February)
- Anne van Kesteren (Friday, 6 February)
- Deian Stefan (Thursday, 5 February)
- Alex Russell (Thursday, 5 February)
- Bjoern Hoehrmann (Thursday, 5 February)
- Mike West (Thursday, 5 February)
- chaals@yandex-team.ru (Wednesday, 4 February)
- Wendy Seltzer (Wednesday, 4 February)
webappsec-ACTION-212: Issue cfc to take mixed content to cr
webappsec-ACTION-213: Reply to brian smith re: csp2 to cr
webappsec-ACTION-214: Ask mozilla ac rep about the current status of their charter objections
why does plugin-types inherit to nested browsing contexts?
Last message date: Friday, 27 February 2015 18:21:56 UTC