public-webappsec@w3.org from February 2016 by subject

[CSP] "sri" source expression to enforce SRI

• Patrick Toomey (Tuesday, 16 February)
• Frederik Braun (Wednesday, 10 February)
• Craig Francis (Tuesday, 9 February)
• Patrick Toomey (Tuesday, 9 February)

[referrer] Should referrer policy change value of the Origin header?

• Jochen Eisinger (Tuesday, 2 February)
• Brad Hill (Tuesday, 2 February)
• Mike West (Tuesday, 2 February)
• Brad Hill (Tuesday, 2 February)

[suborigins] Accessing workers from suborigins

• Devdatta Akhawe (Thursday, 4 February)
• Mitar (Wednesday, 3 February)
• Göran AP Eriksson (Wednesday, 3 February)
• Devdatta Akhawe (Wednesday, 3 February)
• Mitar (Wednesday, 3 February)

[suborigins] Issues on GitHub

• Joel Weinberger (Sunday, 7 February)
• Mitar (Wednesday, 3 February)

[UI Security] iframe URL indicator

• Brad Hill (Monday, 22 February)
• Bil Corry (Monday, 22 February)
• Brad Hill (Monday, 22 February)
• Bil Corry (Monday, 22 February)
• Dan Kaminsky (Monday, 22 February)
• Brad Hill (Monday, 22 February)
• Bil Corry (Saturday, 13 February)

[webappsec] Face to Face meeting survey

• Brad Hill (Tuesday, 2 February)

[webappsec] Teleconference Agenda 2016-Feb-10

• Daniel Veditz (Wednesday, 10 February)

CSP header protection

• Xiaoyin Liu (Wednesday, 3 February)
• Frederik Braun (Wednesday, 3 February)
• Kepeng Li (Wednesday, 3 February)

Embedded Enforcement and Cookie Controls

• Mike O'Neill (Monday, 15 February)

FYI: RFC7762 established a registry of CSP directives

• Richard Barnes (Friday, 12 February)
• Brad Hill (Friday, 12 February)
• Mike West (Friday, 12 February)

HSTS priming vs preloading

• Mike West (Tuesday, 2 February)
• Anne van Kesteren (Tuesday, 2 February)
• Richard Barnes (Tuesday, 2 February)
• Anne van Kesteren (Tuesday, 2 February)
• Eric Mill (Monday, 1 February)
• Richard Barnes (Monday, 1 February)
• Ben Wilson (Monday, 1 February)

In-browser sanitization first, "Safe Node" later?

• David Ross (Thursday, 11 February)
• Frederik Braun (Tuesday, 9 February)
• Devdatta Akhawe (Monday, 8 February)
• Jim Manico (Monday, 8 February)
• Craig Francis (Monday, 8 February)
• Devdatta Akhawe (Monday, 8 February)
• Michal Zalewski (Monday, 8 February)
• Jim Manico (Monday, 8 February)
• Jim Manico (Monday, 8 February)
• Chris Palmer (Monday, 8 February)
• Craig Francis (Monday, 8 February)
• Frederik Braun (Monday, 8 February)

Making it easier to deploy CSP.

• Anne van Kesteren (Wednesday, 17 February)
• Mike West (Wednesday, 17 February)
• Mike West (Wednesday, 17 February)
• Artur Janc (Wednesday, 17 February)
• Conrad Irwin (Wednesday, 17 February)
• Artur Janc (Wednesday, 17 February)
• Artur Janc (Wednesday, 17 February)
• Artur Janc (Saturday, 13 February)
• Conrad Irwin (Monday, 15 February)
• Martin Thomson (Sunday, 14 February)
• Devdatta Akhawe (Sunday, 14 February)
• Mike West (Saturday, 13 February)
• Devdatta Akhawe (Saturday, 13 February)
• Mike West (Friday, 12 February)

new meta tags to protect code visibility or immuatbility

• Crispin Cowan (Thursday, 25 February)
• Eduardo' Vela\ (Thursday, 25 February)
• Crispin Cowan (Thursday, 25 February)
• Mitar (Thursday, 25 February)
• Crispin Cowan (Thursday, 25 February)
• Daniel Veditz (Wednesday, 24 February)
• Mike West (Wednesday, 24 February)
• Ahmed Saleh (Wednesday, 24 February)
• Daniel Veditz (Wednesday, 24 February)
• Mitar (Monday, 22 February)
• Brad Hill (Monday, 22 February)
• Craig Francis (Wednesday, 17 February)
• Ahmed Saleh (Tuesday, 16 February)

Proposal to add a browsing context named "_private"

• Utkarsh Upadhyay (Saturday, 6 February)
• Tanvi Vyas (Saturday, 6 February)

Proposal: Marking HTTP As Non-Secure

• 0h3rr3r4@gmail.com (Saturday, 6 February)
• Mark Watson (Friday, 5 February)
• 0h3rr3r4@gmail.com (Thursday, 4 February)
• Omar Herrera Reyna (Friday, 5 February)
• Eitan Adler (Friday, 5 February)

Review of WebRTC 1.0 from Web Application Security Working Group

• Stefan Håkansson LK (Monday, 1 February)

Teleconference Agenda 2016-Feb-24

• Wendy Seltzer (Wednesday, 24 February)
• Daniel Veditz (Wednesday, 24 February)

Towards a minimum-viable credential management API.

• Mike West (Friday, 12 February)

Using client certificates for signing

• Ángel González (Monday, 29 February)
• Mitar (Friday, 26 February)
• Ángel González (Thursday, 25 February)
• Mitar (Thursday, 25 February)
• Ángel González (Thursday, 25 February)
• Mitar (Wednesday, 24 February)
• Anders Rundgren (Wednesday, 24 February)
• Mitar (Wednesday, 24 February)
• Mitar (Wednesday, 24 February)
• Crispin Cowan (Wednesday, 24 February)
• Crispin Cowan (Wednesday, 24 February)
• Mitar (Wednesday, 24 February)
• Mitar (Wednesday, 24 February)
• Mitar (Wednesday, 24 February)
• Eric Mill (Wednesday, 24 February)
• Henry Story (Tuesday, 23 February)
• Martin Thomson (Tuesday, 23 February)
• Jeffrey Walton (Tuesday, 23 February)
• Anders Rundgren (Tuesday, 23 February)
• Henry Story (Tuesday, 23 February)
• Anders Rundgren (Tuesday, 23 February)
• Mitar (Tuesday, 23 February)
• Anders Rundgren (Tuesday, 23 February)
• Mitar (Tuesday, 23 February)
• Mitar (Tuesday, 23 February)
• Anders Rundgren (Tuesday, 23 February)
• Martin Thomson (Tuesday, 23 February)
• Mitar (Monday, 22 February)

Last message date: Monday, 29 February 2016 22:45:26 UTC