Teleconference Agenda: 2018-02-21

Hello, WebAppSec! We'll be having our second scheduled teleconference of
the year tomorrow (Wednesday, February 21st) at 9:00 PST, 12:00 EST, 18:00
CET, etc.

Dial-in details for the webex calls are posted member-only visible here:
https://www.w3.org/2011/webappsec/webex.html

Please join us on IRC and send "present+" for role-call: #webappsec on
irc.w3.org:6665 (https://irc.w3.org/?channels=webappsec)

TOPIC: Agenda Bashing

TOPIC: News
*   Chrome 68 will mark all HTTP pages as "Not secure":
https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html
*   Origin trial for signature-based SRI
<https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fw3c%2Fwebappsec-subresource-integrity%2Fblob%2Fmaster%2Fsignature-based-restrictions-explainer.markdown&sa=D&sntz=1&usg=AFQjCNGPVSbMnj24w6kUDZb286pRGxzLJg>
in Chrome 66ish:
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/sWa31BxDO0g
*   Appcache -> Secure Contexts:
https://groups.google.com/d/msg/mozilla.dev.platform/qLTTpdzcDkw/WKJeq-4HAQAJ
(and
more broadly in https://github.com/whatwg/html/issues/3440)

TOPIC: Minutes Approval
https://www.w3.org/2018/01/17-webappsec-minutes.html

TOPIC: Mixed Content Level 2
We discussed
https://github.com/mikewest/webappsec-mixed-content/blob/master/proposed-level-2-roadmap.md
at TPAC, and a few folks recently talked about the problem space in more
detail. Seems like a good opportunity to bring the discussion to the wider
group.

TOPIC: Exposing credentials to JavaScript.
John pinged the discussion we started at TPAC
<https://www.w3.org/2017/11/06-webappsec-minutes.html#item06>, noting that
trackers might abuse the API for nefarious purposes.

Thanks! See you tomorrow! (I'll get better at remembering to send the
agenda out earlier, I promise!)

-mike