Re: Teleconference Agenda: 2018-02-21 from Mike West on 2018-02-21 (public-webappsec@w3.org from February 2018)

From: Mike West <mkwst@google.com>
Date: Wed, 21 Feb 2018 10:43:09 +0100
To: Web Application Security Working Group <public-webappsec@w3.org>
Cc: Dan Veditz <dveditz@mozilla.com>, Andy Paicu <andypaicu@google.com>
Message-ID: <CAKXHy=cv6=x_Qrm7LK=A8AM7GV3narYaCcY+dBKgMfcqkjZKmg@mail.gmail.com>

On Tue, Feb 20, 2018 at 8:16 PM, Mike West <mkwst@google.com> wrote:

> Hello, WebAppSec! We'll be having our second scheduled teleconference of
> the year tomorrow (Wednesday, February 21st) at 9:00 PST, 12:00 EST, 18:00
> CET, etc.
>
> Dial-in details for the webex calls are posted member-only visible here:
> https://www.w3.org/2011/webappsec/webex.html
>
> Please join us on IRC and send "present+" for role-call: #webappsec on
> irc.w3.org:6665 (https://irc.w3.org/?channels=webappsec)
>
> TOPIC: Agenda Bashing
>

The agenda has been bashed! Let's add the following:

TOPIC: CSP
*   `navigate-to`
*   `webrtc-src`
*   `'wasm-eval'`

TOPIC: News
> *   Chrome 68 will mark all HTTP pages as "Not secure": https://security.
> googleblog.com/2018/02/a-secure-web-is-here-to-stay.html
> *   Origin trial for signature-based SRI
> <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fw3c%2Fwebappsec-subresource-integrity%2Fblob%2Fmaster%2Fsignature-based-restrictions-explainer.markdown&sa=D&sntz=1&usg=AFQjCNGPVSbMnj24w6kUDZb286pRGxzLJg>
> in Chrome 66ish: https://groups.google.com/a/chromium.org/forum/#!
> topic/blink-dev/sWa31BxDO0g
> *   Appcache -> Secure Contexts: https://groups.
> google.com/d/msg/mozilla.dev.platform/qLTTpdzcDkw/WKJeq-4HAQAJ (and more
> broadly in https://github.com/whatwg/html/issues/3440)
>
> TOPIC: Minutes Approval
> https://www.w3.org/2018/01/17-webappsec-minutes.html
>
> TOPIC: Mixed Content Level 2
> We discussed https://github.com/mikewest/webappsec-mixed-
> content/blob/master/proposed-level-2-roadmap.md at TPAC, and a few folks
> recently talked about the problem space in more detail. Seems like a good
> opportunity to bring the discussion to the wider group.
>
> TOPIC: Exposing credentials to JavaScript.
> John pinged the discussion we started at TPAC
> <https://www.w3.org/2017/11/06-webappsec-minutes.html#item06>, noting
> that trackers might abuse the API for nefarious purposes.
>
> Thanks! See you tomorrow! (I'll get better at remembering to send the
> agenda out earlier, I promise!)
>
> -mike
>

Received on Wednesday, 21 February 2018 09:53:34 UTC