IRC log of security on 2009-11-05

Timestamps are in UTC.

20:46:01 [RRSAgent]
RRSAgent has joined #security
20:46:01 [RRSAgent]
logging to http://www.w3.org/2009/11/05-security-irc
20:46:06 [sylvaing]
sylvaing has joined #security
20:52:23 [annevk]
this meeting is secure and therefore not minuted
20:52:48 [annevk]
also people that could minute are eating
21:10:32 [annevk]
Within this room there was interest in taking STS further.
21:10:46 [annevk]
The current draft can be found here: http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html#strict-transport-security-http-response-header-field
21:10:53 [annevk]
We did not discuss where this work should happen.
21:11:36 [annevk]
CSP is about preventing XSS.
21:12:20 [annevk]
I'm assuming the current draft is: https://wiki.mozilla.org/Security/CSP/Spec
21:13:42 [annevk]
Header that disables a number of features by default, allows for whitelisting.
21:15:24 [annevk]
Chose a header over a well-known location to reduce latency and log spam.
21:21:59 [dsinger]
dsinger has joined #security
21:27:48 [dsinger]
dsinger has joined #security
21:44:15 [dsinger]
dsinger has joined #security
22:12:01 [Hixie]
Hixie has left #security
22:14:48 [dsinger]
dsinger has joined #security
22:19:10 [annevk]
RRSAgent, draft minutes
22:19:10 [RRSAgent]
I have made the request to generate http://www.w3.org/2009/11/05-security-minutes.html annevk
22:19:22 [annevk]
RRSAgent, make logs public
22:20:42 [annevk]
Also discussed: setting up list and wiki
22:20:51 [annevk]
And potentially organize a workshop on HTML5 security
22:21:00 [annevk]
RRSAgent, draft minutes
22:21:00 [RRSAgent]
I have made the request to generate http://www.w3.org/2009/11/05-security-minutes.html annevk
22:28:40 [dsinger]
dsinger has joined #security
22:35:17 [dsinger]
dsinger has joined #security