IRC log of security on 2009-11-05
Timestamps are in UTC.
- 20:46:01 [RRSAgent]
- RRSAgent has joined #security
- 20:46:01 [RRSAgent]
- logging to http://www.w3.org/2009/11/05-security-irc
- 20:46:06 [sylvaing]
- sylvaing has joined #security
- 20:52:23 [annevk]
- this meeting is secure and therefore not minuted
- 20:52:48 [annevk]
- also people that could minute are eating
- 21:10:32 [annevk]
- Within this room there was interest in taking STS further.
- 21:10:46 [annevk]
- The current draft can be found here: http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html#strict-transport-security-http-response-header-field
- 21:10:53 [annevk]
- We did not discuss where this work should happen.
- 21:11:36 [annevk]
- CSP is about preventing XSS.
- 21:12:20 [annevk]
- I'm assuming the current draft is: https://wiki.mozilla.org/Security/CSP/Spec
- 21:13:42 [annevk]
- Header that disables a number of features by default, allows for whitelisting.
- 21:15:24 [annevk]
- Chose a header over a well-known location to reduce latency and log spam.
- 21:21:59 [dsinger]
- dsinger has joined #security
- 21:27:48 [dsinger]
- dsinger has joined #security
- 21:44:15 [dsinger]
- dsinger has joined #security
- 22:12:01 [Hixie]
- Hixie has left #security
- 22:14:48 [dsinger]
- dsinger has joined #security
- 22:19:10 [annevk]
- RRSAgent, draft minutes
- 22:19:10 [RRSAgent]
- I have made the request to generate http://www.w3.org/2009/11/05-security-minutes.html annevk
- 22:19:22 [annevk]
- RRSAgent, make logs public
- 22:20:42 [annevk]
- Also discussed: setting up list and wiki
- 22:20:51 [annevk]
- And potentially organize a workshop on HTML5 security
- 22:21:00 [annevk]
- RRSAgent, draft minutes
- 22:21:00 [RRSAgent]
- I have made the request to generate http://www.w3.org/2009/11/05-security-minutes.html annevk
- 22:28:40 [dsinger]
- dsinger has joined #security
- 22:35:17 [dsinger]
- dsinger has joined #security