20:46:01 <RRSAgent> RRSAgent has joined #security
20:46:01 <RRSAgent> logging to http://www.w3.org/2009/11/05-security-irc
20:46:06 <sylvaing> sylvaing has joined #security
20:52:23 <annevk> this meeting is secure and therefore not minuted
20:52:48 <annevk> also people that could minute are eating
21:10:32 <annevk> Within this room there was interest in taking STS further.
21:10:46 <annevk> The current draft can be found here: http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html#strict-transport-security-http-response-header-field
21:10:53 <annevk> We did not discuss where this work should happen.
21:11:36 <annevk> CSP is about preventing XSS.
21:12:20 <annevk> I'm assuming the current draft is: https://wiki.mozilla.org/Security/CSP/Spec
21:13:42 <annevk> Header that disables a number of features by default, allows for whitelisting.
21:15:24 <annevk> Chose a header over a well-known location to reduce latency and log spam.
21:21:59 <dsinger> dsinger has joined #security
21:27:48 <dsinger> dsinger has joined #security
21:44:15 <dsinger> dsinger has joined #security
22:12:01 <Hixie> Hixie has left #security
22:14:48 <dsinger> dsinger has joined #security
22:19:10 <annevk> RRSAgent, draft minutes
22:19:10 <RRSAgent> I have made the request to generate http://www.w3.org/2009/11/05-security-minutes.html annevk
22:19:22 <annevk> RRSAgent, make logs public
22:20:42 <annevk> Also discussed: setting up list and wiki
22:20:51 <annevk> And potentially organize a workshop on HTML5 security
22:21:00 <annevk> RRSAgent, draft minutes
22:21:00 <RRSAgent> I have made the request to generate http://www.w3.org/2009/11/05-security-minutes.html annevk
22:28:40 <dsinger> dsinger has joined #security
22:35:17 <dsinger> dsinger has joined #security