See also: IRC log
<trackbot> Date: 12 March 2014
<freddyb> oh right. timezones....
<wseltzer> Agenda
<scribe> Meeting: WebAppSec Teleconference 12-Mar-2014
<freddyb> Zakim: ??P15 is freddyb
<jww> jww is the 510 #
<freddyb> thanks gmaone :)
<grobinson> Are these "scribe instructions" up to date? http://www.w3.org/2008/04/scribe.html
yes, pretty much
I usually handle the start/end bits
we just need transcription during the call
<scribe> agenda: http://lists.w3.org/Archives/Public/public-webappsec/2014Mar/0024.html
http://www.w3.org/2011/webappsec/draft-minutes/2014-02-26-webappsec-minutes.html
<jww> zaim, +1.510.761.aaaa is jww
RESOLUTION: Minutes approved
http://lists.w3.org/Archives/Public/public-webappsec/2014Mar/0023.html
<grobinson> freddyb: hoping this is well-defined elsewhere; mark nottingham or boris zbarsky might have a solution
<grobinson> abarth: need a good way to specify the body of the entity (wording)
<mkwst> grobinson: that's me, not mkwst. :)
<grobinson> sorry!
<mkwst> no worries!
<grobinson> mkwst: let's let this play out on the list
http://lists.w3.org/Archives/Public/public-webappsec/2014Mar/0021.html
<grobinson> mkwst: objections to FPWD?
<scribe> ACTION: bhill2 to open SRI issues in tracker from spec text [recorded in http://www.w3.org/2014/03/12-webappsec-minutes.html#action01]
<trackbot> Created ACTION-165 - Open sri issues in tracker from spec text [on Brad Hill - due 2014-03-19].
<grobinson> dveditz: general concern, this could be used for tracking
<grobinson> dveditz: may want to note it so it's there when someone else brings it up
<grobinson> mkwst: we should add "privacy considerations"
<scribe> ACTION: mkwst to add an explicit "Privacy Considerations" section to SRI [recorded in http://www.w3.org/2014/03/12-webappsec-minutes.html#action02]
<trackbot> Error finding 'mkwst'. You can review and register nicknames at <http://www.w3.org/2011/webappsec/track/users>.
<mkwst> mwest2, i think
ACTION mwest2 to add an explicit "Privacy Considerations" section to SRI
<trackbot> Created ACTION-166 - to add an explicit "privacy considerations" section to sri [on Mike West - due 2014-03-19].
<grobinson> bhill2: motion to approve?
dveditz moves to approve, ekr seconds
<grobinson> no objections; resolve to publish FPWD
RESOLUTION: WG to publish Subresource Integrity as FPWD
http://lists.w3.org/Archives/Public/public-webappsec/2014Mar/0008.html
<grobinson> Thread digressed into question: can adding CSP policies weaken, or only strengthen?
<grobinson> jww: clarify proposed meta-hash directive is optional
<grobinson> bhill2: heuristic is to see if 2 people speak up in support of a proposal
<grobinson> dveditz: not totally in favor, but interested. currently wants policy where meta policy is ignored if there is a header policy
<grobinson> dveditz: proposes similar idea using a nonce from the header
<grobinson> dveditz: prefer to see this discussed in 1.2
<grobinson> jww: concurs
<grobinson> bhill2: asks mkwst if the spec is updated to match agreement from last call
<grobinson> mkwst: it is
<glenn> concur
<mkwst> Language in the spec is "Note that user agents may allow users to modify or bypass policy enforcement through user preferences, bookmarklets, third-party additions to the user agent, and other such mechanisms.", FYI.
<grobinson> no objections to current language re: extensions
<grobinson> bhill2: we can keep discussing this in last call if necessary
http://lists.w3.org/Archives/Public/public-webappsec/2014Mar/0006.html
<freddyb> (I have to leave early today)
<grobinson> mkwst: sums up current state. says he is behind on drafting language for the spec