IRC log of webappsec on 2012-05-08
Timestamps are in UTC.
- 20:56:07 [RRSAgent]
- RRSAgent has joined #webappsec
- 20:56:07 [RRSAgent]
- logging to http://www.w3.org/2012/05/08-webappsec-irc
- 20:56:22 [puhley]
- puhley has joined #webappsec
- 20:56:28 [jeffh]
- jeffh has joined #webappsec
- 20:58:04 [bhill2]
- zakim, this will be 92794
- 20:58:04 [Zakim]
- ok, bhill2; I see SEC_WASWG()5:00PM scheduled to start in 2 minutes
- 20:58:28 [bhill2]
- Meeting: WebAppSec Teleconference, May 8, 2012
- 20:58:34 [bhill2]
- Chair: bhill2, ekr
- 20:59:10 [puhley]
- Scribe: Peleus Uhley
- 20:59:14 [bhill2]
- Agenda: http://lists.w3.org/Archives/Public/public-webappsec/2012May/0047.html
- 20:59:22 [puhley]
- ScribeNick: puhley
- 20:59:55 [puhley]
- rrsagent, begin
- 21:00:17 [abarth]
- abarth has joined #webappsec
- 21:00:48 [abarth]
- Zakim, who is on the phone
- 21:00:48 [Zakim]
- I don't understand 'who is on the phone', abarth
- 21:01:15 [bhill2]
- zakim, who is here
- 21:01:15 [Zakim]
- bhill2, you need to end that query with '?'
- 21:01:20 [bhill2]
- zakim, who is here?
- 21:01:20 [Zakim]
- SEC_WASWG()5:00PM has not yet started, bhill2
- 21:01:21 [Zakim]
- On IRC I see abarth, jeffh, puhley, RRSAgent, Zakim, bhill2, dhuang3, tanvi, gioma1, dveditz, odinho, anne, timeless, mkwst, trackbot, bhill22, caribou
- 21:01:34 [abarth]
- Zakim, who is on the phone?
- 21:01:34 [Zakim]
- SEC_WASWG()5:00PM has not yet started, abarth
- 21:01:36 [Zakim]
- On IRC I see abarth, jeffh, puhley, RRSAgent, Zakim, bhill2, dhuang3, tanvi, gioma1, dveditz, odinho, anne, timeless, mkwst, trackbot, bhill22, caribou
- 21:02:07 [cory]
- cory has joined #webappsec
- 21:02:12 [bhill2]
- zakim, who is speaking?
- 21:02:12 [Zakim]
- sorry, bhill2, I don't know what conference this is
- 21:02:18 [bhill2]
- zakim, this is 92794
- 21:02:18 [Zakim]
- ok, bhill2; that matches SEC_WASWG()5:00PM
- 21:02:24 [bhill2]
- zakim, who is on the phone?
- 21:02:24 [Zakim]
- On the phone I see +1.650.678.aaaa, +1.866.317.aabb, +1.415.832.aacc, abarth, ??P5, +1.650.386.aadd, +1.360.793.aaee, +1.425.865.aaff, +1.408.320.aagg
- 21:02:34 [Zakim]
- -??P5
- 21:02:34 [bhill2]
- zakim aadd is bhill2
- 21:02:40 [bhill2]
- zakim, aadd is bhill2
- 21:02:40 [Zakim]
- +bhill2; got it
- 21:02:48 [bhill2]
- zakim, who is speaking?
- 21:02:53 [abarth]
- it remembered my phone number! amazing
- 21:02:59 [Zakim]
- bhill2, listening for 10 seconds I heard sound from the following: +1.650.678.aaaa (15%), +1.415.832.aacc (26%), bhill2 (4%)
- 21:02:59 [dhuang3]
- zakim, aagg is dhuang3
- 21:03:01 [Zakim]
- +dhuang3; got it
- 21:03:04 [tanvi]
- i'm aadd
- 21:03:06 [Zakim]
- +??P5
- 21:03:09 [puhley]
- zakim aacc is puhley
- 21:03:29 [puhley]
- zakim, aacc is puhley
- 21:03:29 [Zakim]
- +puhley; got it
- 21:03:32 [gioma1]
- zakim, ??P5 is gioma1
- 21:03:32 [Zakim]
- +gioma1; got it
- 21:04:04 [timeless]
- s/zakim aacc is puhley//
- 21:04:06 [bhill2]
- zakim, aaee is bhill2
- 21:04:06 [Zakim]
- +bhill2; got it
- 21:04:10 [timeless]
- RRSAgent, draft minutes
- 21:04:10 [RRSAgent]
- I have made the request to generate http://www.w3.org/2012/05/08-webappsec-minutes.html timeless
- 21:04:13 [tanvi]
- zakim, aadd is tanvi
- 21:04:13 [Zakim]
- sorry, tanvi, I do not recognize a party named 'aadd'
- 21:04:26 [timeless]
- Zakim, who is on the call?
- 21:04:26 [Zakim]
- On the phone I see +1.650.678.aaaa, +1.866.317.aabb, puhley, abarth, bhill2, bhill2.a, +1.425.865.aaff, dhuang3, gioma1
- 21:04:30 [jeffh]
- zakim, aagg is jeFFh
- 21:04:30 [Zakim]
- sorry, jeffh, I do not recognize a party named 'aagg'
- 21:04:40 [bhill2]
- zakim, mute puhley
- 21:04:40 [Zakim]
- puhley should now be muted
- 21:05:11 [bhill2]
- zakim, unmute puhley
- 21:05:11 [Zakim]
- puhley should no longer be muted
- 21:06:13 [Zakim]
- +[Microsoft]
- 21:06:37 [puhley]
- bhill: I haven't posted day 2 minutes yet
- 21:07:03 [puhley]
- ACTION: bhill to add day 2 minutes
- 21:07:03 [trackbot]
- Sorry, couldn't find user - bhill
- 21:07:37 [jrossi]
- jrossi has joined #webappsec
- 21:07:41 [puhley]
- ACTION: bhill2 to add day 2 minutes from face to face meeting
- 21:07:42 [trackbot]
- Created ACTION-64 - Add day 2 minutes from face to face meeting [on Brad Hill - due 2012-05-15].
- 21:09:01 [bhill2]
- agenda substitution: discuss more granular origin handling behavior in 1.0 in place of content type matching in 1.1
- 21:11:04 [Zakim]
- +dveditz
- 21:15:33 [puhley]
- jrossi: Should sandbox directive be included in CSP 1.0?
- 21:15:47 [puhley]
- abarth: There is an implementation in WebKit
- 21:16:39 [puhley]
- bhill2: It was considered for 1.1 because it did not change the header or the syntax for CSP. Therefore, it could be supported in browsers without being in the 1.0 spec.
- 21:18:16 [puhley]
- jrossi: Microsoft would like to get it into 1.0 so that they could officially validate their implementation.
- 21:19:15 [puhley]
- jrossi: It meets the criteria for W3C requirements of two implementations.
- 21:23:06 [timeless]
- issue-35?
- 21:23:06 [trackbot]
- ISSUE-35 does not exist
- 21:23:15 [timeless]
- s/issue-35?//
- 21:23:18 [timeless]
- s/ISSUE-35 does not exist//
- 21:27:46 [timeless]
- issue-8?
- 21:27:46 [trackbot]
- ISSUE-8 -- Identify proper behavior for html added via plubins / object tag -- closed
- 21:27:46 [trackbot]
- http://www.w3.org/2011/webappsec/track/issues/8
- 21:27:53 [timeless]
- s/issue-8?//
- 21:27:59 [timeless]
- s|ISSUE-8 -- Identify proper behavior for html added via plubins / object tag -- closed||
- 21:28:04 [timeless]
- s|http://www.w3.org/2011/webappsec/track/issues/8||
- 21:28:13 [timeless]
- RRSAgent, draft minutes
- 21:28:13 [RRSAgent]
- I have made the request to generate http://www.w3.org/2012/05/08-webappsec-minutes.html timeless
- 21:28:39 [puhley]
- bhill2: This may cause confusion with regards to declaring CSP support if individual sub-features are not supported. For instance, if IE supports sandbox but does not support all of the directives and Firefox supports all of the directives but not the sandbox implementation.
- 21:29:16 [puhley]
- ACTION: bhill2 to put question out to the list.
- 21:29:17 [trackbot]
- Created ACTION-65 - Put question out to the list. [on Brad Hill - due 2012-05-15].
- 21:29:23 [bhill2]
- rrsagent set logs public-visible
- 21:29:33 [bhill2]
- rrsagent, set logs public-visible
- 21:29:42 [timeless]
- s|rrsagent set logs public-visible||
- 21:29:45 [timeless]
- RRSAgent, draft minutes
- 21:29:45 [RRSAgent]
- I have made the request to generate http://www.w3.org/2012/05/08-webappsec-minutes.html timeless
- 21:31:10 [puhley]
- abarth: When receiving multiple policies, the browser should combine them.
- 21:34:05 [puhley]
- abarth: For experimental headers, the browser vendors implementing the experimental header will determine what works best for combining the header.
- 21:34:52 [puhley]
- tanvi: Should there be same-origin restrictions for report-uri headers?
- 21:35:32 [puhley]
- abarth: We will not allow report-uri in meta tag but we won't restrict it for headers.
- 21:38:28 [puhley]
- bhill2: Should we allow more granular origins than just the domain?
- 21:39:54 [puhley]
- dveditz: It would be good to define this in 1.0 so that expectations are set correctly going forward.
- 21:43:53 [puhley]
- ACTION: abarth to add error handling behavior in 1.0 spec
- 21:43:53 [trackbot]
- Created ACTION-66 - Add error handling behavior in 1.0 spec [on Adam Barth - due 2012-05-15].
- 21:46:54 [jeffh]
- lots oF noise on some line
- 21:47:24 [puhley]
- I am on mute right now so it isn't me.
- 21:47:50 [tanvi]
- someone who is typing
- 21:47:59 [gioma1]
- neither me. Someone typing
- 21:50:14 [puhley]
- ACTION: abarth to add a description for how to handle content-type in CSP 1.1 - 06/30/2012
- 21:50:14 [trackbot]
- Created ACTION-67 - Add a description for how to handle content-type in CSP 1.1 - 06/30/2012 [on Adam Barth - due 2012-05-15].
- 21:52:33 [puhley]
- bhill2: For clickjacking, we would pursue something similar to ClearClick. Giorgio is nominated as editor.
- 21:52:43 [puhley]
- dhuang3 volunteers to be an additional editor.
- 21:57:25 [puhley]
- ACTION: dhuang3 to coordinate with Giorgi on a draft proposal - 07/2012
- 21:57:25 [trackbot]
- Created ACTION-68 - Coordinate with Giorgi on a draft proposal - 07/2012 [on David Huang - due 2012-05-15].
- 21:57:42 [Zakim]
- - +1.866.317.aabb
- 21:57:47 [Zakim]
- -[Microsoft]
- 21:57:48 [Zakim]
- - +1.650.678.aaaa
- 21:57:48 [Zakim]
- -dveditz
- 21:57:50 [Zakim]
- - +1.425.865.aaff
- 21:57:50 [Zakim]
- -abarth
- 21:57:51 [Zakim]
- -dhuang3
- 21:57:51 [Zakim]
- -gioma1
- 21:57:52 [Zakim]
- -bhill2.a
- 21:57:54 [Zakim]
- -puhley
- 21:57:56 [Zakim]
- -bhill2
- 21:57:57 [Zakim]
- SEC_WASWG()5:00PM has ended
- 21:57:59 [Zakim]
- Attendees were +1.650.678.aaaa, +1.866.317.aabb, +1.415.832.aacc, abarth, +1.650.386.aadd, +1.360.793.aaee, +1.425.865.aaff, +1.408.320.aagg, bhill2, dhuang3, puhley, gioma1,
- 21:58:03 [Zakim]
- ... [Microsoft], dveditz
- 21:58:22 [puhley]
- RRSAgenet, make minutes
- 21:58:31 [puhley]
- RRSAgent, make minutes
- 21:58:31 [RRSAgent]
- I have made the request to generate http://www.w3.org/2012/05/08-webappsec-minutes.html puhley
- 21:59:49 [bhill2]
- thank you, Josh
- 22:00:38 [timeless]
- s/thank you, Josh//
- 22:01:00 [timeless]
- trackbot, end meeting
- 22:01:00 [trackbot]
- Zakim, list attendees
- 22:01:00 [Zakim]
- sorry, trackbot, I don't know what conference this is
- 22:01:00 [jeffh]
- quit
- 22:01:08 [trackbot]
- RRSAgent, please draft minutes
- 22:01:08 [RRSAgent]
- I have made the request to generate http://www.w3.org/2012/05/08-webappsec-minutes.html trackbot
- 22:01:09 [timeless]
- s/quit//
- 22:01:09 [trackbot]
- RRSAgent, bye
- 22:01:09 [RRSAgent]
- I see 6 open action items saved in http://www.w3.org/2012/05/08-webappsec-actions.rdf :
- 22:01:09 [RRSAgent]
- ACTION: bhill to add day 2 minutes [1]
- 22:01:09 [RRSAgent]
- recorded in http://www.w3.org/2012/05/08-webappsec-irc#T21-07-03
- 22:01:09 [RRSAgent]
- ACTION: bhill2 to add day 2 minutes from face to face meeting [2]
- 22:01:09 [RRSAgent]
- recorded in http://www.w3.org/2012/05/08-webappsec-irc#T21-07-41
- 22:01:09 [RRSAgent]
- ACTION: bhill2 to put question out to the list. [3]
- 22:01:09 [RRSAgent]
- recorded in http://www.w3.org/2012/05/08-webappsec-irc#T21-29-16
- 22:01:09 [RRSAgent]
- ACTION: abarth to add error handling behavior in 1.0 spec [4]
- 22:01:09 [RRSAgent]
- recorded in http://www.w3.org/2012/05/08-webappsec-irc#T21-43-53
- 22:01:09 [RRSAgent]
- ACTION: abarth to add a description for how to handle content-type in CSP 1.1 - 06/30/2012 [5]
- 22:01:09 [RRSAgent]
- recorded in http://www.w3.org/2012/05/08-webappsec-irc#T21-50-14
- 22:01:09 [RRSAgent]
- ACTION: dhuang3 to coordinate with Giorgi on a draft proposal - 07/2012 [6]
- 22:01:09 [RRSAgent]
- recorded in http://www.w3.org/2012/05/08-webappsec-irc#T21-57-25
- 22:01:16 [timeless]
- RRSAgent, draft minutes
- 22:01:16 [RRSAgent]
- I have made the request to generate http://www.w3.org/2012/05/08-webappsec-minutes.html timeless