21:02:34 <RRSAgent> RRSAgent has joined #webappsec
21:02:34 <RRSAgent> logging to http://www.w3.org/2012/10/23-webappsec-irc
21:02:47 <imelven> imelven has joined #webappsec
21:02:49 <bhill2> P1, I suspect that is gioma1
21:02:53 <Zakim> +??P9
21:02:54 <bhill2> giorgio, can you try muting your line?
21:02:54 <Zakim> -??P1
21:03:01 <bhill2> hmm. not it
21:03:03 <imelven> hullo
21:03:06 <jrossi> jrossi has joined #webappsec
21:03:07 <bhill2> mozilla, can you try muting?
21:03:11 <gioma1> I just joined
21:03:13 <imelven> im muted
21:03:25 <bhill2> Meeting: WebAppSec Teleconference 23 October 2012
21:03:26 <Zakim> +??P1
21:03:31 <bhill2> Chair: bhill, ekr
21:03:33 <gioma1> Zakim, ??P9 is gioma1
21:03:33 <Zakim> +gioma1; got it
21:03:46 <mkwst> Zakim, ??P1 is mkwst
21:03:46 <Zakim> +mkwst; got it
21:03:50 <bhill2> Agenda: http://lists.w3.org/Archives/Public/public-webappsec/2012Oct/0059.html
21:04:05 <bhill2> zakim, who is here?
21:04:05 <Zakim> On the phone I see +1.650.648.aaaa, +1.425.865.aabb, +1.650.678.aacc, ??P3, +1.206.624.aadd, [Mozilla], +1.866.317.aaee, [Microsoft], gioma1, mkwst
21:04:07 <Zakim> On IRC I see jrossi, imelven, RRSAgent, Zakim, ekr, jeffh, bhill2, ccarson, mkwst, erlend, gioma1, abarth, dveditz, Velmont, timeless, caribou, tobie, trackbot
21:04:21 <bhill2> zakim, aadd is bhill2
21:04:21 <Zakim> +bhill2; got it
21:04:55 <imelven> still figuring out zakim.. first wg call
21:05:18 <jeffh> i think aaee might be me
21:05:26 <jeffh> but dunno fer sure
21:06:07 <jeffh> brad: minutes from last meeting not poste4 unfortunately, so move on to agenda bash
21:06:27 <jeffh> bhill: no requests, so reviewing tracker items
21:07:18 <jeffh> bhill: have a new rev of CORS spec with comments from list (bhill, jeffh) will send out later today hopefully
21:08:02 <jeffh> bhill: issues 58, 70, 79 in CORS will be addressed
21:08:08 <Zakim> +[IPcaller]
21:08:23 <dveditz> zakim, who is here?
21:08:23 <Zakim> On the phone I see +1.650.648.aaaa, +1.425.865.aabb, +1.650.678.aacc, ??P3, bhill2, [Mozilla], +1.866.317.aaee, [Microsoft], gioma1, mkwst, [IPcaller]
21:08:26 <Zakim> On IRC I see jrossi, imelven, RRSAgent, Zakim, ekr, jeffh, bhill2, ccarson, mkwst, erlend, gioma1, abarth, dveditz, Velmont, timeless, caribou, tobie, trackbot
21:08:49 <jeffh> bhill: action #76:  any features at risk in cors due to lack of impl ?
21:08:57 <tanvi> tanvi has joined #webappsec
21:09:00 <erlend> zakim, ??P3 is erlend
21:09:00 <Zakim> +erlend; got it
21:09:08 <tanvi> Zakim, who is here
21:09:08 <Zakim> tanvi, you need to end that query with '?'
21:09:19 <tanvi> Zakim, who is here?
21:09:20 <Zakim> On the phone I see +1.650.648.aaaa, +1.425.865.aabb, +1.650.678.aacc, erlend, bhill2, [Mozilla], +1.866.317.aaee, [Microsoft], gioma1, mkwst, [IPcaller]
21:09:23 <Zakim> On IRC I see tanvi, jrossi, imelven, RRSAgent, Zakim, ekr, jeffh, bhill2, ccarson, mkwst, erlend, gioma1, abarth, dveditz, Velmont, timeless, caribou, tobie, trackbot
21:09:28 <tanvi> [Mozilla] is tanvi
21:09:30 <dveditz> zakim, if you know that why don't  you supply/assume it?
21:09:30 <Zakim> I don't understand your question, dveditz.
21:09:40 <tanvi> Zakim, [Mozilla] is tanvi
21:09:40 <Zakim> +tanvi; got it
21:09:48 <jrossi> Zakim, [Microsoft] is jrossi
21:09:48 <Zakim> +jrossi; got it
21:09:48 <timeless> s/poste4/posted/
21:09:49 <jeffh> bhill: odin and gopal not on call ?  might want to wait for them to discuss. Odin working on CORS test suite into shape, will put this on agenda for tpac f2f discussion next week
21:10:19 <jeffh> bhill: #77, bhill editing
21:10:41 <dveditz> is bhill on a submarine?
21:10:49 <jeffh> #80, haven't heard back from ? will try to followup
21:10:50 <ekr> I think he is sailing to france for tpac
21:10:53 <jeffh> #81: will close
21:11:03 <dveditz> abarth sounded fine :-)
21:11:17 <dveditz> a little, yes
21:12:24 <jeffh> bhill: CSP and CSS discussion from list
21:13:09 <jeffh> bhill: Ian, please explain
21:13:44 <jeffh> imelven (ian):  doesn't think should slow down 1.0 spec; will pay attention to csp1.1
21:14:21 <Zakim> + +1.978.944.aaff
21:14:24 <jeffh> tanvi: tho might be issues wrt gecko vs webkit impl diffs
21:14:47 <Zakim> + +1.206.245.aagg
21:14:51 <Zakim> -bhill2
21:15:36 <bhill2> zakim, aagg is bhill2
21:15:36 <Zakim> +bhill2; got it
21:15:39 <jeffh> ian: there's diff understandings wrt aspects of CSSOM and DOM, and discussion on list is good and has reached some conclusions, can address spec changes in v1.1
21:15:47 <bhill2> zakim, who is making noise?
21:15:59 <Zakim> bhill2, listening for 11 seconds I heard sound from the following: +1.650.648.aaaa (3%), erlend (78%), tanvi (26%)
21:16:12 <bhill2> erlend, can you please mute?
21:16:14 <erlend> I'm muted
21:16:21 <erlend> I'll try to reconnect
21:16:21 <ekr> zakim, who is making noise?
21:16:25 <Zakim> -erlend
21:16:33 <Zakim> ekr, listening for 10 seconds I heard sound from the following: +1.650.648.aaaa (16%), tanvi (39%), bhill2 (40%)
21:16:37 <bhill2> erlend, the submarine noise was you...
21:16:38 <jrossi> submarine sank
21:16:45 <jeffh> abarth: thinks addrssing in 1.1 is fine, tho happy to be flexible on which spec we address it in (?)
21:16:49 <ekr> I think the technical term there is "discomfort noise"
21:16:56 <jeffh> ( is that what abarth said ?  )
21:17:04 <Zakim> +??P3
21:17:12 <erlend> zakim, ??P3 is erlend
21:17:12 <Zakim> +erlend; got it
21:17:26 <erlend> Is it still as bad?
21:17:33 <jeffh> ian: seems like we're converging on an understanding on the list discussion
21:17:39 <jeffh> erland: noise is gone
21:17:40 <jeffh> thx
21:17:46 <erlend> Ok, sorry about that
21:17:53 <erlend> I was muted, so I didn't think it was me
21:18:40 <jeffh> who from Moz was mentioned as going to TPAC ?
21:18:45 <Zakim> -mkwst
21:18:55 <jeffh> mkwst == Mike West
21:19:01 <Zakim> -[IPcaller]
21:19:06 <mkwst> hrm. zakim dropped me.
21:19:07 <bhill2> http://lists.w3.org/Archives/Public/public-webappsec/2012Oct/0022.html
21:19:28 <Zakim> +??P1
21:19:37 <mkwst> zakim, ??P1 is mkwst
21:19:37 <Zakim> +mkwst; got it
21:19:51 <gopal> gopal has joined #webappsec
21:19:59 <jeffh> now discussing above mail msg 0022.html
21:20:08 <jeffh> bhill: add specific language to spec to address ?
21:20:26 <erlend> It's already in the test suite
21:20:35 <jeffh> abarth: don't really understand what the issue is?
21:20:38 <dveditz> dveditz has joined #webappsec
21:20:46 <jeffh> abarth: don't understand how policy is circumvented
21:21:12 <Zakim> +[IPcaller]
21:21:19 <dveditz> dveditz has joined #webappsec
21:21:36 <jeffh> bhill: <see cited msg>
21:21:37 <dveditz> zakim, who is here?
21:21:37 <Zakim> On the phone I see +1.650.648.aaaa, +1.425.865.aabb, +1.650.678.aacc, tanvi, +1.866.317.aaee, jrossi, gioma1, +1.978.944.aaff, bhill2, erlend, mkwst, [IPcaller]
21:21:40 <Zakim> On IRC I see dveditz, gopal, tanvi, jrossi, imelven, RRSAgent, Zakim, ekr, jeffh, bhill2, ccarson, mkwst, erlend, gioma1, abarth, Velmont, timeless, caribou, tobie, trackbot
21:22:06 <jeffh> abarth: this sounds like a bug -- poster sounds confused
21:22:32 <jeffh> ?: but he's saying that in some browsers self /can/ alter the base tag it seems
21:22:47 <jeffh> abarth: if that's it, then it should be fixed
21:23:06 <jeffh> bhill: is there text that says that base tag shouldn't alter self ?
21:23:30 <gioma1> He refers to  a hidden webkit bug: Reference Bug: https://bugs.webkit.org/show_bug.cgi?id=99318
21:23:32 <jeffh> abarth: not sure which browser is he working with?  wud be surprised if webkit or geko
21:24:06 <jeffh> tanvi/dveditz:  yes, the url is resolved ahead of time, we don't use the base attr to determine what self means
21:24:21 <jeffh> abarth: we should talk to him more on list and get more info
21:24:54 <jeffh> dveditz: < thinks there might be a way that it might happen >
21:25:13 <jeffh> abarth: will followup on list with poster
21:25:54 <jeffh> dveditz: anything in bug 99318 that's interesting/relevant?
21:26:08 <jeffh> abarth: oh, it's not public, will fix that so we can look at it
21:26:22 <imelven> jeffh: tanvi is going to TPAC
21:26:30 <dveditz> jeffh: I am as well
21:26:45 <jeffh> gotchat, thx
21:26:46 <dveditz> jeffh: other mozilla people are going to other WG
21:27:02 <imelven> not sure about sicking, and bz, i dropped them a mail
21:27:31 <bhill2> http://lists.w3.org/Archives/Public/public-webappsec/2012Oct/0008.html
21:27:49 <jeffh> abarth: the bug is just a copy of the email msg -- will followup on list in any case
21:27:54 <jeffh> bhill: moving on
21:28:50 <jeffh> bhill: issues with document promotion that was discussed on the list
21:29:12 <jeffh> bhill: do any WG members on call think we should re-open any of the issues?
21:30:09 <jeffh> <silence>    don't hear any objections to closing issues 11, 16, 17 , 18, 19   --  any motion to close these, and advance csp 1.0 to CR ?
21:30:14 <jeffh> jeffh: so moved
21:30:19 <jeffh> tanvi: seconded
21:30:25 <jeffh> dveditz: thirded
21:30:28 <tanvi> *applause*
21:30:29 <jeffh> <applause>
21:30:43 <bhill2> RESOLVED: issues 11, 16, 17, 18 and 19 to remain closed as previously resolved, CSP to CR
21:31:04 <bhill2> zakim, who is making noise?
21:31:06 <dveditz> or making espresso?
21:31:18 <Zakim> bhill2, listening for 10 seconds I heard sound from the following: bhill2 (72%)
21:31:25 <jrossi> hehe
21:31:41 <dveditz> coffee's done?
21:32:15 <jeffh> bhill: make a formal request to advance UI safety directives to FPWD ?
21:32:20 <jeffh> <no objections>
21:32:43 <bhill2> RESOLVED: Advance UISafety Directives for CSP to FPWD
21:32:49 <jeffh> portion of that spec may be subject to discussions at IETF-85 atlanta, the week following TPAC
21:33:02 <jeffh> next item
21:33:08 <jeffh> TPAC agenda?
21:34:32 <jeffh> bhill: "test the web forward" event the weekend prior to TPAC in paris -- some of us will be there, want to make some time to discuss that, as well as test suite status, specific areas of spec that needs work, test cases need to be generated, solicit folks to work on these, set scheduoles, this is nec. to get to CR
21:34:46 <jeffh> next item: rechartering for WG
21:34:46 <Zakim> -mkwst
21:34:54 <mkwst> ...
21:35:14 <Zakim> +??P1
21:35:25 <mkwst> zakim, ??P1 is mkwst.
21:35:25 <Zakim> +mkwst; got it
21:36:21 <jeffh> bhill: doesn't seem anything we're doing in CSP 1.1 necessitates changes to charter, but is oppty to upgrade charter with additional work; without additional actual deliverables, this WG may close after completing CSP v1.1 and UI Safety
21:36:28 <tanvi> jonas will be at TPAC
21:36:29 <jeffh> bhill: please think about that
21:37:10 <jeffh> bhill: will send povisional list of discussion items out to list -- any that folks can think of right now?
21:37:47 <jeffh> bhill: not hearing other proposed items, will send to list, we'll have time to discuss online
21:38:00 <jeffh> bhill: next item
21:38:14 <jeffh> bhill: wrt "test web fwd" -- any info?
21:40:57 <jeffh> gopal: welcomes participation, pls submit test suites if you have them, offering to help you with them if you need help;  need to get our test coverage numbers up;   want to try to get a regression count -- has been going a bit slow, if can get some help should speed it up;   will keep working on it in any case,   again welcomes any contributed test cases
21:42:02 <jeffh> bhill: an impt aspect of moving to CR is demonstrating we have actual impls of spec features -- having test cases to demonstrate that will be big help
21:42:22 <jeffh> this is WRT  CORS
21:42:57 <gopal> do we have a deadline for CR
21:43:17 <jeffh> bhill:  wrt CSPv1.0, we're regarding on impl self-declaration;  but CORS has additional complexities, so having actual test cases will be helpful
21:43:18 <bhill2> http://lists.w3.org/Archives/Public/public-webappsec/2012Oct/0009.html
21:44:01 <jeffh> bhill: Re: CSP 1.1: Paths in source list definitions (msg URI above)
21:44:12 <jeffh> tanvi: thinks agreement on list is fine
21:44:22 <jeffh> dveditz: agrees
21:44:47 <tanvi> https://blog.mozilla.org/tanvi/
21:44:47 <jeffh> bhill:  ok, at end of agenda
21:44:53 <dveditz> agrees as long as that understanding makes it into the spec :-)
21:45:04 <tanvi> UserCSP Add-on: https://addons.mozilla.org/en-US/firefox/addon/newusercspdesign/
21:45:04 <tanvi> UserCSP Code (Open Source): https://github.com/patilkr/userCSP
21:45:04 <tanvi> UserCSP Documentation: https://wiki.mozilla.org/SummerOfCode/2012/UserCSP/Wiki
21:45:14 <jeffh> tanvi:  over summer worked on google code project "UserCSP"
21:45:20 <jeffh> see above
21:45:47 <jrossi> cool!
21:46:28 <jeffh> tanvi: has aspect that helps developers craft CSP policy for given "page"
21:47:09 <jeffh> tanvi:  is presently per page,  would like feedback, want to make it gen policy for "per site/domain"
21:47:34 <jeffh> bhill: anything else?
21:48:25 <Zakim> -jrossi
21:48:26 <Zakim> - +1.978.944.aaff
21:48:28 <Zakim> - +1.650.648.aaaa
21:48:30 <Zakim> -tanvi
21:48:31 <Zakim> -erlend
21:48:32 <Zakim> - +1.425.865.aabb
21:48:33 <jeffh> bhill: not hearing anything, so see some of you @TPAC next week, will be at ietf following week and have oppty to liase
21:48:34 <bhill2> zakim, list attendees
21:48:34 <Zakim> As of this point the attendees have been +1.650.648.aaaa, +1.425.865.aabb, +1.650.678.aacc, +1.206.624.aadd, +1.866.317.aaee, gioma1, mkwst, bhill2, [IPcaller], erlend, tanvi,
21:48:34 <Zakim> ... jrossi, +1.978.944.aaff, +1.206.245.aagg
21:48:37 <Zakim> -[IPcaller]
21:48:37 <Zakim> -mkwst
21:48:37 <Zakim> -gioma1
21:48:45 <Zakim> -bhill2
21:48:51 <bhill2> rrsagent, make minutes
21:48:51 <RRSAgent> I have made the request to generate http://www.w3.org/2012/10/23-webappsec-minutes.html bhill2
21:48:56 <bhill2> rrsagent, set logs public-visible
21:49:04 <bhill2> thanks for scribing, Jeff!
21:49:10 <jeffh> welcome :)
21:49:27 <Zakim> - +1.866.317.aaee
21:51:22 <Zakim> - +1.650.678.aacc
21:51:23 <Zakim> SEC_WASWG()5:00PM has ended
21:51:23 <Zakim> Attendees were +1.650.648.aaaa, +1.425.865.aabb, +1.650.678.aacc, +1.206.624.aadd, +1.866.317.aaee, gioma1, mkwst, bhill2, [IPcaller], erlend, tanvi, jrossi, +1.978.944.aaff,
21:51:23 <Zakim> ... +1.206.245.aagg
23:49:54 <Zakim> Zakim has left #webappsec