22:00:01 RRSAgent has joined #webappsec 22:00:01 logging to http://www.w3.org/2012/12/18-webappsec-irc 22:00:07 rrsagent, set logs public visible 22:00:26 + +1.408.320.aaaa 22:00:33 Meeting: WebAppSec WG Teleconference, 18-DEC-2012 22:00:41 +??P2 22:01:06 Zakim, ??P2 is gioma1 22:01:06 +gioma1; got it 22:01:11 + +1.781.362.aabb 22:01:12 +[IPcaller] 22:01:21 zakim, IPcaller is bhill2 22:01:21 +bhill2; got it 22:01:41 zakim, aaaa is dhuang3 22:01:41 +dhuang3; got it 22:01:44 Agenda: http://lists.w3.org/Archives/Public/public-webappsec/2012Dec/0027.html 22:01:52 Chair: bhill2, ekr 22:01:58 Scribe: David Huang 22:02:06 Scribenick: dhuang3 22:02:39 zakim, aaaa is dhuang3 22:02:39 sorry, bhill2, I do not recognize a party named 'aaaa' 22:02:52 zakim, who is here? 22:02:52 On the phone I see abresee, dhuang3, gioma1, +1.781.362.aabb, bhill2 22:02:53 On IRC I see RRSAgent, Zakim, bhill2, dhuang3, gioma1, odinho, bhill, trackbot, timeless, mkwst_, tobie, caribou, erlend 22:03:13 zakim, aabb is gopal 22:03:13 +gopal; got it 22:03:16 +??P5 22:03:22 abresee has joined #webappsec 22:03:42 zakim, P5 is erlend 22:03:42 sorry, bhill2, I do not recognize a party named 'P5' 22:03:57 zakim, ??P5 is erlent 22:03:57 +erlent; got it 22:04:13 s/erlent/erlend 22:04:17 np 22:04:21 guess we'll have to fix that in the notes later 22:04:24 +[IPcaller] 22:05:18 zakim, IPcaller is tgondrom 22:05:18 +tgondrom; got it 22:05:22 zakim, erlent is erlend 22:05:22 +erlend; got it 22:06:10 dveditz has joined #webappsec 22:06:10 + +1.415.832.aacc 22:06:13 + +1.650.214.aadd 22:06:40 http://www.w3.org/2012/12/04-webappsec-minutes.html 22:06:45 draft minutes from last teleconference 22:06:46 ekr_ has joined #webappsec 22:06:53 zakim, aadd is mkwst 22:06:53 +mkwst; got it 22:06:55 Having some phone glitches 22:07:04 http://lists.w3.org/Archives/Public/public-webappsec/2012Dec/0027.html 22:07:07 +ekr 22:07:20 any new items for the agenda? 22:07:39 jeffh has joined #webappsec 22:07:58 no new items for agenda 22:08:13 bhill2: congrats to csp 1.1 fpwd 22:08:45 http://www.w3.org/2011/webappsec/track/actions/open 22:08:57 brad, I can edit the tracker if you want to talk 22:09:16 bhill2: closing action 70 22:09:28 +??P10 22:09:52 zakim, who is making noise 22:09:52 I don't understand 'who is making noise', ekr_ 22:09:57 zakim, who is talking? 22:09:57 heavy echo, can't hear 22:10:08 ekr_, listening for 10 seconds I heard sound from the following: bhill2 (12%) 22:10:14 that's awesome 22:11:23 +[IPcaller] 22:11:55 Zakim, IPcaller is dveditz 22:11:55 +dveditz; got it 22:12:02 Zakim, who is here? 22:12:02 On the phone I see abresee, dhuang3, gioma1, gopal, bhill2, erlend, tgondrom, +1.415.832.aacc, mkwst, ekr, ??P10, dveditz 22:12:04 On IRC I see jeffh, ekr_, dveditz, abresee, RRSAgent, Zakim, bhill2, dhuang3, gioma1, odinho, bhill, trackbot, timeless, mkwst_, tobie, caribou, erlend 22:12:30 bhill2: action 87 remain open, new mail on list today 22:12:55 bhill2: closing action 90, dross intends to participate 22:14:45 bhill2: action 92 still open, no changes yet 22:15:40 -gopal 22:16:04 bhill2: action 93, removed by mike 22:16:54 bhill2: action 99 closed 22:16:59 puhley has joined #webappsec 22:17:45 bhill2: action 100, 87 closed 22:18:45 bhill2: action 103 closed, has responded 22:19:43 bhill2: update on cors to cr, next publication date is jan 2 22:20:21 bhill2: addressed some small bugs 22:21:39 bhill2: have some requests on CSP reporting 22:21:50 bhill2: any opinions? 22:22:50 tobias: wonder if the level of detail in reports would be concerning? 22:24:05 mike: line numbers of JS may avoid leaking sensitive information, don't see major security impact 22:24:07 question: which list do we use, public-web-security seems to be "official", but the WG page on w3.org still points at public-webappsec? 22:24:30 both seem active 22:25:06 bhill2: may address some of that by avoiding interference of extensions and csp 22:25:41 bhill2: and also intermediate devices 22:27:02 tobias: is there any overflow risk? probably not 22:27:22 dveditz: public-webappsec@w3.org is the WG list 22:27:35 bhill2: gioma responded on list about UI safety/security/integrity 22:29:01 jeffh: oh, I reversed it? OK, the names make more sense then 22:29:07 bhill2: security/safety... integrity of information or integrity of person, any objections or preference to changing name? 22:29:57 bhill2: slighty favor UI security over UI integrity 22:30:14 sounds fine 22:30:43 ACTION to bhill2 change short name from UI Safety to UI Security on next WD publication 22:30:43 Sorry, couldn't find to. You can review and register nicknames at . 22:30:48 bhill2: no objections changing to UI security 22:31:03 ACTION bhill2 to change short name from UI Safety to UI Security on next WD publication 22:31:03 Created ACTION-105 - Change short name from UI Safety to UI Security on next WD publication [on Brad Hill - due 2012-12-25]. 22:31:53 http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2012-November/038213.html 22:32:36 bhill2: should wait for abarth to discuss this 22:33:36 dveditz: public-web-security@ is the list for but was the precursor list for the WebAppSec WG 22:33:46 bhill2: next call will be skipped 22:33:48 -ekr 22:33:52 -dveditz 22:33:53 -erlend 22:33:55 - +1.415.832.aacc 22:33:55 -tgondrom 22:33:57 -??P10 22:33:57 -abresee 22:33:58 -mkwst 22:34:08 -bhill2 22:34:24 -gioma1 22:34:26 -dhuang3 22:34:27 SEC_WASWG()5:00PM has ended 22:34:27 Attendees were abresee, +1.408.320.aaaa, gioma1, +1.781.362.aabb, bhill2, dhuang3, gopal, tgondrom, erlend, +1.415.832.aacc, +1.650.214.aadd, mkwst, ekr, dveditz 22:35:10 rrsagent, make minutes 22:35:10 I have made the request to generate http://www.w3.org/2012/12/18-webappsec-minutes.html bhill2 22:35:15 rrsagent, set logs public visible 22:35:21 bhill2 has left #webappsec