IRC log of webappsec on 2013-12-17

Timestamps are in UTC.

21:59:02 [RRSAgent]
RRSAgent has joined #webappsec
21:59:02 [RRSAgent]
logging to http://www.w3.org/2013/12/17-webappsec-irc
21:59:10 [bhill2]
zakim, this will be 92794
21:59:10 [Zakim]
ok, bhill2; I see SEC_WASWG()5:00PM scheduled to start in 1 minute
21:59:50 [gopal]
gopal has joined #webappsec
22:00:25 [bhill2]
Meeting: WebAppSec Teleconference, 17 DEC 2013
22:00:30 [bhill2]
Chair: bhill2
22:00:36 [bhill2]
Agenda: http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0074.html
22:00:47 [grobinson|laptop]
grobinson|laptop has joined #webappsec
22:00:55 [bhill2]
Scribe: Peleus Uhley
22:00:59 [bhill2]
Scribenick: puhley
22:01:13 [bhill2]
zakim, who is here?
22:01:13 [Zakim]
SEC_WASWG()5:00PM has not yet started, bhill2
22:01:14 [Zakim]
On IRC I see grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:01:36 [bhill2]
rrsagent, make minutes
22:01:36 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/12/17-webappsec-minutes.html bhill2
22:01:40 [bhill2]
rrsagent, set logs public-visible
22:01:51 [bhill2]
zakim, who is here?
22:01:51 [Zakim]
SEC_WASWG()5:00PM has not yet started, bhill2
22:01:52 [Zakim]
On IRC I see grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:02:14 [jww]
jww has joined #webappsec
22:02:46 [bhill2]
zakim, who is here?
22:02:46 [Zakim]
SEC_WASWG()5:00PM has not yet started, bhill2
22:02:47 [Zakim]
On IRC I see jww, grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:02:53 [bhill2]
zakim, this is 92794
22:02:53 [Zakim]
ok, bhill2; that matches SEC_WASWG()5:00PM
22:02:57 [Zakim]
-??P6
22:03:00 [bhill2]
zakim, what time is it?
22:03:01 [Zakim]
I don't understand your question, bhill2.
22:03:11 [bhill2]
zakim, who is here?
22:03:11 [Zakim]
On the phone I see +1.415.832.aaaa, BHill, +1.503.712.aabb, +1.781.369.aacc, +1.415.736.aadd, Wendy, [Mozilla], ??P9
22:03:14 [Zakim]
On IRC I see jww, grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:03:14 [Zakim]
+??P6
22:03:25 [Zakim]
+NeilM
22:03:28 [bhill2]
zakim, aaaa is puhley
22:03:28 [Zakim]
+puhley; got it
22:03:28 [gmaone]
Zakim, ??P6 is gmaone
22:03:29 [Zakim]
+gmaone; got it
22:03:37 [terri]
zakim, aabb is terri
22:03:37 [Zakim]
+terri; got it
22:03:41 [grobinson]
[Mozilla] is grobinson
22:03:52 [bhill2]
zakim, who is here?
22:03:52 [Zakim]
On the phone I see puhley, BHill, terri, +1.781.369.aacc, +1.415.736.aadd, Wendy, [Mozilla], ??P9, gmaone, NeilM
22:03:52 [grobinson]
(i'll add myself)
22:03:54 [Zakim]
On IRC I see jww, grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:04:18 [grobinson]
Zakim: [Mozilla] is grobinson
22:04:22 [bhill2]
zakim, aacc is gopal
22:04:22 [Zakim]
+gopal; got it
22:04:35 [wseltzer_]
wseltzer_ has joined #webappsec
22:04:39 [bhill2]
zakim, aadd is jww
22:04:39 [Zakim]
+jww; got it
22:05:11 [bhill2]
http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0074.html
22:05:45 [bhill2]
TOPIC: Minutes approval
22:05:46 [bhill2]
http://www.w3.org/2013/12/03-webappsec-minutes.html
22:05:57 [Zakim]
+ +1.404.406.aaee
22:06:07 [bhill2]
minutes approved, no objection to unanimous approval
22:06:31 [freddyb]
freddyb has joined #webappsec
22:06:45 [bhill2]
zakim, aaee is danesh
22:06:45 [Zakim]
+danesh; got it
22:06:56 [bhill2]
TOPIC: Agenda bashing
22:07:15 [bhill2]
TOPIC: News
22:07:56 [puhley]
bhill2: CORS is moving to proposed recommendation. Encourage reps to comment on the spec and indicate support.
22:08:35 [puhley]
bhill2: Hope for final recommendation status in January and February
22:08:40 [bhill2]
TOPIC: Open actions in Tracker
22:08:47 [bhill2]
https://www.w3.org/2011/webappsec/track/actions/open?sort=owner
22:09:42 [puhley]
bhill2: Action 158 is complete
22:10:34 [bhill2]
TOPIC: Sub-Resource Integrity
22:12:02 [freddyb]
<-
22:12:17 [grobinson]
hey freddyb :)
22:12:19 [puhley]
bhill2: sub-resource integrity is part of our new charter. Editors recruited: Devdatta, Joel(jww), and Fredrick (freddyb)
22:12:41 [freddyb]
puhley: Frederi_k_ please :-)
22:12:43 [freddyb]
hi grobinson
22:12:57 [puhley]
My apologies...
22:13:27 [freddyb]
np
22:14:21 [bhill2]
TOPIC: Hash/nonce source
22:14:29 [bhill2]
http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0072.html
22:15:00 [puhley]
bhill2: Good thread on the mailing lists regarding this topic
22:17:14 [puhley]
Neil: Confusion over hashes only applying to inline scripts/event handlers, nonces applying to both inline scripts and external resources
22:19:45 [puhley]
bhill2: Does whitelisting event handlers make sense? What about styles?
22:21:42 [puhley]
bhill2: (Summarizing discussion) Supporting edge cases adds complexity that may not be worth effort when there is alternative methods for addressing the issue.
22:22:45 [puhley]
bhill2: Neil will take action to reply to the list with summary of the discussion on the phone.
22:23:03 [bhill2]
ACTION neilm to respond to list re: consensus that applying hash/nonce to inline handlers not desired as a 1.1 feature
22:23:03 [trackbot]
Created ACTION-159 - Respond to list re: consensus that applying hash/nonce to inline handlers not desired as a 1.1 feature [on Neil Matatall - due 2013-12-24].
22:23:19 [bhill2]
TOPIC: Cascading style-src onto font-src
22:23:23 [bhill2]
http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0011.html
22:24:40 [puhley]
bhill2: Should we apply style-src as an intermediary between font-src and default-src?
22:25:21 [bhill2]
ACTION bhill2 to reply to jonas sicking on list re: cascade of style-src to font-src
22:25:21 [trackbot]
Created ACTION-160 - Reply to jonas sicking on list re: cascade of style-src to font-src [on Brad Hill - due 2013-12-24].
22:25:36 [bhill2]
TOPIC: UISecurity and frame-ancestors
22:25:39 [puhley]
bhill2: Will remain at no action state since no one on the phone had a strong opinion on it
22:25:42 [bhill2]
http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0073.html
22:26:43 [puhley]
bhill2: Propose moving directives over into mainline of CSP 1.1
22:26:51 [bhill2]
no objections to unanimous consent
22:27:20 [bhill2]
ACTION bhill2 to abandon CfC on UISecurity to LCWD for now
22:27:21 [trackbot]
Created ACTION-161 - Abandon cfc on uisecurity to lcwd for now [on Brad Hill - due 2013-12-24].
22:27:45 [puhley]
bhill2: Next call will be skipped due to New Years Eve
22:28:02 [Zakim]
-NeilM
22:28:05 [Zakim]
-jww
22:28:06 [Zakim]
-[Mozilla]
22:28:06 [Zakim]
-gopal
22:28:07 [Zakim]
-danesh
22:28:09 [bhill2]
zakim, list attendees
22:28:09 [Zakim]
As of this point the attendees have been +1.415.832.aaaa, BHill, +1.503.712.aabb, NeilM, +1.781.369.aacc, +1.415.736.aadd, Wendy, [Mozilla], puhley, gmaone, terri, gopal, jww,
22:28:12 [Zakim]
... +1.404.406.aaee, danesh
22:28:12 [Zakim]
-??P9
22:28:13 [Zakim]
-gmaone
22:28:14 [gopal]
gopal has left #webappsec
22:28:15 [Zakim]
-terri
22:28:30 [Zakim]
-Wendy
22:28:39 [freddyb]
the ??P9 might have been me
22:28:45 [Zakim]
-puhley
22:28:51 [bhill2]
zakim, ??P9 is freddyb
22:28:51 [Zakim]
I already had ??P9 as ??P9, bhill2
22:29:05 [bhill2]
rrsagent, make minutes
22:29:05 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/12/17-webappsec-minutes.html bhill2
22:29:11 [bhill2]
rrasagent, set logs public-visible
22:29:41 [Zakim]
-BHill
22:29:43 [Zakim]
SEC_WASWG()5:00PM has ended
22:29:43 [Zakim]
Attendees were +1.415.832.aaaa, BHill, +1.503.712.aabb, NeilM, +1.781.369.aacc, +1.415.736.aadd, Wendy, [Mozilla], puhley, gmaone, terri, gopal, jww, +1.404.406.aaee, danesh
22:29:59 [freddyb]
freddyb has left #webappsec
22:31:28 [grobinson]
grobinson has joined #webappsec
22:32:50 [terri_]
terri_ has joined #webappsec
23:35:27 [grobinson]
grobinson has joined #webappsec