21:59:02 <RRSAgent> RRSAgent has joined #webappsec
21:59:02 <RRSAgent> logging to http://www.w3.org/2013/12/17-webappsec-irc
21:59:10 <bhill2> zakim, this will be 92794
21:59:10 <Zakim> ok, bhill2; I see SEC_WASWG()5:00PM scheduled to start in 1 minute
21:59:50 <gopal> gopal has joined #webappsec
22:00:25 <bhill2> Meeting: WebAppSec Teleconference, 17 DEC 2013
22:00:30 <bhill2> Chair: bhill2
22:00:36 <bhill2> Agenda: http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0074.html
22:00:47 <grobinson|laptop> grobinson|laptop has joined #webappsec
22:00:55 <bhill2> Scribe: Peleus Uhley
22:00:59 <bhill2> Scribenick: puhley
22:01:13 <bhill2> zakim, who is here?
22:01:13 <Zakim> SEC_WASWG()5:00PM has not yet started, bhill2
22:01:14 <Zakim> On IRC I see grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:01:36 <bhill2> rrsagent, make minutes
22:01:36 <RRSAgent> I have made the request to generate http://www.w3.org/2013/12/17-webappsec-minutes.html bhill2
22:01:40 <bhill2> rrsagent, set logs public-visible
22:01:51 <bhill2> zakim, who is here?
22:01:51 <Zakim> SEC_WASWG()5:00PM has not yet started, bhill2
22:01:52 <Zakim> On IRC I see grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:02:14 <jww> jww has joined #webappsec
22:02:46 <bhill2> zakim, who is here?
22:02:46 <Zakim> SEC_WASWG()5:00PM has not yet started, bhill2
22:02:47 <Zakim> On IRC I see jww, grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:02:53 <bhill2> zakim, this is 92794
22:02:53 <Zakim> ok, bhill2; that matches SEC_WASWG()5:00PM
22:02:57 <Zakim> -??P6
22:03:00 <bhill2> zakim, what time is it?
22:03:01 <Zakim> I don't understand your question, bhill2.
22:03:11 <bhill2> zakim, who is here?
22:03:11 <Zakim> On the phone I see +1.415.832.aaaa, BHill, +1.503.712.aabb, +1.781.369.aacc, +1.415.736.aadd, Wendy, [Mozilla], ??P9
22:03:14 <Zakim> On IRC I see jww, grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:03:14 <Zakim> +??P6
22:03:25 <Zakim> +NeilM
22:03:28 <bhill2> zakim, aaaa is puhley
22:03:28 <Zakim> +puhley; got it
22:03:28 <gmaone> Zakim, ??P6 is gmaone
22:03:29 <Zakim> +gmaone; got it
22:03:37 <terri> zakim, aabb is terri
22:03:37 <Zakim> +terri; got it
22:03:41 <grobinson> [Mozilla] is grobinson
22:03:52 <bhill2> zakim, who is here?
22:03:52 <Zakim> On the phone I see puhley, BHill, terri, +1.781.369.aacc, +1.415.736.aadd, Wendy, [Mozilla], ??P9, gmaone, NeilM
22:03:52 <grobinson> (i'll add myself)
22:03:54 <Zakim> On IRC I see jww, grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:04:18 <grobinson> Zakim: [Mozilla] is grobinson
22:04:22 <bhill2> zakim, aacc is gopal
22:04:22 <Zakim> +gopal; got it
22:04:35 <wseltzer_> wseltzer_ has joined #webappsec
22:04:39 <bhill2> zakim, aadd is jww
22:04:39 <Zakim> +jww; got it
22:05:11 <bhill2> http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0074.html
22:05:45 <bhill2> TOPIC: Minutes approval
22:05:46 <bhill2> http://www.w3.org/2013/12/03-webappsec-minutes.html
22:05:57 <Zakim> + +1.404.406.aaee
22:06:07 <bhill2> minutes approved, no objection to unanimous approval
22:06:31 <freddyb> freddyb has joined #webappsec
22:06:45 <bhill2> zakim, aaee is danesh
22:06:45 <Zakim> +danesh; got it
22:06:56 <bhill2> TOPIC: Agenda bashing
22:07:15 <bhill2> TOPIC: News
22:07:56 <puhley> bhill2: CORS is moving to proposed recommendation. Encourage reps to comment on the spec and indicate support.
22:08:35 <puhley> bhill2: Hope for final recommendation status in January and February
22:08:40 <bhill2> TOPIC: Open actions in Tracker
22:08:47 <bhill2> https://www.w3.org/2011/webappsec/track/actions/open?sort=owner
22:09:42 <puhley> bhill2: Action 158 is complete
22:10:34 <bhill2> TOPIC: Sub-Resource Integrity
22:12:02 <freddyb> <-
22:12:17 <grobinson> hey freddyb :)
22:12:19 <puhley> bhill2: sub-resource integrity is part of our new charter. Editors recruited: Devdatta, Joel(jww), and Fredrick (freddyb)
22:12:41 <freddyb> puhley: Frederi_k_ please :-)
22:12:43 <freddyb> hi grobinson
22:12:57 <puhley> My apologies...
22:13:27 <freddyb> np
22:14:21 <bhill2> TOPIC: Hash/nonce source
22:14:29 <bhill2> http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0072.html
22:15:00 <puhley> bhill2: Good thread on the mailing lists regarding this topic
22:17:14 <puhley> Neil: Confusion over hashes only applying to inline scripts/event handlers, nonces applying to both inline scripts and external resources
22:19:45 <puhley> bhill2: Does whitelisting event handlers make sense? What about styles?
22:21:42 <puhley> bhill2: (Summarizing discussion) Supporting edge cases adds complexity that may not be worth effort when there is alternative methods for addressing the issue.
22:22:45 <puhley> bhill2: Neil will take action to reply to the list with summary of the discussion on the phone.
22:23:03 <bhill2> ACTION neilm to respond to list re: consensus that applying hash/nonce to inline handlers not desired as a 1.1 feature
22:23:03 <trackbot> Created ACTION-159 - Respond to list re: consensus that applying hash/nonce to inline handlers not desired as a 1.1 feature [on Neil Matatall - due 2013-12-24].
22:23:19 <bhill2> TOPIC: Cascading style-src onto font-src
22:23:23 <bhill2> http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0011.html
22:24:40 <puhley> bhill2: Should we apply style-src as an intermediary between font-src and default-src?
22:25:21 <bhill2> ACTION bhill2 to reply to jonas sicking on list re: cascade of style-src to font-src
22:25:21 <trackbot> Created ACTION-160 - Reply to jonas sicking on list re: cascade of style-src to font-src [on Brad Hill - due 2013-12-24].
22:25:36 <bhill2> TOPIC: UISecurity and frame-ancestors
22:25:39 <puhley> bhill2: Will remain at no action state since no one on the phone had a strong opinion on it
22:25:42 <bhill2> http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0073.html
22:26:43 <puhley> bhill2: Propose moving directives over into mainline of CSP 1.1
22:26:51 <bhill2> no objections to unanimous consent
22:27:20 <bhill2> ACTION bhill2 to abandon CfC on UISecurity to LCWD for now
22:27:21 <trackbot> Created ACTION-161 - Abandon cfc on uisecurity to lcwd for now [on Brad Hill - due 2013-12-24].
22:27:45 <puhley> bhill2: Next call will be skipped due to New Years Eve
22:28:02 <Zakim> -NeilM
22:28:05 <Zakim> -jww
22:28:06 <Zakim> -[Mozilla]
22:28:06 <Zakim> -gopal
22:28:07 <Zakim> -danesh
22:28:09 <bhill2> zakim, list attendees
22:28:09 <Zakim> As of this point the attendees have been +1.415.832.aaaa, BHill, +1.503.712.aabb, NeilM, +1.781.369.aacc, +1.415.736.aadd, Wendy, [Mozilla], puhley, gmaone, terri, gopal, jww,
22:28:12 <Zakim> ... +1.404.406.aaee, danesh
22:28:12 <Zakim> -??P9
22:28:13 <Zakim> -gmaone
22:28:14 <gopal> gopal has left #webappsec
22:28:15 <Zakim> -terri
22:28:30 <Zakim> -Wendy
22:28:39 <freddyb> the ??P9 might have been me
22:28:45 <Zakim> -puhley
22:28:51 <bhill2> zakim, ??P9 is freddyb
22:28:51 <Zakim> I already had ??P9 as ??P9, bhill2
22:29:05 <bhill2> rrsagent, make minutes
22:29:05 <RRSAgent> I have made the request to generate http://www.w3.org/2013/12/17-webappsec-minutes.html bhill2
22:29:11 <bhill2> rrasagent, set logs public-visible
22:29:41 <Zakim> -BHill
22:29:43 <Zakim> SEC_WASWG()5:00PM has ended
22:29:43 <Zakim> Attendees were +1.415.832.aaaa, BHill, +1.503.712.aabb, NeilM, +1.781.369.aacc, +1.415.736.aadd, Wendy, [Mozilla], puhley, gmaone, terri, gopal, jww, +1.404.406.aaee, danesh
22:29:59 <freddyb> freddyb has left #webappsec
22:31:28 <grobinson> grobinson has joined #webappsec
22:32:50 <terri_> terri_ has joined #webappsec
23:35:27 <grobinson> grobinson has joined #webappsec