19:51:36 <RRSAgent> RRSAgent has joined #webappsec
19:51:36 <RRSAgent> logging to http://www.w3.org/2015/02/23-webappsec-irc
19:51:42 <Zakim> Zakim has joined #webappsec
19:51:50 <wseltzer> zakim, this may be WASWG
19:51:50 <Zakim> sorry, wseltzer, I do not understand your question
19:51:56 <wseltzer> zakim, this will be WASWG
19:51:57 <Zakim> ok, wseltzer; I see SEC_WASWG()3:00PM scheduled to start in 9 minutes
19:52:04 <bhill2> bhill2 has joined #webappsec
19:53:32 <drx> drx has joined #webappsec
19:54:00 <bhill2> bhill2 has changed the topic to: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0403.html
19:54:07 <bhill2> zakim, this will be WASWG
19:54:07 <Zakim> ok, bhill2; I see SEC_WASWG()3:00PM scheduled to start in 6 minutes
19:54:17 <bhill2> rrsagent, start logging
19:54:17 <RRSAgent> I'm logging. I don't understand 'start logging', bhill2.  Try /msg RRSAgent help
19:54:23 <bhill2> rrsagent make minutes
19:54:29 <bhill2> rrsagent, make minutes
19:54:29 <RRSAgent> I have made the request to generate http://www.w3.org/2015/02/23-webappsec-minutes.html bhill2
19:54:32 <bhill2> rrsagent, set logs world
19:54:46 <bhill2> Meeting: WebAppSec Teleconference, 23-Feb-2015
19:54:51 <bhill2> Chairs: Dan Veditz, Brad Hill
19:54:55 <bhill2> Agenda: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0403.html
19:55:00 <bhill2> Scribe: Brad Hill
19:55:05 <bhill2> scribenick: bhill2
19:55:33 <Zakim> SEC_WASWG()3:00PM has now started
19:55:40 <Zakim> + +1.503.712.aaaa
19:55:51 <Zakim> - +1.503.712.aaaa
19:55:52 <Zakim> SEC_WASWG()3:00PM has ended
19:55:52 <Zakim> Attendees were +1.503.712.aaaa
19:56:04 <bhill2> zakim, this will be WASWG
19:56:04 <Zakim> ok, bhill2; I see SEC_WASWG()3:00PM scheduled to start in 4 minutes
19:56:22 <Zakim> SEC_WASWG()3:00PM has now started
19:56:29 <Zakim> + +1.206.348.aaaa
19:56:35 <bhill2> zakim, aaaa is bhill2
19:56:35 <Zakim> +bhill2; got it
19:57:46 <tanvi> tanvi has joined #webappsec
19:57:56 <francois> francois has joined #webappsec
19:58:09 <Zakim> + +1.206.876.aabb
19:58:12 <Zakim> +mkwst
19:58:22 <gmaone> gmaone has joined #webappsec
19:58:25 <tanvi> mkwst: ping.  can http pages set upgrade-insecure-requests?  if so, then making it part of mixed makes less sense
19:58:37 <crispin_microsoft> crispin_microsoft has joined #webappsec
19:58:51 <Zakim> + +1.418.907.aacc
19:58:53 <mkwst> tanvi: Yes, as currently specced.
19:59:18 <mkwst> which is why it's called `upgrade-insecure-requests`, and not `upgrade-mixed-content`.
19:59:21 <Zakim> +[Microsoft]
19:59:25 <tanvi> mkwst: was there a resolution on whether it should be part of mixed or a separate spec?
19:59:35 <francois> zakim, aacc is francois
19:59:35 <Zakim> +francois; got it
19:59:43 <mkwst> tanvi: Welcome to the call on which I expect people to give their opinion about topics like that one!
19:59:49 <bhill2> :)
19:59:51 <mkwst> tanvi: Because no one uses the list anymore! :)
19:59:55 <tanvi> mkwst: okay great
20:00:01 <tanvi> i'm dialing in in a minute
20:00:02 <Zakim> + +1.503.712.aadd
20:00:11 <terri> Zakim, aadd is me
20:00:11 <Zakim> +terri; got it
20:00:24 <Zakim> + +1.831.246.aaee
20:00:32 <dveditz> Zakim, aaee is dveditz
20:00:32 <Zakim> +dveditz; got it
20:00:37 <Zakim> +Wendy
20:00:38 <jww> jww has joined #webappsec
20:01:03 <bhill2> zakim, who is here?
20:01:03 <Zakim> On the phone I see bhill2, +1.206.876.aabb, mkwst, francois, [Microsoft], terri, dveditz, Wendy
20:01:06 <Zakim> On IRC I see jww, crispin_microsoft, gmaone, francois, tanvi, drx, bhill2, Zakim, RRSAgent, dveditz, terri, wseltzer, boos, pde, timeless, mkwst, Josh_Soref, deian, tobie, edulix,
20:01:06 <Zakim> ... schuki, trackbot
20:01:17 <Zakim> + +1.646.821.aaff
20:01:22 <bhill2> who's on from Microsoft?
20:01:24 <deian> Zakim, aaff is deian
20:01:24 <Zakim> +deian; got it
20:01:28 <Zakim> + +1.415.736.aagg
20:01:36 <Zakim> + +1.310.597.aahh
20:01:42 <jww> Zakim, aagg is jww
20:01:42 <Zakim> +jww; got it
20:01:44 <tanvi> zakim, aahh is tanvi
20:01:44 <Zakim> +tanvi; got it
20:02:10 <wseltzer> zakim, who is on the phone?
20:02:10 <Zakim> On the phone I see bhill2, +1.206.876.aabb, mkwst, francois, [Microsoft], terri, dveditz, Wendy, deian, jww, tanvi
20:02:16 <Zakim> +??P9
20:02:30 <gmaone> Zakim, ??P9 is me
20:02:30 <Zakim> +gmaone; got it
20:02:45 <bhill2> zakim, Microsoft has crispin_microsoft
20:02:45 <Zakim> +crispin_microsoft; got it
20:02:51 <freddyb> freddyb has joined #webappsec
20:02:53 <bhill2> zakim, aabb is drx
20:02:53 <Zakim> +drx; got it
20:03:22 <Zakim> +??P13
20:03:24 <bhill2> TOPIC: Minutes Approval
20:03:31 <bhill2> (thanks, Dan!)
20:03:32 <freddyb> Zakim, I am ??P13
20:03:32 <Zakim> +freddyb; got it
20:03:38 <dveditz> http://www.w3.org/2011/webappsec/draft-minutes/2015-02-09-webappsec-minutes.html
20:03:55 <bhill2> dveditz: Any objections to unanimous consent to approve minutes?
20:04:08 <bhill2> ... hearing no objections, minutes adopted unanimously
20:04:15 <bhill2> TOPIC: Agenda Bashing
20:04:50 <bhill2> no agenda bashing
20:04:59 <bhill2> TOPIC:  Rechartering & Mozilla's formal objection
20:05:44 <bhill2> dveditz: webappsec chairs and wendy had a call with the TAG on the Powerful Features draft regarding Mozilla's objection
20:05:52 <bhill2> ... not all people from Mozilla were on the call, unfortunately
20:06:05 <bhill2> ... the TAG is interested in the concept behind the document
20:06:28 <bhill2> ... they have deferred to this WG to come up with a formal definition as opposed to a TAG finding
20:06:32 <bhill2> ... would like to see that happen
20:07:19 <Zakim> + +1.415.857.aaii
20:07:23 <bhill2> ... Powerful Features has 2 parts : defining what a sufficiently secure context is, and recommendations on how to tell if you are a powerful feature that should restrict itself to a secure context
20:07:45 <bhill2> ... the algorithm on secure context determiniation is non-conteroversial
20:07:48 <devd> devd has joined #webappsec
20:08:36 <bhill2> ... the objection is to whether there should be a description at all of how to make the determination whether a feature should be secure-only
20:08:50 <devd> I should be 415 426 something
20:08:55 <devd> but maybe I am 857
20:09:05 <devd> I joined like a minute before I got online on irc
20:09:08 <mkwst> bhill2: Conclusion was the TAG was willing to take on the document as a joint deliverable
20:09:14 <wseltzer> zakim, aaii is devd
20:09:14 <Zakim> +devd; got it
20:09:16 <bhill2> bhill2: where we came to, was TAG was willing to take this on as a joint deliverable
20:09:27 <Zakim> +[IPcaller]
20:09:30 <bhill2> ... with idea that description of when to apply would be non-normative
20:09:48 <tanvi> zakim, who's making noise?
20:09:59 <Zakim> tanvi, listening for 10 seconds I could not identify any sounds
20:10:03 <mkwst> tanvi: the airport behind Brad. :)
20:10:03 <dveditz> tanvi: it's brad, I'm leading because he's in a noisy place
20:10:11 <tanvi> ah okay
20:10:12 <JeffH> JeffH has joined #webappsec
20:10:19 <bhill2> ... and that controversy about application of the algorithm to a feature would be resolved by the TAG
20:10:27 <bhill2> ... as the elected body representing the W3C Membership
20:10:50 <bhill2> dveditz: other parts of the objection I think have been resolved
20:10:55 <bhill2> ... async decision process
20:10:59 <bhill2> ... COWL spec description
20:11:28 <bhill2> ... concerns whether it is implementable, but not an objection to spec or concept
20:11:35 <bhill2> ... if it can't be implemented, it won't move to Rec anyway
20:11:53 <bhill2> ... EPR and compatibility with linking
20:12:22 <bhill2> ... should be fine so long as final spec respects user wishes
20:12:32 <bhill2> drx: have heard this feedback, people are passionate about it
20:12:45 <bhill2> ... no immediate solution but we need to take into account as we develop the spec
20:12:50 <bhill2> .. and will be working on it
20:13:04 <JeffH> drx = ?
20:13:13 <bhill2> drx is David Ross (google)
20:13:17 <drx> yes
20:14:34 <bhill2> crispin: about my "privileged" name suggestion...
20:14:48 <bhill2> dveditz: powerful is a poor choice, we should think of a better word
20:15:44 <dveditz> bhill2: we have at least 2 people at Mozilla who object to include more than a few minor examples in the spec
20:16:04 <dveditz> ... and members of the TAG who want a more thorough fleshing out of why features should only be in a secure context
20:16:12 <dveditz> ... don't think we're going to divide the baby any further
20:16:40 <dveditz> ... this group needs to decide whether we have addressed Mozilla's objection as far as we want to and move forward to presenting the response to the director
20:17:00 <dveditz> ... or if we want to change the scope of the spec now
20:17:05 <dveditz> ... I'd like to resolve this now
20:17:17 <dveditz> mkwst: I'd like to move, unsurprisingly, that we continue.
20:17:31 <dveditz> ... the section strongly objected to is no longer normative
20:17:43 <dveditz> ... and I think we can come up with language people are happy with
20:17:56 <wseltzer> q+
20:17:56 <dveditz> bhill2: would love to hear from a few other people on the record. thx mike
20:18:13 <dveditz> ... with my hat as an individual I'd like to 2nd mike's point
20:18:13 <bhill2> bhill2: hat=individual, second mike's opinion
20:18:52 <dveditz> wseltzer: with my w3 team contact hat on we can go back to mozilla and ask if these changes satisfy their objection
20:19:27 <dveditz> ... and if they don't remove their objection we can bring it up for consideration by the director that this proceed notwithstanding their objection
20:19:41 <bhill2> +1, yes Mozilla has been helpful and reasonable, just a difference of opinion
20:19:51 <dveditz> ... I'd like to add publicly that Mozilla has been helpful in allowing the objection to be discussed openly, I don't think they are being obstructionist
20:20:13 <bhill2> dveditz: this is a helpful way forward, we have differing points of view whithin mozilla
20:20:37 <bhill2> ... so would be good to go back to David Baron, our AC rep to get a formal response and remove any sections of the objection that have been resolved
20:20:47 <bhill2> ... and get a reduced objection at least, or possibly remove it entirely
20:20:50 <wseltzer> action: Wseltzer to ask Mozilla AC rep about the current status of their charter objections
20:20:50 <trackbot> Created ACTION-214 - Ask mozilla ac rep about the current status of their charter objections [on Wendy Seltzer - due 2015-03-02].
20:20:58 <bhill2> ... please poke David on that
20:21:02 <bhill2> wseltzer: I will do that
20:21:19 <wseltzer> zakim, mute me
20:21:19 <Zakim> sorry, wseltzer, I do not know which phone connection belongs to you
20:21:23 <wseltzer> zakim, I am wendy
20:21:23 <Zakim> ok, wseltzer, I now associate you with Wendy
20:21:25 <wseltzer> zakim, mute me
20:21:25 <Zakim> Wendy should now be muted
20:21:43 <bhill2> I'm not aware of other open charter issues
20:21:53 <bhill2> TOPIC: FWPD of CSP Pinning
20:21:59 <bhill2> https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0003.html
20:22:23 <bhill2> mkwst: CSP Pinning spec is application of pinning concept to CSP
20:22:34 <bhill2> ... a certain policy should apply to every page on a host + subhosts
20:23:03 <bhill2> ... some people are interested, some people are not and don't think it's a good use of group's time
20:23:23 <bhill2> ... no real feedback, can take that as positive.  Is there consensus that this is enough?
20:23:25 <wseltzer> +1 I think it's useful
20:23:32 <bhill2> +1, I will also respond on list
20:23:58 <JeffH> you mean essentially an "includeSubDomains" directive for CSP ?
20:24:15 <mkwst> jeffh: https://w3c.github.io/webappsec/specs/csp-pinning/
20:25:40 <bhill2> mkwst: includeSubDomains is one part of the proposal
20:26:01 <JeffH> ok, I'll try to review it
20:26:09 <mkwst> jeffh: I'd appreciate it!
20:26:37 <bhill2> TOPIC: FPWD of Upgrade Insecure Resources
20:26:43 <bhill2> https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0207.html
20:26:48 <bhill2> +1 strongly support!
20:27:48 <bhill2> mkwst: Brian Smith thinks this should be part of Mixed Content spec, which explains the problem domain
20:28:01 <bhill2> ... I (mkwst) think that it is complex enough to be best served in its own document
20:28:24 <bhill2> devd: is disagreement about whether it should be its own spec?
20:28:36 <bhill2> mkwst: haven't seen any disagreement on concept
20:28:40 <bhill2> dveditz: I have elsewhere
20:29:17 <bhill2> devd: only automatically, or is there disagreement when there is explicit opt-in via header?
20:29:19 <JeffH> Also, i have feedback on w3c.github.io/webappsec/specs/mixedcontent/ to write up -- just editorial at this time
20:29:33 <bhill2> devd: don't think it matters where the spec should be, we should defer to the editor's preference
20:29:35 <mkwst> jeffh: that'd be great!
20:29:52 <bhill2> terri: in working with implementers, it is easier to give them one spec than several
20:30:23 <JeffH> this "multiple specs vs a single spec" is very common one in the spec-writing world.
20:30:37 <bhill2> mkwst: would be helpful to have an explainer document for all the specs this group has produced
20:30:37 <JeffH> "explainer doc" == "road map"
20:30:47 <bhill2> ... think it would be more useful than trying to combine everything
20:30:55 <bhill2> terri: I agree this would be useful
20:31:05 <bhill2> jeffh: often referred to as a road map document
20:32:01 <bhill2> I think the most important gate for a FPWD is that people want to move ahead with the concept (for IPR sake) and we can combine later if we need
20:32:06 <bhill2> but no need to delay for now
20:33:13 <bhill2> dveditz: that amounts to consensus to publish, then
20:33:28 <bhill2> TOPIC:  Mixed Content to CR
20:33:33 <bhill2> https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0295.html
20:33:39 <Zakim> -gmaone
20:34:10 <bhill2> deveditz: any issues open if we don't merge upgrade?
20:34:18 <Zakim> +??P9
20:34:35 <bhill2> mkwst: one open issue is TimBL's point, but I consider it closed as he has not responded, but may come up in transition process
20:34:41 <bhill2> ... 2nd question is what to do with fetch
20:34:44 <gmaone> Zakim, ??P9 is me
20:34:44 <Zakim> +gmaone; got it
20:35:04 <bhill2> ... see rsleevi's recent thread on a new fetch mode for media that bypasses mixed content checking
20:35:27 <bhill2> ... starting with a way to lock everything down is the right way to start
20:35:37 <bhill2> dveditz: any objections to publishing LCWD of Mixed Content?
20:35:58 <wseltzer> (and under the new process, it's not "Last Call")
20:36:08 <mkwst> (CR, not LCWD)
20:36:21 <mkwst> (We've been through last call)
20:36:24 <wseltzer> s/LCWD/CR/
20:36:25 <bhill2> s/LCWD/CR
20:36:39 <wseltzer> s/(and under the new process, it's not "Last Call")//
20:36:42 <bhill2> dveditz: hearing no objections, resolved to publish Mixed Content as Candidate Recommendation
20:36:43 <bhill2> yay!
20:36:57 <bhill2> zakim, who is making noise?
20:37:02 <JeffH> wseltzer: have a ptr to the "new process" ?
20:37:09 <Zakim> bhill2, listening for 10 seconds I heard sound from the following: dveditz (73%)
20:37:19 <wseltzer> JeffH, http://www.w3.org/2014/Process-20140801/
20:37:25 <JeffH> thjx
20:37:35 <dveditz> TOPIC: Fail open or closed on unknown algorithms
20:37:54 <bhill2> dveditz: do we have right people on call?
20:38:03 <francois> francois is here too
20:38:58 <francois> q?
20:39:00 <bhill2> bhill2: failing closed catches algorithm typos, etc.
20:39:08 <freddyb> q+
20:39:31 <bhill2> ... failing open allows new algorithms to be deployed before long tail of browsers that don't understand them go away completely
20:39:45 <bhill2> devd: SRI isn't protecting against typos, failing open is important for forward compat
20:40:02 <JeffH> actually, in reviewing various sources, the terms "fail open" and "fail closed" are used ambiguously and inconsistently, so need to be applied/used in a clearly-defined context
20:40:04 <bhill2> bhill2: we do support multiple algorithms?
20:40:17 <bhill2> devd: at scale, long tail is horrible...
20:40:37 <francois> i think the biggest issue is what do we do on an old SRI-enabled browser that encounters a "sha3-..." integrity attribute?
20:40:42 <freddyb> q-
20:40:55 <JeffH> in an electrical circuit context, fail open means that current doesn't flow.
20:41:27 <bhill2> jww: need to inform developers that their hash is not good, not sure spec is right place to do it
20:41:44 <bhill2> dveditz: don't want to say that spec should never fail closed
20:42:06 <wseltzer> q-
20:42:08 <bhill2> devd: if agree it is an informing a developer issue, not a security issue, spec shouldn't say how to inform devleoper
20:42:12 <wseltzer> q-
20:42:17 <wseltzer> ack wseltzer
20:42:18 <francois> q+
20:43:01 <dveditz> Zakim: who is in the speaker queue
20:43:02 <bhill2> francois: other case is if we fail closed we could get into a situation where a browser supports SRI but is older and it encounters an integrity attrib it doesn't know about
20:43:13 <bhill2> ... a really old browser that doesn't support SRI would work, but an old impl of SRI would fail
20:43:20 <dveditz> q?
20:43:45 <bhill2> whoever is talking, jeffh? we can't understand you at all
20:44:02 <JeffH> wasn't me
20:44:03 <freddyb> sorry that was me
20:44:18 <tanvi> freddyb: what did you say?
20:44:43 <freddyb> my connection is suddenly laggy
20:44:43 <freddyb> what I wanted to say: I lean towards agreeing with francois
20:44:44 <bhill2> sounds like everyone agrees on fail open, I'll withdraw my typo-related taking of the opposite side
20:44:47 <freddyb> we should encourage security imporvements (e.g. someone moving to SHA-3,4,5,.. :)), which fail-close may not.
20:45:21 <francois> just to be explicit, by "failing open" we mean "not blocking the load"
20:45:39 <freddyb> +1
20:46:04 <JeffH> "fail open" as being used in the context of SRI means, it seems, that the integrity check of the subresource in question is not successful ?
20:46:27 <freddyb> Content-type discussion was @ https://github.com/w3c/webappsec/issues/176
20:46:35 <JeffH> looks like francois and I have different understandings wrt "fail open" ?
20:46:43 <jww> We're specifically discussing "fail open" in the case that a hash algorithm is unknown/considered insecure
20:46:54 <jww> (not that the has value is incorrect)
20:46:57 <freddyb> freddyb has joined #webappsec
20:47:16 <freddyb> github issue about the content-type discussion is at https://github.com/w3c/webappsec/issues/176
20:49:46 <bhill2> bhill2: could we pass an argument to fetch to say treat as if no-sniff, even if server doesn't send
20:50:13 <dveditz> JeffH: what jww said, we're only talking about unknown (typo'd) algorithms. the author has said "ensure this hash" and the browser doesn't know how
20:50:29 <dveditz> not talking about cases where the browser knows how, the rest of the spec is clear on that
20:50:58 <bhill2> but say the server says "this is a gif" but doesn't set no-sniff, you should treat it only as a gif, never a jar
20:51:04 <francois> q+
20:51:05 <bhill2> I'm ok with leaving this out for v1
20:52:04 <bhill2> devd: fine with allowing it to be specified, but don't want to make it mandatory
20:52:37 <bhill2> freddy: currently if you specify a content-type as part of the attribute it will be enforced, if you don't include one then only the hash will be enforced and there will be a devtools warning
20:52:48 <bhill2> dveditz: thought we're not using ni:// url form
20:53:00 <freddyb> bhill2: s/freddy/francois/
20:53:12 <bhill2> francois: correct, there is another way to specify content-type in the new syntax
20:53:15 <bhill2> s/freddy/francois
20:53:17 <bhill2> (sorry!)
20:53:25 <JeffH> dveditz: thx
20:54:57 <bhill2> mkwst: deciding the grammar now is important to keep option to move towards cache semantics later
20:55:11 <bhill2> devditz: anyone think we should take it out, even if not mandatory?
20:55:40 <bhill2> I don't object to making it optional
20:56:01 <bhill2> right on time!
20:56:14 <bhill2> I need to get on a plane, thanks, Dan!
20:56:17 <dveditz> q?
20:56:23 <francois> q-
20:56:34 <bhill2> wendy - can you handle the end-of-meeting zakim / rrsagent stuff?
20:56:37 <Zakim> -drx
20:56:38 <Zakim> -[IPcaller]
20:56:38 <Zakim> -[Microsoft]
20:56:39 <Zakim> -jww
20:56:40 <Zakim> -devd
20:56:41 <Zakim> -francois
20:56:41 <Zakim> -mkwst
20:56:43 <Zakim> -gmaone
20:56:43 <Zakim> -freddyb
20:56:45 <Zakim> -tanvi
20:56:46 <Zakim> -bhill2
20:56:49 <Zakim> -terri
20:56:50 <Zakim> -Wendy
20:56:52 <Zakim> -dveditz
20:57:10 <wseltzer> trackbot, end teleconf
20:57:10 <trackbot> Zakim, list attendees
20:57:10 <Zakim> As of this point the attendees have been +1.206.348.aaaa, bhill2, +1.206.876.aabb, mkwst, +1.418.907.aacc, francois, +1.503.712.aadd, terri, +1.831.246.aaee, dveditz, Wendy,
20:57:14 <Zakim> ... +1.646.821.aaff, deian, +1.415.736.aagg, +1.310.597.aahh, jww, tanvi, gmaone, crispin_microsoft, drx, freddyb, +1.415.857.aaii, devd, [IPcaller]
20:57:18 <trackbot> RRSAgent, please draft minutes
20:57:18 <RRSAgent> I have made the request to generate http://www.w3.org/2015/02/23-webappsec-minutes.html trackbot
20:57:19 <trackbot> RRSAgent, bye
20:57:19 <RRSAgent> I see 1 open action item saved in http://www.w3.org/2015/02/23-webappsec-actions.rdf :
20:57:19 <RRSAgent> ACTION: Wseltzer to ask Mozilla AC rep about the current status of their charter objections [1]
20:57:19 <RRSAgent>   recorded in http://www.w3.org/2015/02/23-webappsec-irc#T20-20-50
20:58:14 <RRSAgent> RRSAgent has joined #webappsec
20:58:14 <RRSAgent> logging to http://www.w3.org/2015/02/23-webappsec-irc
20:58:18 <wseltzer> rrsagent, make logs public
21:15:51 <francois> francois has joined #webappsec
21:38:29 <wseltzer> rrsagent, draft minutes
21:38:29 <RRSAgent> I have made the request to generate http://www.w3.org/2015/02/23-webappsec-minutes.html wseltzer
21:38:32 <wseltzer> rrsagent, make logs public
21:42:30 <RRSAgent> RRSAgent has joined #webappsec
21:42:30 <RRSAgent> logging to http://www.w3.org/2015/02/23-webappsec-irc
21:42:35 <wseltzer> rrsagent, draft minutes
21:42:36 <RRSAgent> I have made the request to generate http://www.w3.org/2015/02/23-webappsec-minutes.html wseltzer
21:42:39 <wseltzer> rrsagent, make logs public
21:42:43 <wseltzer> rrsagent, pointer?
21:42:43 <RRSAgent> See http://www.w3.org/2015/02/23-webappsec-irc#T21-42-43
21:44:40 <wseltzer> s/I should be 415 426 something//
21:44:52 <wseltzer> s/but maybe I am 857//
21:45:03 <wseltzer> s/I joined like a minute before I got online on irc//
21:45:10 <wseltzer> rrsagent, draft minutes
21:45:10 <RRSAgent> I have made the request to generate http://www.w3.org/2015/02/23-webappsec-minutes.html wseltzer
21:47:46 <bhill2> bhill2 has joined #webappsec
22:54:00 <bhill2_> bhill2_ has joined #webappsec
23:03:38 <bhill2> bhill2 has joined #webappsec
23:27:20 <Zakim> Zakim has left #webappsec
23:57:42 <francois> francois has joined #webappsec