IRC log of webappsec on 2013-12-17

Timestamps are in UTC.

21:59:02 [RRSAgent]: RRSAgent has joined #webappsec
21:59:02 [RRSAgent]: logging to http://www.w3.org/2013/12/17-webappsec-irc
21:59:10 [bhill2]: zakim, this will be 92794
21:59:10 [Zakim]: ok, bhill2; I see SEC_WASWG()5:00PM scheduled to start in 1 minute
21:59:50 [gopal]: gopal has joined #webappsec
22:00:25 [bhill2]: Meeting: WebAppSec Teleconference, 17 DEC 2013
22:00:30 [bhill2]: Chair: bhill2
22:00:36 [bhill2]: Agenda: http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0074.html
22:00:47 [grobinson|laptop]: grobinson|laptop has joined #webappsec
22:00:55 [bhill2]: Scribe: Peleus Uhley
22:00:59 [bhill2]: Scribenick: puhley
22:01:13 [bhill2]: zakim, who is here?
22:01:13 [Zakim]: SEC_WASWG()5:00PM has not yet started, bhill2
22:01:14 [Zakim]: On IRC I see grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:01:36 [bhill2]: rrsagent, make minutes
22:01:36 [RRSAgent]: I have made the request to generate http://www.w3.org/2013/12/17-webappsec-minutes.html bhill2
22:01:40 [bhill2]: rrsagent, set logs public-visible
22:01:51 [bhill2]: zakim, who is here?
22:01:51 [Zakim]: SEC_WASWG()5:00PM has not yet started, bhill2
22:01:52 [Zakim]: On IRC I see grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:02:14 [jww]: jww has joined #webappsec
22:02:46 [bhill2]: zakim, who is here?
22:02:46 [Zakim]: SEC_WASWG()5:00PM has not yet started, bhill2
22:02:47 [Zakim]: On IRC I see jww, grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:02:53 [bhill2]: zakim, this is 92794
22:02:53 [Zakim]: ok, bhill2; that matches SEC_WASWG()5:00PM
22:02:57 [Zakim]: -??P6
22:03:00 [bhill2]: zakim, what time is it?
22:03:01 [Zakim]: I don't understand your question, bhill2.
22:03:11 [bhill2]: zakim, who is here?
22:03:11 [Zakim]: On the phone I see +1.415.832.aaaa, BHill, +1.503.712.aabb, +1.781.369.aacc, +1.415.736.aadd, Wendy, [Mozilla], ??P9
22:03:14 [Zakim]: On IRC I see jww, grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:03:14 [Zakim]: +??P6
22:03:25 [Zakim]: +NeilM
22:03:28 [bhill2]: zakim, aaaa is puhley
22:03:28 [Zakim]: +puhley; got it
22:03:28 [gmaone]: Zakim, ??P6 is gmaone
22:03:29 [Zakim]: +gmaone; got it
22:03:37 [terri]: zakim, aabb is terri
22:03:37 [Zakim]: +terri; got it
22:03:41 [grobinson]: [Mozilla] is grobinson
22:03:52 [bhill2]: zakim, who is here?
22:03:52 [Zakim]: On the phone I see puhley, BHill, terri, +1.781.369.aacc, +1.415.736.aadd, Wendy, [Mozilla], ??P9, gmaone, NeilM
22:03:52 [grobinson]: (i'll add myself)
22:03:54 [Zakim]: On IRC I see jww, grobinson, gopal, RRSAgent, Zakim, puhley, bhill2, neilm, terri, gmaone, timeless, wseltzer, trackbot
22:04:18 [grobinson]: Zakim: [Mozilla] is grobinson
22:04:22 [bhill2]: zakim, aacc is gopal
22:04:22 [Zakim]: +gopal; got it
22:04:35 [wseltzer_]: wseltzer_ has joined #webappsec
22:04:39 [bhill2]: zakim, aadd is jww
22:04:39 [Zakim]: +jww; got it
22:05:11 [bhill2]: http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0074.html
22:05:45 [bhill2]: TOPIC: Minutes approval
22:05:46 [bhill2]: http://www.w3.org/2013/12/03-webappsec-minutes.html
22:05:57 [Zakim]: + +1.404.406.aaee
22:06:07 [bhill2]: minutes approved, no objection to unanimous approval
22:06:31 [freddyb]: freddyb has joined #webappsec
22:06:45 [bhill2]: zakim, aaee is danesh
22:06:45 [Zakim]: +danesh; got it
22:06:56 [bhill2]: TOPIC: Agenda bashing
22:07:15 [bhill2]: TOPIC: News
22:07:56 [puhley]: bhill2: CORS is moving to proposed recommendation. Encourage reps to comment on the spec and indicate support.
22:08:35 [puhley]: bhill2: Hope for final recommendation status in January and February
22:08:40 [bhill2]: TOPIC: Open actions in Tracker
22:08:47 [bhill2]: https://www.w3.org/2011/webappsec/track/actions/open?sort=owner
22:09:42 [puhley]: bhill2: Action 158 is complete
22:10:34 [bhill2]: TOPIC: Sub-Resource Integrity
22:12:02 [freddyb]: <-
22:12:17 [grobinson]: hey freddyb :)
22:12:19 [puhley]: bhill2: sub-resource integrity is part of our new charter. Editors recruited: Devdatta, Joel(jww), and Fredrick (freddyb)
22:12:41 [freddyb]: puhley: Frederi_k_ please :-)
22:12:43 [freddyb]: hi grobinson
22:12:57 [puhley]: My apologies...
22:13:27 [freddyb]: np
22:14:21 [bhill2]: TOPIC: Hash/nonce source
22:14:29 [bhill2]: http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0072.html
22:15:00 [puhley]: bhill2: Good thread on the mailing lists regarding this topic
22:17:14 [puhley]: Neil: Confusion over hashes only applying to inline scripts/event handlers, nonces applying to both inline scripts and external resources
22:19:45 [puhley]: bhill2: Does whitelisting event handlers make sense? What about styles?
22:21:42 [puhley]: bhill2: (Summarizing discussion) Supporting edge cases adds complexity that may not be worth effort when there is alternative methods for addressing the issue.
22:22:45 [puhley]: bhill2: Neil will take action to reply to the list with summary of the discussion on the phone.
22:23:03 [bhill2]: ACTION neilm to respond to list re: consensus that applying hash/nonce to inline handlers not desired as a 1.1 feature
22:23:03 [trackbot]: Created ACTION-159 - Respond to list re: consensus that applying hash/nonce to inline handlers not desired as a 1.1 feature [on Neil Matatall - due 2013-12-24].
22:23:19 [bhill2]: TOPIC: Cascading style-src onto font-src
22:23:23 [bhill2]: http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0011.html
22:24:40 [puhley]: bhill2: Should we apply style-src as an intermediary between font-src and default-src?
22:25:21 [bhill2]: ACTION bhill2 to reply to jonas sicking on list re: cascade of style-src to font-src
22:25:21 [trackbot]: Created ACTION-160 - Reply to jonas sicking on list re: cascade of style-src to font-src [on Brad Hill - due 2013-12-24].
22:25:36 [bhill2]: TOPIC: UISecurity and frame-ancestors
22:25:39 [puhley]: bhill2: Will remain at no action state since no one on the phone had a strong opinion on it
22:25:42 [bhill2]: http://lists.w3.org/Archives/Public/public-webappsec/2013Dec/0073.html
22:26:43 [puhley]: bhill2: Propose moving directives over into mainline of CSP 1.1
22:26:51 [bhill2]: no objections to unanimous consent
22:27:20 [bhill2]: ACTION bhill2 to abandon CfC on UISecurity to LCWD for now
22:27:21 [trackbot]: Created ACTION-161 - Abandon cfc on uisecurity to lcwd for now [on Brad Hill - due 2013-12-24].
22:27:45 [puhley]: bhill2: Next call will be skipped due to New Years Eve
22:28:02 [Zakim]: -NeilM
22:28:05 [Zakim]: -jww
22:28:06 [Zakim]: -[Mozilla]
22:28:06 [Zakim]: -gopal
22:28:07 [Zakim]: -danesh
22:28:09 [bhill2]: zakim, list attendees
22:28:09 [Zakim]: As of this point the attendees have been +1.415.832.aaaa, BHill, +1.503.712.aabb, NeilM, +1.781.369.aacc, +1.415.736.aadd, Wendy, [Mozilla], puhley, gmaone, terri, gopal, jww,
22:28:12 [Zakim]: ... +1.404.406.aaee, danesh
22:28:12 [Zakim]: -??P9
22:28:13 [Zakim]: -gmaone
22:28:14 [gopal]: gopal has left #webappsec
22:28:15 [Zakim]: -terri
22:28:30 [Zakim]: -Wendy
22:28:39 [freddyb]: the ??P9 might have been me
22:28:45 [Zakim]: -puhley
22:28:51 [bhill2]: zakim, ??P9 is freddyb
22:28:51 [Zakim]: I already had ??P9 as ??P9, bhill2
22:29:05 [bhill2]: rrsagent, make minutes
22:29:05 [RRSAgent]: I have made the request to generate http://www.w3.org/2013/12/17-webappsec-minutes.html bhill2
22:29:11 [bhill2]: rrasagent, set logs public-visible
22:29:41 [Zakim]: -BHill
22:29:43 [Zakim]: SEC_WASWG()5:00PM has ended
22:29:43 [Zakim]: Attendees were +1.415.832.aaaa, BHill, +1.503.712.aabb, NeilM, +1.781.369.aacc, +1.415.736.aadd, Wendy, [Mozilla], puhley, gmaone, terri, gopal, jww, +1.404.406.aaee, danesh
22:29:59 [freddyb]: freddyb has left #webappsec
22:31:28 [grobinson]: grobinson has joined #webappsec
22:32:50 [terri_]: terri_ has joined #webappsec
23:35:27 [grobinson]: grobinson has joined #webappsec