<McCool> scribenick: elena
Michael: won't review the minutes from last meeting, will do them next time
McCool: let's review the issues and
open PRs
... we accepted two PRs last week: 90 and 91
https://github.com/w3c/wot-security/pull/90
https://github.com/w3c/wot-security/pull/91
McCool: let's discuss open issues for PR 90 and decide if they can be closed
looking at the changes in PR 90
McCool: changes are ok, but we need to create issues for each new editor note we got added
Elena: will do the changes
<Mizushima> https://github.com/w3c/wot-security/issues/71
Mizushima: issue 71 is not ready to be closed, we need to have security recommendations created first
sorry wrong nick poped up
McCool: issue 71 is not ready to be
closed, we need to have security
... issue 69 can be closed since Network adversary now covers
passive network attacker
... issue 68 also can be closed since configuration data is now
clarified in the document
... pr 92 wasn't updated yet
... next let's look at the issues
... new issue 114 by Zoltan
about the end of life signaling and potential security interactions
Elena: denial of service might be the only security implication
The actual issue is 93
https://github.com/w3c/wot-security/issues/93
zkis: the conclusion from scripting side is to do this via best effort TD change notifications
McCool: how do TD changes notifications events protected over network?
zkis: any observe messages can be spoofed
McCool: the actual security
protection depends on actual protocol binding being used
... concrete implementations will have to make sure that such
events are always authenticated
... I am still working on issues with regards to metadata
... issue 73 looks more like information giving than an issue
we need to cross reference this issue from security metadata PR
actually the issue is already mentioned in the examples
can leave open for now
McCool: issue 72 about identifiers and fingerprinting
we need to write a privacy sections
McCool: need to create a short privacy section with highlights on privacy threats and security recommendations
AR to elena to start on this section
McCool: issue 72 is also about
privacy risks, should go to the same section on privacy
... same as issue 70