Meeting minutes
review open issue #276
<Vlad> scribenick Garret
Garret: makes sense, I initially left this a little vague.
Chris: you can use css fonts 4 which now includes the use of fetch as a reference.
<ChrisL> See https://
Garret: sounds good, I'll look at that and can draft some changes.
issue #275 defining what happens when url fails to parse.
Garret: I believe this is already addressed, but I'll double check and update the issue/spec as needed.
Chris: need to stop trying to extend the font in some failure cases.
Garret: yes, I believe we have language for this, but I'll double check.
issue #272 leaking exact content of an element.
<Vlad> related to review comment: w3ctag/
Chris: talked to author of the exploit and didn'tsee IFT as an issue.
Skef: have some questions about dynamic patch generation. If you have a server that can accept a dynamic patch how do you know it came from a valid patch map.
Garret: one way to solve this is to have the dynamic urls encrypted to make sure the hoster is the only one who can craft valid urls
Skef: I think we should have security guidance that the dynamic mappings should be deterministic.
Skef: is dynamic patching an exception?
Garret: yes, static patching is intended to be the main use case. The open source encoder will likely only do static.
Garret: agreed, we should add some text to the security section about the dynamic graphs being deterministic.
Garret: one additional change from that issue is we should make non invalidating patch fetch ordering deterministic (use patch map entry order).
Garret: will close issue 272 and open new issue for fetch ordering.
issue 267
Garret: have a plan for this one, just haven't had time to get to it yet.
issue 259 uri templates
Garret: will ping Anne and see if the op code approach is OK.
Garret: ift encoder updates - CFF/CFF2 support in client and server and demo, preload lists (for invalidating patches) added to encoder and client (not demo yet, but comingsoon)
Skef: want to say thanks from Adobe for getting CFF/CFF2 support and for harfbuzz. Recently we opened a harfbuzz issue and it got fixed very quickly which was really nice.
Vlad: for next call aim to be on June 10th, possible might need to postpone to 17th due to availability.
<ChrisL> Looks like some of the fetch stuff was moved to css-cascade-4
<ChrisL> https://