SecurityEngineering/MeetingNotes/06-20-13
From MozillaWiki
Standing Agenda
- Q2 Goals Recap ( https://intranet.mozilla.org/2013Q2Goals#Security_Engineering )
- Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
- Suggest additions or changes to roadmaps
- Detailed discussion of features or outstanding issues as time permits
- Additional Items
- Upcoming events, OOO/travel, etc.
Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/06-06-13
Q2 Goals
- [ON TRACK] land the application reputation scanning tool bug 662819 (mmc)
- [DONE] Turn Mixed Content Blocking on in Aurora (tanvi)
- [ON TRACK] land classic cert validation replacement, off by default (bsmith) builds on all platforms, same revovation as classic, pending tests for edge case certtificates (certificate usages & chain building).
- [ON TRACK] land OCSP stapling support and tests (keeler)
- [ON TRACK] Revamp the MDN documentation of CSP and Mixed Content Blocker (imelven + tanvi)
- [ON TRACK] Develop & socialize plan (document containing steps, timeline, implementation & test plan) for getting sandboxing onto a desktop Firefox, probably Linux (imelven)
- [ON TRACK] Deploy pilot cookie study and publish results. (ddahl)
Agenda
- Ivan wants to say something before we start : better communication around what we're doing and links to bugs/feature pages etc that provide background etc. - follow people on bugzilla
- Rapid Q2 Goals Recap
- Platform meeting [ian] - Tuesdays 11am PST
- Training - please review the slides !
- Take a look at Agenda for next week (https://l33t.etherpad.mozilla.org/20 )
- e10s roadmap concerns
- more bugs:
- TLS Bugs: (gracefully degrade from TLS 1.1 -> TLS 1.0 -> SSL 3.0)
- DTLS Bug(s): (interesting 'cause it will force you to read the DTLS spec)
- JavaScript Crypto Bugs: (turns out the crypto in JS stuff is not that difficult to grok)
- NSS is sometimes not your friend Bugs (nss does weird things when shutting down)
