SecurityEngineering/MeetingNotes/06-28-12

From MozillaWiki
Jump to: navigation, search

Goals

Goals rundown: we're doing pretty well with our Q2 goals !

Additional Items

  • mobile online authentication/payment support for boot 2 gecko.
    • are plugins allowed? no user installable plugins. some carriers may include plugins.
    • why do they need/use plugins? what do plugins by them that the browser can't do?
    • How can we move the banks off plugins onto something that's more portable?
  • csp meta tag and sandbox directive
    • sandbox directive in CSP 1.1 in a meta tag is disallowed due to spec language, but that might be a technicality
    • It is hard to get the two features to work together - dynamically changing the sandboxing of a document becomes very confusing
    • dveditz or tanvi will send mail to the working group about this to clarify whether the sandbox directive should be allowed in meta policy or not
  • DNT
    • sid was at the DNT working group meeting last week
    • discussions are intense and ongoing
    • afowler testified in front of the US Congress today [1]

Roadmaps

https://wiki.mozilla.org/Privacy/Roadmap/2012

  • opt in activation for plugins
    • Asa is going to talk to UX - we are blocked on UI from them
    • need review. who should we ask? blocklist stuff (mossop maybe) and UI stuff (jared)
  • Sign in to browser moving to P2
  • iframe sandbox
    • olli reviewing - then need jst or someone else to review. at risk for ff16, because merge coming up
    • need to figure out how to make the build faster !
  • Low-rights firefox
    • Working build of firefox.exe linked with the chrome sandbox library
    • now working on trying to spawn a target process in the sandbox
    • continuing to work on the POC
    • had a good conversation with Jesse about sandboxing in Servo
    • need to discuss next steps with Lucas when he is back
  • HSTS Preload List
    • pending feedback from Sid.