SecurityEngineering/MeetingNotes/08-15-13
From MozillaWiki
Agenda 08-15-13
- Q3 Goals Recap
- Summit sessions: https://etherpad.mozilla.org/summit-platform-proposals
- How's the review feedbacking going?
- Safebrowsing cookie segregation blog post
- Bug reviews - https://bugzilla.mozilla.org/buglist.cgi?cmdtype=dorem&remaction=run&namedcmd=seceng%20waiting%20for%20reviews&sharer_id=339203&list_id=7639423
Q3 Goals
- [ON TRACK] Finish first phase of Sandboxing
- Outcome: seccomp in e10s/Larch or on nightly + clear roadmap
- DRI: Sid
- Tasks:
- Consult : E10S contributions to make it reasonably usable in nightly. (without extensions/plugins)
- Implement : [NEW] Fix window.crypto to work in E10S
- Implement : [NEW] Fix CSP tests to work in E10S
- Implement : [NEW] land seccomp for Linux (min bar for sandboxing)
- Research : [NEW] Prioritize secomp tightening steps, begin executing it
- Research : [NEW] Create story/plan for addon compatibility
- [ON TRACK] Cookie Clearinghouse
- Outcome: Identify feasibility and nail down spec
- DRI: Monica
- Tasks:
- Implement : [NEW] spec out and make go/nogo decision on implementation
- Consult : [NEW] drive Stanford effort to stable spec
- [AT RISK] Implement alternative revocation checking mechanisms
- Outcome: must-staple + pinning + insanity on by default in nightly
- DRI: Camilo
- Tasks:
- Implement : [AT RISK] Enable insanity::pkix validation by default on nightly
- Implement : [NEW] Land key pinning
- Implement : [NEW] Land must-staple support
- [ON TRACK] SafeBrowsing 2.0
- Outcome: App reputation whitelist on by default in nightly
- DRI: Monica
- Tasks:
- Implement : [NEW] Land app reputation system with whitelist support