SecurityEngineering/MeetingNotes/12-13-12

From MozillaWiki
Jump to: navigation, search

Roadmap Roundup

  • TLS 1.1/1.2 enablement? Not trivial. Currently P3 on Firefox Desktop roadmap, should it be higher? bsmith: "Nothing is simple"
  • The roadmaps need an overhaul - possibly from a security product/program manager ?

DC recap

  • DOMCrypt stuff went well, other stuff did too

Research Papers

  • Security-group is not just Mozilla, how do we reconcile that with researchers who ask us not to distribute? Should we post papers on security bugs?
  • Probably best to show researchers the security-group membership list, and ask if it's okay.

Contextual Identity Plan

  • UR says no capacity til Q2
  • Lindsay and Cori from UR are interested, but non-committal
  • Test pilot keeps getting delayed
  • Need more support! Do it ourselves (for TP), or get more allies in better supported groups (UP, identity)
  • Upcoming work: cookie/social widgets metrics TP study in Q1 (DIY)

Top-Level wants (features)

  • Sid made a list of everyone's suggestions and will compare it to the roadmap

Firefox & Platform Team Sync Ups

  • Firefox status updates meeting -- they take minutes, tanvi not attending
  • Platform updates -- imelven gonna go (couldn't make it last week) - Tuesday at 11:00 am.