SecurityEngineering/MeetingNotes/06-20-13: Difference between revisions
Jump to navigation
Jump to search
(→Agenda) |
|||
| Line 30: | Line 30: | ||
* Training - please review the slides ! | * Training - please review the slides ! | ||
* Take a look at Agenda for next week (https://l33t.etherpad.mozilla.org/20 ) | * Take a look at Agenda for next week (https://l33t.etherpad.mozilla.org/20 ) | ||
* | * e10s roadmap concerns | ||
more bugs: | * more bugs: | ||
TLS Bugs: (gracefully degrade from TLS 1.1 -> TLS 1.0 -> SSL 3.0) | ** TLS Bugs: (gracefully degrade from TLS 1.1 -> TLS 1.0 -> SSL 3.0) | ||
https://bugzilla.mozilla.org/show_bug.cgi?id=733647 | *** https://bugzilla.mozilla.org/show_bug.cgi?id=733647 | ||
https://bugzilla.mozilla.org/show_bug.cgi?id=839310 | *** https://bugzilla.mozilla.org/show_bug.cgi?id=839310 | ||
DTLS Bug(s): (interesting 'cause it will force you to read the DTLS spec) | ** DTLS Bug(s): (interesting 'cause it will force you to read the DTLS spec) | ||
https://bugzilla.mozilla.org/show_bug.cgi?id=882310 | *** https://bugzilla.mozilla.org/show_bug.cgi?id=882310 | ||
JavaScript Crypto Bugs: (turns out the crypto in JS stuff is not that difficult to grok) | ** JavaScript Crypto Bugs: (turns out the crypto in JS stuff is not that difficult to grok) | ||
https://bugzilla.mozilla.org/show_bug.cgi?id=849553 | *** https://bugzilla.mozilla.org/show_bug.cgi?id=849553 | ||
NSS is sometimes not your friend Bugs (nss does weird things when shutting down) | ** NSS is sometimes not your friend Bugs (nss does weird things when shutting down) | ||
https://bugzilla.mozilla.org/show_bug.cgi?id=675260 | *** https://bugzilla.mozilla.org/show_bug.cgi?id=675260 | ||
https://bugzilla.mozilla.org/show_bug.cgi?id=700499 | *** https://bugzilla.mozilla.org/show_bug.cgi?id=700499 | ||
https://bugzilla.mozilla.org/show_bug.cgi?id=700499 | *** https://bugzilla.mozilla.org/show_bug.cgi?id=700499 | ||
Latest revision as of 21:13, 27 June 2013
Standing Agenda
- Q2 Goals Recap ( https://intranet.mozilla.org/2013Q2Goals#Security_Engineering )
- Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
- Suggest additions or changes to roadmaps
- Detailed discussion of features or outstanding issues as time permits
- Additional Items
- Upcoming events, OOO/travel, etc.
Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/06-06-13
Q2 Goals
- [ON TRACK] land the application reputation scanning tool bug 662819 (mmc)
- [DONE] Turn Mixed Content Blocking on in Aurora (tanvi)
- [ON TRACK] land classic cert validation replacement, off by default (bsmith) builds on all platforms, same revovation as classic, pending tests for edge case certtificates (certificate usages & chain building).
- [ON TRACK] land OCSP stapling support and tests (keeler)
- [ON TRACK] Revamp the MDN documentation of CSP and Mixed Content Blocker (imelven + tanvi)
- [ON TRACK] Develop & socialize plan (document containing steps, timeline, implementation & test plan) for getting sandboxing onto a desktop Firefox, probably Linux (imelven)
- [ON TRACK] Deploy pilot cookie study and publish results. (ddahl)
Agenda
- Ivan wants to say something before we start : better communication around what we're doing and links to bugs/feature pages etc that provide background etc. - follow people on bugzilla
- Rapid Q2 Goals Recap
- Platform meeting [ian] - Tuesdays 11am PST
- Training - please review the slides !
- Take a look at Agenda for next week (https://l33t.etherpad.mozilla.org/20 )
- e10s roadmap concerns
- more bugs:
- TLS Bugs: (gracefully degrade from TLS 1.1 -> TLS 1.0 -> SSL 3.0)
- DTLS Bug(s): (interesting 'cause it will force you to read the DTLS spec)
- JavaScript Crypto Bugs: (turns out the crypto in JS stuff is not that difficult to grok)
- NSS is sometimes not your friend Bugs (nss does weird things when shutting down)