<mkwst> https://docs.google.com/document/d/1iMMGTxF40TnRwtL9L_pElgYx3mffIuJOj4t7Dhxo40c/edit#
mkwst: TPAC is coming!
... I've listed some topics of potential interest
... Agenda-bashing?
johnwilander: cookie proposal?
mkwst: added to the TPAC doc
mkwst: lots remains from last
year, with new problems!
... please add comments and thoughts to the doc
... Categories: things that are basically done
... Mixed content, aiming for PR around TPAC
... CfC got basically no response
... if no objections, we'll push forward
... Referrer Policy
... think we were waiting on a second implementation of CSS
aspect
... relating to stylesheets
... Secure Contexts
<dveditz> (sorry, heard 'csf' and couldn't grok the 'f')
mkwst: fairly robust interop
<dveditz> ('csRf'? stuck in my head)
mkwst: Upgrade Insecure
Requests
... think we need update re localhost, 127.0.0.1
... hope to get through that by TPAC
... Next, mostly-complete
... CSP3
... can we call it feature-complete at TPAC
... then do debugging?
... CSP Embedded Enforcement
... one implementation in chrome; spec needs work
... Clear Site Data, 2 implementations
... chrome and FF.
... make sure spec reflects feedback from implementers
... also talk with WHATWG re Storage
... Credential Management. stable implementation in
chrome
... starting to get framework implementations in other
browsers
... supporting webauthn
... todo: split document in 2 pieces: framework, and
passowrd/federated credential types
... split would let us move forward where agreement
... Next: work currently laying fallow
... SRI. recent interest but not much movement
... signature-based, other types
... Suborigins.
... is there actually interest?
... or explicitly punt?
... Next: new work we might want to adopt
... Origin Policy, Feature Policy, both starting to get
implmentations
... chrome; think I saw intent to implement from Moz
... Specrtre-mitigation
... CO(R/W)P, Sec-Metadata
... Trusted Types
... dveditz adds DOMPurify-type HTML sanitizer
dveditz: CORB?
mkwst: cross-origin read blocking
is in Fetch
... think they deserve more explanation than in algorithms in
Fetch
... and CORS
... worthwhile to spell out rationale
... while pointing to Fetch
... Things we might want to kill
... ckerschb__ adds require-sri-for
... chrome and FF have implementations
... Other interesting topics
johnwilander: Storage API has
shipped in Safari
... and Moz has intent to implement
mkwst: added to interesting topics
johnwilander: I won't be there in person
mkwst: we've made a speakerphone
request
... we'll work on putting things into an agenda, trying to
accommodate remote folks
dveditz: if you want to participate remotely, please let us know your interests
mkwst: dveditz and I will work on agenda
wseltzer: Dagstuhl seminar recap?
mkwst: maybe add that to TPAC agenda
johnwilander: the co-organizers
seem to be super busy, so I don't know when we'll have
write-up
... I can share notes from breakouts I attended
... cookie discussion (also have mkwst's proposal)
... and JS capability model + policy
mkwst: we'll look to put that on
end of day
... expect Mario and Freddy to have explainer for
sanitizer
... Are there any objections to moving Mixed Content Level 1 to
PR
RESOLUTION: move Mixed Content Level 1 to PR
mkwst: hearing no objections here or on the list
This is scribe.perl Revision: 1.153 of Date: 2018/09/19 14:40:21 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/p>/p?/ WARNING: Replacing previous Present list. (Old list: (no, one), weiler, pranjal, jeffh, iclelland, wseltzer, johnwilander, mkwst) Use 'Present+ ... ' if you meant to add people without replacing the list, such as: <dbooth> Present+ weiler, pranjal, jeffh, iclelland, wseltzer, johnwilander, mkwst WARNING: Replacing previous Present list. (Old list: weiler, pranjal, jeffh, iclelland, wseltzer, johnwilander, mkwst, ckerschb__, bhill2, dveditz, tanvi) Use 'Present+ ... ' if you meant to add people without replacing the list, such as: <dbooth> Present+ weiler, pranjal, jeffh, iclelland, wseltzer, johnwilander, mkwst, ckerschb__, bhill, dveditz, tanvi Present: weiler pranjal jeffh iclelland wseltzer johnwilander mkwst ckerschb__ bhill dveditz tanvi No ScribeNick specified. Guessing ScribeNick: wseltzer Inferring Scribes: wseltzer WARNING: No "Topic:" lines found. Agenda: https://lists.w3.org/Archives/Public/public-webappsec/2018Sep/0017.html WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Found Date: 19 Sep 2018 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]