SecurityEngineering/MeetingNotes/01-03-13

From MozillaWiki
Jump to: navigation, search

Q1 Goals

Code:

  • LAND application reputation (almost done) (mmc)
  • land libpkix on by default (requires resolving many dependencies, bsmith + camilo)
    • todo: what is the impact to the user ?
  • land mixed content UI v1 (tanvi)
    • mixed content protection turned on by default in Nightly
    • protects users from mixed content and gives them control
  • land crypto.getRandomValues (finally) [desktop & mobile] (ddahl)
    • real entropy in JS, key building block for JS crypto
    • This should include B2G (e10s) design + hacking implementation

Evangelism:

  • csp 1.0 evangelism (including with OWASP) and MDN repairs (sid + ian)
    • clears up our messaging around CSP and helps developers use it

Research:

  • CID stuff: design and deploy test pilot cookie survey (mmc)

Get-Together Planning