SecurityEngineering/MeetingNotes/04-12-12

Review currently active (P1) features against their established milestones, identify any blockers - https://wiki.mozilla.org/Security/Roadmap + https://wiki.mozilla.org/Privacy/Roadmap
Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
Suggest additions or changes to roadmaps
Detailed discussion of features or outstanding issues as time permits
Upcoming events, OOO/travel, etc.

Click to Play -
- question of determining popular vs uncommon plugins.
- How do we know whether plugins that we don't know about are up to date?
- We need per domain permission persistence. (Right click; Site preferences/permission)
Iframe Sandbox - hope to get worker related changes done, along with tests and attribute change by next week's meeting and be in the review/feedback cycle by then
Process Sandbox - idea of what we want to come out of it. want to rework the high level threat model and update the feature page. List of sandbox options and what would need to change for each to work. - aiming to have something rough by end of April
CA Pinning
- Made two bugs. The exploration seems like this is not too dificult to implement (would be very similar to HSTS).
- The enhancement of permissions manager for this seems to have a green light. The actual use of these permissions on connection is still on design.
B2G App security model
- going through APIs.
- Guillaume and Paul documenting process/OS security.
Highlight Cleartext Passwords - exploration stage.
DOMCryptAPI & IdentityAPI

Q2 Goals Locked In: https://intranet.mozilla.org/2012Q2Goals#Security_Engineering
MozCamp - Camilo+Lucas: split 45minute talk.
gsoc
TPAC - w3c conference in October in Lyon, France.

Navigation menu