SecurityEngineering/MeetingNotes/05-21-12
From MozillaWiki
Standing Agenda
- Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
- Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
- Suggest additions or changes to roadmaps
- Detailed discussion of features or outstanding issues as time permits
- Upcoming events, OOO/travel, etc.
Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/05-17-12
Security Roadmap
- Identity - Needs ID team to name a lead to work with DDahl {Lucas+Sid to push}
- B2G/Apps - evangelizing the model to developers/community, starting to discuss privacy model
- iframe sandbox - all out for review except for 1 set of tests which need a bit of debugging, but are finished apart from that - targeting FF 16
- opt-in-activation for plugins - Security feature, and hence the UI needs to reflect that. Addons mini-work week in June where blocklist will be a topic.
- ca pinning - callbacks to NSS working. Permission Manager - need reviews to land. Found bugs in current behavior. the internal structure plan of the callback needs to be changed. Also there is no current agreement on the semantics and preconditions of the callback. There is a not very elegant hack into nss to store the callback info.
- low rights firefox - socializing internally; positive feedback. have been thinking about how to create poc and reading lots of chromium code, working on a poc now to take the chromium sandbox code from over here and push it over there into firefox.exe
- highlight cleartext passwords - need to do user research studies. mentioned to twitter, yahoo, and facebook folks, but not formally.
- https google search - landed.
- Mixed Content Blocker - bsterne is landing a patch that allows the frontend to determine whether mixed script or display content was detected on the page but not actually block anything - this can help with the identify block issues. Lucas and Tanvi are going to talk to Asa about actually blocking stuff.
Privacy Roadmap
- Shortened HTTP Referrer - Sid is working on nailing down the API design and hooks for this
- Multiple Cookie Jars - Same state as HTTP Referrer thing
- Third Party Cookies - started
- Support DNT Spec - Waiting for spec finalization
- Tracking Map - David Asher pushing collusion project in the foundation
Additional Items
- Marshall - welcome and projects
- Safe Browsing nuggets - Malware Reputation, Phishing Filter
- Blog post - please review by end of the week if possible
- Hiring