Q2 Goals

• [ON TRACK] land the application reputation scanning tool bug 662819 (mmc)
• [DONE] Turn Mixed Content Blocking on in Aurora (tanvi)
• [ON TRACK] land classic cert validation replacement, off by default (bsmith) builds on all platforms, same revovation as classic, pending tests for edge case certtificates (certificate usages & chain building).
• [ON TRACK] land OCSP stapling support and tests (keeler)
• [ON TRACK] Revamp the MDN documentation of CSP and Mixed Content Blocker (imelven + tanvi)
• [ON TRACK] Develop & socialize plan (document containing steps, timeline, implementation & test plan) for getting sandboxing onto a desktop Firefox, probably Linux (imelven)
• [ON TRACK] Deploy pilot cookie study and publish results. (ddahl)

Agenda

• Q2 Goals - recap
• Blushproof - USE IT: https://github.com/mozilla/blushproof/blob/master/blushproof.xpi
  • Tell us (keeler/mmc) about sites you visit that need to be added to the list.
  • It will report back automatically with counts of events (encountered embarrasing sites, etc.)
  • If you've already installed an earlier version, you will need to manually update to the latest one
• Get-together logistics
  • Tuesday/Wednesday 18-19 June in MV office, Thursday in SF
  • certificate error reporting meetup with EFF (On Thursday the 20th in SF)
• keychain (paul) - thanks!
  • Is decodering what the password mngr is built on?
    • instead of making specific b2g-api wrapped around d ring.
  • Any thoughts on domcrypt performance on low end mobiles?
  • do we need something wrapped around domcrypt so devs dont fudge the bucket?
  • FYI also pursuing whole disk encryption, keystore via trust zones being the initial contender (partner may help with this)
• Q3 Goal planning: https://etherpad.mozilla.org/5U6drjJ940
  • Homework: Look at this wiki page: https://wiki.mozilla.org/SecurityEngineering/2013 If you disagree, propose edits/changes in the Discussion page.