Agenda:

MozCamp EU

https://wiki.mozilla.org/MozCampEU2012
Warsaw Poland
September 8th-9th
Shooting for security track before or after the mozcamp (not in parallel)
- Still unclear what exactly this will look like
- Like a security/privacy add-on hackathon or mobile or similar kind of format
If you are thinking about doing a talk, be ready to submit when the request shows up

Q2 Goals Recap

Deliver B2G security model design
- Pretty solidly defined.
Scope & feasibility of low-right Firefox (sandboxing)
- Seems doable -- feasible!
Finalize plugin click-to-play and blocklisting design
- Implemented! Woo!
Update DNT implementation to conform to proposed W3C spec
- To the degree the spec is stable, there is an implementation for things the whole WG agrees upon.

Some ideas:

Implement permissions model for b2g
Achieve consensus on game plan or design or ship criteria for sandboxing project (ie what to do about addons)
Something around click to play
Something around mixed content ? (need input from Tanvi)
Ship CSP compliant with 1.0 (also helps B2G)
Lead security/privacy community event or workshop

process sandboxing - making progress, need to meet with addons/engineering folks to help finalize our plan
r+ on window.crypto.getRandomValues !!!!
iframe sandbox - still going
b2g security model - switching to packaged apps, zip file with manifest
- using app:// scheme
- tracking bug: https://bugzilla.mozilla.org/show_bug.cgi?id=764189
- need help on cookie/data jars if possible - co-ordinate with sicking
click to play - landed in INBOUND
- UX still ongoing, this is the last piece of being able to block plugins with click to play