Standing Agenda

• Q3 Goals Recap ( https://wiki.mozilla.org/SecurityEngineering/2013/Q3Goals#Q3_Goals )
• Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
• Suggest additions or changes to roadmaps
• Detailed discussion of features or outstanding issues as time permits
• Additional Items
• Upcoming events, OOO/travel, etc.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/08-08-13

Agenda 08-22-13

• Q3 Goals Recap
• Site security data storage in PSM: http://people.mozilla.com/~dkeeler/simplestorage.html
  • lets stop using the permission manager for HSTS
  • Read proposal and send keeler feedback
• Congrats new cookie module owner!
• Web Console Security Messages Blog Post: https://etherpad.mozilla.org/Yhevr8zflo
• Web Console Security pane & Net pane discussion take 2

(net pane picture: ) Edge cases that would cause inconsistency listed here: https://bugzilla.mozilla.org/show_bug.cgi?id=875456#c37

Q3 Goals

• [ON TRACK] Finish first phase of Sandboxing
  • Outcome: seccomp in e10s/Larch or on nightly + clear roadmap
  • DRI: Sid
  • Tasks:
    • Consult : E10S contributions to make it reasonably usable in nightly. (without extensions/plugins) assign: ALL as appropriate
    • Implement : [NEW] Fix window.crypto to work in E10S}
    • Implement : [NEW] Fix CSP tests to work in E10S garrett + sid
    • Implement : [AT RISK] land seccomp for Linux (min bar for sandboxing) keeler - part of an old patch for bug 790923
    • Research : [NEW] Prioritize secomp tightening steps, begin executing it sid
    • Research : [NEW] Create story/plan for addon compatibility monica
• [ON TRACK] Cookie Clearinghouse
  • Outcome: Identify feasibility and nail down spec
  • DRI: Monica
  • Tasks:
    • Implement : [NEW] spec out and make go/nogo decision on implementation
    • Consult : [NEW] drive Stanford effort to stable spec
• [AT RISK] Implement alternative revocation checking mechanisms
  • Outcome: must-staple + pinning + insanity on by default in nightly
  • DRI: Camilo
  • Tasks:
    • Implement : [AT RISK] Enable insanity::pkix validation by default on nightly
    • Implement : [NEW] Land key pinning
    • Implement : [NEW] Land must-staple support
• [ON TRACK] SafeBrowsing 2.0
  • Outcome: App reputation whitelist on by default in nightly
  • DRI: Monica
  • Tasks:
    • Implement : [NEW] Land app reputation system with whitelist support