Q4 Goals Recap
Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
Suggest additions or changes to roadmaps
Detailed discussion of features or outstanding issues as time permits
Additional Items
Upcoming events, OOO/travel, etc.

Q4 Goals

Roundtable

Working on list of and tests for protocol handlers that should be accepted on HTTPS pages (things that don't cause mix content warnings/blockings)

c2p - worked out what we're gonna block, couple of follow ups, but nothing huge
- bug for permissions thing (bug 746374)
- Info page on why each thing is blocked -- already info in the question mark in c2p UI
- For certain plugin overlays (e.g. blocked, unsupported, etc.), there is a question mark you can click - we just have to hook this up to c2p overlays)
next up: working on certificate blocklisting

Working on updating mozilla CA certificate policy around intermediate certificates
- http://www.mozilla.org/projects/security/certs/policy/WorkInProgress/InclusionPolicy.html
- unconstrained/unaudited subordinates need better control, getting close
OCSP stapling is making progress (in NSS)
TLS 1.1 is in NSS 3.14 - https://wiki.mozilla.org/TLS_1.1_/_1.2_Support
- TLS 1.2 is not being worked on yet.

talks in Indiana.
- CSP to academic researchers
- Privacy/Data collection and what tools you can use to protect yourself.

while working on refactoring code, wanted to break APIs and checked to see what types of extensions use the APIs.
Things add-ons are doing to hook in the cert validation/exception APIs:
- rewriting the cert error page (by detecting if the current URL is the cert error page)
- nsICertOverrideService -- adding exceptions
  - used bluntly to solve a problem with a cert and not always appropriately
  - many add permanent exceptions, but these persist after the add-on is removed which is weird