See also: IRC log
<bhill2> Scribe: Peleus Uhley
<bhill2> Scribenick: puhley
<grobinson> [Mozilla] is grobinson
<grobinson> (i'll add myself)
<grobinson> Zakim: [Mozilla] is grobinson
<bhill2> http://www.w3.org/2013/12/03-webappsec-minutes.html
<bhill2> minutes approved, no objection to unanimous approval
bhill2: CORS is moving to
proposed recommendation. Encourage reps to comment on the spec
and indicate support.
... Hope for final recommendation status in January and
February
<bhill2> https://www.w3.org/2011/webappsec/track/actions/open?sort=owner
bhill2: Action 158 is complete
<freddyb> <-
<grobinson> hey freddyb :)
bhill2: sub-resource integrity is part of our new charter. Editors recruited: Devdatta, Joel(jww), and Fredrick (freddyb)
<freddyb> puhley: Frederi_k_ please :-)
<freddyb> hi grobinson
My apologies...
<freddyb> np
bhill2: Good thread on the mailing lists regarding this topic
Neil: Confusion over hashes only applying to inline scripts/event handlers, nonces applying to both inline scripts and external resources
bhill2: Does whitelisting event
handlers make sense? What about styles?
... (Summarizing discussion) Supporting edge cases adds
complexity that may not be worth effort when there is
alternative methods for addressing the issue.
... Neil will take action to reply to the list with summary of
the discussion on the phone.
<bhill2> ACTION neilm to respond to list re: consensus that applying hash/nonce to inline handlers not desired as a 1.1 feature
<trackbot> Created ACTION-159 - Respond to list re: consensus that applying hash/nonce to inline handlers not desired as a 1.1 feature [on Neil Matatall - due 2013-12-24].
bhill2: Should we apply style-src as an intermediary between font-src and default-src?
<bhill2> ACTION bhill2 to reply to jonas sicking on list re: cascade of style-src to font-src
<trackbot> Created ACTION-160 - Reply to jonas sicking on list re: cascade of style-src to font-src [on Brad Hill - due 2013-12-24].
bhill2: Will remain at no action state since no one on the phone had a strong opinion on it
bhill2: Propose moving directives over into mainline of CSP 1.1
<bhill2> no objections to unanimous consent
<bhill2> ACTION bhill2 to abandon CfC on UISecurity to LCWD for now
<trackbot> Created ACTION-161 - Abandon cfc on uisecurity to lcwd for now [on Brad Hill - due 2013-12-24].
bhill2: Next call will be skipped due to New Years Eve
<freddyb> the ??P9 might have been me