Gerv Status 2009-09-18

Status for week ending 2009-09-18. Highlights:

  • Bugzilla HTTP API work going well – can get buglists, bugs and history, get and add comments, and there is initial support for modifying bugs. Can also get lists of and individual users. JSON or XML.
  • Discussed adapting the proposed “ensure HTTPS” HTTP header to allow it to specify that there should be no change to the CA which issues the certificate; the aim is to partition the trusted CA space for added security.

2 thoughts on “Gerv Status 2009-09-18

  1. OK, assuming the “ensure HTTPS” HTTP header is the same as Strict Transport Security (STS), then I’ve managed to find some information here:

    http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/1148.html

    To aid people as terminologically-confused as me, I’ll mention that STS is based on Jackson and Barth’s ForceHTTPS specification (ForceHTTPS is also the name of Firefox extension that implements a prototype of the specification). Another (older?) derivative of the ForceHTTPS specification is ForceTLS by Mozilla’s Sid Stamm (it’s implemented in a Firefox extension called Force-TLS; future versions of the Force-TLS extension will implement STS).