Weekly Status 2007-02-09

Now I’ve started spending a lot more time working on Mozilla things, I’ve started doing a weekly status report for Frank. I’m also going to post it here (well, most of it :-) in case it’s of interest.

This Week

  • Continued to knock the list of outstanding CA applications into shape
  • Started a discussion on whether we should admit “regional CAs”
  • Got on top of my mail backlog, and started to knock off a few longer term mini-projects
  • Tried to do some textual analysis on the contents of the mozilla.feedback newsgroup (from Hendrix)
  • Found some people to maintain the Effective TLD list
  • Worked on b.m.o. security group reorganisation proposal (discussion in mozilla.dev.security)
  • Tried out Passpet Firefox extension; couldn’t get it working
  • Participated in EV discussions in mozilla.dev.security
  • Submitted proposal to talk at OSCON – “Beyond the Lock: Browser Security UI For The Distracted”, in cooperation with Mike Beltzner

Next Week

  • Will begin to evaluate actual CA requests
  • Hope to get started on master list of CAs (blocked on getting format and list of required info from Frank)
  • Work on Content Restrictions patch as part of Firefox 3.0 (waiting for design help from dveditz)

Does anyone have a Wiki-to-HTML bookmarklet?

4 thoughts on “Weekly Status 2007-02-09

  1. Content Restrictions … interesting stuff.

    For “script”, I think “same host”, “same domain” (-> use effective TLD service) and “same path” (implies same host) should be added.
    Also, it becomes clear that there’s no straight hierarchy. You would have three groups: source (internal, external), position (head) and origin (domain, host, path). Either you define three names or you allow to combine the value groups, e.g.: script=external+host+head

  2. Ok, there’s already “domain” … I should have read to the end before posting. However, I wouldn’t want to restrict “all requests initiated by the page” but only scripts.

  3. Dao: but what about web bugs? It’s not only script which can be XSSed into a page to do nasty-ish things.

    You are right – it would make good sense to split up script location and script in-page position.