These minutes are not final until approved at a subsequent meeting.
20 June 2012: 09:00 am to 4:30 pm (Central European Time)
21 June 2012: 09:00 am to 4:30 pm (CET)
22 June 2012: 09:00 am to 12:00 pm (CET)
N 0374
Topic: WG 23 Meeting #23
Date: Every 1 day, from Wednesday, September 12, 2012 to Friday, September 14, 2012
Time:
Meeting Number: 950 652 945
Meeting Password: wg23
To start or join the online meeting, go to iso_meetings
To receive a call back, provide your phone number when you join the meeting, or call the number below and enter the access code.
Switzerland toll free: 0800-894627
USA/Canada toll free:
1-855-299-5224
Having trouble dialing in? Try these backup numbers:
Call-in toll-free number (UK): 0800-051-3810
Call-in toll number (UK): +44-20-310-64804
Global call-in numbers: iso_meetings call-in numbers
Toll-free dialing restrictions: tollfree restrictions
Access code: 957 751 512
For assistance:
1. Go to iso_meetings
support
2. On the left navigation bar, click "Support".
To add this meeting to your calendar program (for example
Microsoft Outlook), click this link: iso_meetings
to calendar
Kazuyoshi Korosue (JP),
Tatsuaki Takebe (JP),
Willem Wakker (NL),
David Keaton (US),
Stephen Michell (CA),
Tom Plum (US) – phone,
Larry Wagoner (US) – phone,
Clive Pygott (UK) – phone,
Rex Jaeschke (SC 22 Chairman) and,
John Benito (convener)
|
2013 |
||||
|
WG23 #28 |
2013-12 |
Web conference |
— |
|
|
WG23 #27 |
2013-09 |
Tokyo, Japan |
WG23 meeting colocated with SC22 plenary meeting. |
|
|
WG23 #26 |
2013-06 |
Berlin, DE |
Colocated with WG 9, Ada Europe |
|
|
WG23 #25 |
2013-03-13/15 |
New York, USA - ANSI |
See [N0413]. |
|
|
2012 |
||||
|
WG23 #24 |
2012-12-12/14 |
Electronic meeting |
WG23 Meeting #24. Three hours each day, starting at 17:00 Germany; 16:00 UK; 11:00 US-east coast; 8:00 US-west coast; 6:00 US-Hawaii |
|
|
WG23 #23 |
2012-09-12/14 |
Geneva, Switzerland |
Colocated with SC 22 plenary meeting |
|
|
SC22 |
2012-09-10/11 |
Geneva, Switzerland |
SC 22 plenary meeting |
|
AI 23-1 The Convener will work with WG 21 to colocate for March/April 2014 meeting.
SC 22 will ask JTC 1 to discontinue the WG 23 to/from Cat-C Misra-L liaison.
WG 23 will co-locate with SC 22 plenary in Spain, 2014.
Convener reported that the ballot for 24772.2 passed unanimous, comments were recived from Canada, Japan, and UK. UK comments sent directly to Convener.
Convenor has discussed with WG 5. WG 5 plans to have an annex for summer 2013.
None
In DIS ballot for a major revision.
AI 23-2 – Michell – look at changes in the Ada revision to see how Annex C may be affected.
C secure coding rules (17961) expected to go to ballot after the October meeting.
None
None
Ecma liaison has gone missing. Douglas Crockford was liaison.
AI 23-3 – Convener and Jaeschke to contact Ecma TC 39 and try to get new contacts to renew the liaison to ECMAScript.
Expect to publish a new document MISRA C Version 3 end of 2012 with public launch February 2013, this version is based on C99 (9899:1999).
None
None
None
[N0416] — Informal comments from UK
[N0417] — Japan Ballot comments on 24772
[N0418] — Canadian Ballot comments on 24772
[N0419] — Takebe, CWE SANS 25 compared to PDTR 24772.2
[N0420] — Reserved for minutes
[N4021] — Reserved for ballot resolutions
[N0422] – Comments from Clive Pygott regarding [N0417]
We discuss JA-?? file download. Consider the option of merging this with 7.10 Unrestricted file upload. We are concerned about the size of the changes and and the amount of change that would be added to TR 24772. The editor suggests that we accept the comments, put the editorial ones into the TR and work on adding the other comments into the next revision.
Committee formed of Takebe, Pygott, Benito to work these proposals into a form of the TR.
Comments from Willem.
JA-2 Incorrect Authorization. - Needs to be added.
Larry – Might be able to merge into 7.21 Access Control.
JA-3 Inclusion of Functionality from untrusted control sphere.
Suggest merging with 7.7 Execution or loading of untrusted code.
David notes that PHP (and possibly other web-oriented language) does “include”s from other domains, and hence this may need description in section 6.
AI 23-4 – David – distribute information on the PHP include issue for education and consideration.
JA-4 Improper restriction of excessive authentication attempts
Should be added.
Larry states that it could be added to 7.22, but may be a stretch.
Would require a rewrite of 7.22.
JA-5 URL redirection to untrusted site (open redirect)
Suggest add as a new vulnerability.
JA-?? 6 Uncontrolled format string
Suggests that this is a language issue – belongs in 6.
JA-?? 7 Use of a one-way hash without salt.
Suggests that this belongs in 7.22. Title of 7.22 may need changing.
Larry Wagoner comments [N0423] Python (as a response to UK comments [N0416])
Comment was line 50 on UK contribution.
Open, to be discussed with UK technical expert and original Python annex author.
Finish the Canadian comments. Resolution is documented in the [N0421].
4.1Temporary web site.
For the duration of the meeting we shall use the temporary web site set up at www.open-std.org/jtc1/sc22/wg23.
Thanks to Keld Simonsen and Willem Wakker for providing this facility.
If you follow the link from the SC 22 page on www.open-std.org/jtc1/sc22 it takes you to the usual ieee web page.
4.2 Code Signing IS 17960
Current proposed of the document (still in author's hands) is fairly prescriptive in terms of file formats,etc. Concern expressed that developers of applications will not meet such an approach. Suggestion made that the actual way to interface would be implementation-defined, meaning that it must be documented.
Promotion by speaking at events – Ada Europe, Ruby
conference.
Presentation to functional safety and security experts
(Japan).
Idea to ask CWE to put a reference to our document on the “related efforts”.
AI 23-5 John Benito to contact CWE to discuss inclusion of TR 24772 in CWE, CVE, etc in the related efforts pages.
Editor to incorporate the changes into the document and disposition of comments and submit to ITTF for a 3-month DTR ballot.
Thanks to IEC international, and Gabriel Barta and Jennifer Lack for their help in arranging and supporting the meeting.