| 00:06 | <JonathanNeal> | smaug____: well if they frustrate you, write your own. |
| 00:08 | <JonathanNeal> | WYSIHTML Spec |
| 00:30 | <chrisdickinson> | has the CSS subject selector syntax been dropped? (summarized here, http://css4-selectors.com/selector/css4/subject-of-selector-with-child-combinator/ for lack of a better link) |
| 12:18 | <mathiasbynens> | Hixie_: can haz *.html5.org SSL certificate? |
| 12:19 | <annevk> | mathiasbynens: I have to do that I think |
| 12:19 | <mathiasbynens> | annevk: oh, okay. are you up for it? |
| 12:19 | <annevk> | I was planning on looking into StartSSL about now, but got distracted by something |
| 12:19 | <mathiasbynens> | specifically i have some tests are use the data in http://mathias.html5.org/data/unicode/, and i’d like them to work over HTTPS |
| 12:19 | <Ms2ger> | Anything there we shouldn't move to whatwg.org? |
| 12:20 | <annevk> | Ms2ger: there's a whole bunch of personal sites hosted there |
| 12:21 | <annevk> | mathiasbynens: makes sense, I'll have a look |
| 12:22 | <mathiasbynens> | annevk: ta! |
| 12:28 | <Domenic> | yay ssl |
| 12:28 | <Domenic> | chrisdickinson: it's become :has, which is equivalent in capability |
| 12:28 | <annevk> | Hmm, private key generation doesn't work in e10s |
| 12:28 | <Domenic> | chrisdickinson: also, last I heard from TabAtkins, it will be implemented in stylesheets, not just in querySelector, yay! |
| 12:30 | <mathiasbynens> | annevk: yeah there’s a bugzilla ticket for that iirc. opera has a similar issue |
| 12:31 | <annevk> | I hope they let me try this again in a window without e10s |
| 12:31 | <annevk> | looks like it |
| 12:38 | <annevk> | okay, so for this to work I have to make email addresses work |
| 12:43 | <mathiasbynens> | oh, right |
| 12:46 | <annevk> | mathiasbynens: feel free to keep pinging me about this |
| 13:04 | <annevk> | mathiasbynens: I saw you hadn't blogged yet about your TLS transition |
| 13:04 | <annevk> | mathiasbynens: in the works? |
| 13:05 | <mathiasbynens> | annevk: didn’t plan to write about it – it was easier than expected |
| 13:11 | <annevk> | One thing that's unclear to me is how this works with content. Does DreamHost automatically mirror? |
| 13:12 | <annevk> | And then it's up to me to add redirects for non-TLS traffic plus HSTS? |
| 13:12 | <mathiasbynens> | annevk: you basically tell Apache to listen on port 443 as well, and for each virtualhost (if you have more than one) point it to the cert + private key |
| 13:13 | <mathiasbynens> | annevk: that last part is super easy |
| 13:13 | <mathiasbynens> | let me know if i can help with the Apache setup |
| 13:13 | <annevk> | I don't think I have direct Apache access, but DreamHost provides configuration per wiki.dreamhost.com/Secure_Hosting#Purchasing_a_Signed_SSL_Certificate but does not detail how it affects content |
| 13:14 | <annevk> | In any event, I'm still waiting for DNS propagation so email can work... |
| 13:16 | <mathiasbynens> | oh, I see |
| 13:16 | <mathiasbynens> | well each host can just do something like this in `.htaccess`: |
| 13:16 | <annevk> | Hmm, e10s address bar copy-and-paste :( |
| 13:17 | <mathiasbynens> | Header set Strict-Transport-Security "max-age=13333337; includeSubDomains" env=HTTPS |
| 13:17 | <mathiasbynens> | RewriteEngine On |
| 13:17 | <mathiasbynens> | RewriteCond %{HTTPS} off |
| 13:17 | <mathiasbynens> | RewriteRule ^(.*)$ https://foo.html5.org%{REQUEST_URI} [R=301,L] |
| 13:18 | <annevk> | Is includeSubDomains needed if there are none? |
| 13:18 | <annevk> | I guess there's pretty much always www, so yes |
| 13:19 | <annevk> | Hmm, if you let DreamHost take care of that www to non-www redirect, they probably won't include that header. So you'd have to do that yourself perhaps... |
| 13:19 | <mathiasbynens> | `includeSubDomains` should be the default; not cool to have HTTPS only for one subdomain but not the others |
| 13:20 | <annevk> | Well I have some domains without subdomain. |
| 13:20 | <mathiasbynens> | annevk: but then still you want them to get HTST |
| 13:20 | <mathiasbynens> | in case someone accesses foo.domainwithoutsubdomain.com |
| 13:20 | <annevk> | That would not resolve in DNS |
| 13:22 | <mathiasbynens> | …but it might in a MitM attack scenario |
| 13:22 | <annevk> | Good point |
| 13:22 | <mathiasbynens> | with HTTPS/HSTS that risk is avoided |
| 13:22 | <annevk> | They should have made that flag an opt out |
| 13:22 | <annevk> | Bad protocol design |
| 13:42 | <mathiasbynens> | Hixie_: whatwg.org has a valid SSL cert, but most of its pages contain mixed content e.g. https://www.whatwg.org/specs/ |
| 13:43 | <mathiasbynens> | Hixie_: also sub-subdomains present a (different) default-Dreamhost cert that triggers a warning, e.g. https://url.spec.whatwg.org/ |
| 13:44 | <mathiasbynens> | Hixie_: anything we can do to help fix these issues? |
| 14:02 | <annevk> | Mike West is also interested in helping out I think |
| 14:11 | <annevk> | mathiasbynens: does generating a private key generally take a long time? |
| 14:12 | <annevk> | mathiasbynens: was picking a 4K key length a mistake? |
| 14:12 | <Ms2ger> | Yes and no |
| 14:13 | <annevk> | I've been waiting a couple of minutes on this website now I think, I guess I can just leave it open |
| 14:13 | <mathiasbynens> | annevk: just create it yourself |
| 14:13 | <mathiasbynens> | annevk: `openssl genrsa -aes256 -out private-encrypted.key 2048` |
| 14:13 | <mathiasbynens> | annevk: https://konklone.com/post/switch-to-https-now-for-free#generating-the-certificate is more or less how i did it |
| 14:15 | <annevk> | that goes a lot quicker |
| 14:21 | <annevk> | however, startssl is still slow |
| 14:31 | <annevk> | mathiasbynens: so I hit a problem |
| 14:31 | <annevk> | mathiasbynens: I can only get this for one subdomain |
| 14:31 | <annevk> | mathiasbynens: I need to be class2 to make this work for html5.org |
| 14:35 | <annevk> | ok, so that's USD 60 |
| 14:36 | <mathiasbynens> | yep, *.domain.ext certs are not free :( |
| 14:37 | <annevk> | i'll start the process for that, why not |
| 14:38 | <annevk> | "The documents should be of high quality and high resolution, but not exceed 1400 x 1400 pixels and weigh less than 1 MB." geez |
| 14:42 | <mathiasbynens> | sorry for putting you through this, annevk :P |
| 14:44 | <annevk> | this UI is terrible |
| 14:53 | <annevk> | I guess I'll wait with anything until they verified me so I only have to do this every two years |
| 14:56 | <annevk> | Hixie_: I don't know if this is feasible, but perhaps you could switch the whole TLS business for whatwg.org over to me so I can get us new certificates every two years. |
| 14:57 | <annevk> | Hixie_: that way only one of us has to do this personal verification dance and since I'm already doing it, you don't have to bother. The only problem I see is that you already tied the whatwg.org domain to you. I'm not sure how strong of a tie that is. |
| 15:21 | <annevk> | So, passport and identity card or driver license; then either utility bill plus 5-10 days waiting for a letter or phone bill |
| 15:21 | <annevk> | I'm trying out if my phone contract works since I don't have a bill |
| 15:42 | <annevk> | And it didn't, because it lists the number from before they changed it back to my prepaid... |
| 15:45 | <annevk> | mathiasbynens: this means we have to wait 5-10 business days |
| 15:55 | <Garbee> | Does anyone know if a fieldset element is actually supposed to have its name submitted with the form? http://www.whatwg.org/specs/web-apps/current-work/multipage/forms.html#the-fieldset-element |
| 15:55 | <Garbee> | I am not seeing the behavior in any browser, yet MDN and WPD both state that it should be submitted with the form. |
| 15:56 | <annevk> | Garbee: I recommend updating MDN |
| 15:57 | <annevk> | Garbee: http://www.whatwg.org/specs/web-apps/current-work/multipage/forms.html#category-submit |
| 15:57 | <Garbee> | ah! Thanks. |
| 15:57 | <Garbee> | I was looking over another section it looks like. Actually outlining what engines should do on submission. |
| 16:01 | <Garbee> | http://www.whatwg.org/specs/web-apps/current-work/multipage/forms.html#dom-form-elements |
| 16:01 | <annevk> | That specifically defines the <form>.elements API |
| 16:01 | <Garbee> | I'll update WPD then, I don't have a MDN account nor do I care to make one just for one edit. |
| 16:01 | <annevk> | http://www.whatwg.org/specs/web-apps/current-work/multipage/forms.html#concept-form-submit is the submission algorithm |
| 16:01 | <annevk> | Which uses the link I gave to determine what elements to construct form data from |
| 16:01 | <Garbee> | Sweet, thank you for the help! |
| 16:01 | <annevk> | WPD is still alive? |
| 16:01 | annevk | thought people gave up on that |
| 16:02 | <Garbee> | People just forget about it apparently. |
| 16:02 | <Garbee> | I talk about in in rooms from time-to-time, and there is always someone who doesn't know what it is. Then you tell them, and they are amazed. Three weeks later, oh they've forgotten again. |
| 16:06 | <annevk> | It would be nice if StartSSL just gave me a domain if they already verified an allowed email for the domain |
| 19:19 | <annevk> | mathiasbynens: they're sending the letter tomorrow, but no idea whether it needs to come from the US or Isreal or how long that'll take, I guess 5-10 business days... |
| 19:20 | <mathiasbynens> | annevk: gah |
| 19:48 | <annevk> | mathiasbynens: let's blame it on Orange for not giving me a proper contract or not sending me a bill in time |
| 19:48 | <annevk> | mathiasbynens: damn operators |