W3C home > Mailing lists > Public > public-web-security@w3.org > February 2015

W3C Next Steps [was Re: [W3C Web Crypto WG] Rechartering discussion - Gemalto contribution]

From: Harry Halpin <hhalpin@w3.org>
Date: Tue, 03 Feb 2015 23:22:46 +0100
Message-ID: <54D14A36.3050209@w3.org>
To: GALINDO Virginie <Virginie.Galindo@gemalto.com>
CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, "public-web-security@w3.org" <public-web-security@w3.org>
Virginie and Karen,

  Thanks for the concrete suggestion for what to do next. In fact - it's
the only new concrete proposal from a major vendor on the table for the
W3C since the workshop that we've had yet, with the possible exception
of the Microsoft+ETRI proposal at the WebCrypto F2F that hasn't been
formally discussed.

However, the proposal is still fundamentally slides, which is probably
the right format for this level of maturity. Once you have addressed the
concerns to the best of your ability, what would be useful would be a
draft spec or set of draft specs, even if very drafty. Github could be
useful as well for tracking concerns and comments.

The W3C Member Submission is a possibility here if there is any concern
about IPR in the proposed specs (which unfortunately did come up), and
we encourage both Gemalto and others such as the FIDO Alliance to use
this process:

http://www.w3.org/2004/02/Process-20040205/submission.html

Myself and Wendy are happy to help with the necessary formatting and
legal work.

Once we have a Member Submission we will do an internal review and try
to set-up a teleconference with relevant parts of the W3C staff. We also
of course are happy to extend this process to any alternate proposals
and would be delighted to have multiple member submissions, even if
incompatible. The W3C is committed to a fair process that includes all
members, although in general my preference to see some rough consensus
and at least one solid draft (i.e. Member Submission, product of a CG,
etc.) before committing to chartering a new Working Group. While this
may not have consensus, we've at least re-started the conversation in
earnest :)

While there was lots of disagreement on the technical details, I think
we all agree on the use-cases that some kind of hardware-backed
cryptographic material would enable need to be part of the Open Web
Platform.

   cheers,
      harry



On 02/03/2015 05:36 PM, GALINDO Virginie wrote:
> Hi all,
> 
> reading the 70 e-mails in this thread and will come back to you with a proposal to formalize requests,  use cases, expression of concerns.
> 
> Virginie
> (speaking as chair)
> 
> ---- Rigo Wenning a écrit ----
> 
>> Anders,
>>
>> On Tuesday 03 February 2015 12:42:07 Anders Rundgren wrote:
>>> Although I agree with what you are saying there's a problem:
>>>
>>> None of the stuff you are referring to has ever been directly connected
>>> to the [UNTRUSTED] web, they are always used with a trusted App + GU.
>>
>> if everybody had already thought about it, my contribution would be noise. My
>> apologies if this is the case. This is a chartering discussion. If thinking
>> about the eGov use case is overkill, we should state that openly and move on.
>> I just want this to be a conscious decision. This enables W3C to respond if
>> asked by the various governments.
>>
>> --Rigo
> ________________________________
>  This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
> 
> This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus
> 
Received on Tuesday, 3 February 2015 22:22:56 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 3 February 2015 22:22:57 UTC