W3C home > Mailing lists > Public > public-web-security@w3.org > January 2015

Re: [W3C Web Crypto WG] Rechartering discussion

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Thu, 15 Jan 2015 15:54:38 +0100
Message-ID: <54B7D4AE.1050105@gmail.com>
To: Harry Halpin <hhalpin@w3.org>, Richard Barnes <rlb@ipv.sx>
CC: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-web-security@w3.org" <public-web-security@w3.org>, Wendy Seltzer <wseltzer@w3.org>
On 2015-01-15 15:21, Harry Halpin wrote:
>
>
> On 01/15/2015 03:11 PM, Anders Rundgren wrote:
>> On 2015-01-15 14:50, Harry Halpin wrote:
>>> Just to clarify as I've had a few off list emails expressing confusion
>>> on what it means to 'recharter' from folks new to the W3C:
>>>
>>> We can recharter WebCrypto with *no* new deliverables. This means we can
>>> simply extend the charter to deal with the current relatively small
>>> delay we have off of our current charter.
>>>
>>> That being said, if there is work that people want in scope, either of
>>> the WebCrypto WG or WebAppSec or a new WG, it would be great to have
>>> member submissions before the WebCrypto charter expired, ideally before
>>> the end of February. W3C wants work to go in the best and most
>>> appropriate forum for the particular deliverable.
>
> Anders,
>
>    As I think many other people have mentioned before, while we
> appreciate your technical contributions,

Thanx.


 > your prognostications about the future have been 100% wrong historically

Are you referring to payments and WebCrypto?  The answer on that is yet
to be seen an yes, I don't think WebCrypto will be a part of the plot.

Or is it HTML5's "keygen"?  The fact is that it has at best 5% of the
market which IMO makes it a failure.


> and  tend towards being inflammatory, which perhaps both why your
 > invited expert status is rejected by W3C Working Groups

Yes, political correctness isn't my forte...


> and your WebPKI work has also no taken up by the larger community.

Well, I think that may have a slightly simpler explanation: who cares about
*anything* not coming from a major player or very well-respected individual?


> If you'd focus on technical issues and look for
> ways forward, I think you can make a positive impact.

I do that in the Web Payment IG although without being an invited expert :-)

Cheers,
Anders

>
>     cheers,
>       harry
>
>
>
>>
>> What's somewhat surprising is that hardly none of the things discussed in
>> Mountain View seems to be relevant anymore.  Yeah, Google is not interested
>> and therefore there's nothing we can do?
>>
>> Anyway, the Web Payment IG won't bother with WebCrypto either, the s.c.
>> high-value transactions mentioned in the original use-case document will be
>> performed in local non-web-based wallets using TEE/SE-based
>> cryptographic APIs.
>>
>> Anders
>>
>>
>>>
>>> Although the decision would always rest with the WG for new deliverables
>>> to a charter and with the AC for the creation of a new WG, I would
>>> personally skeptical of adding new deliverables unless there are clear
>>> member submissions and some emerging consensus that we should add a new
>>> deliverable.
>>>
>>> Nonetheless, we at W3C are firmly interested in seeing authentication on
>>> the Web become more secure, and are actively interested in ways to
>>> operationalize this in a way that is acceptable to both users, vendors,
>>> and implementers. It's a tough job, but someone's got to do it :)
>>>
>>>      cheers,
>>>          harry
>>>
>>>
>>> On 01/08/2015 01:31 AM, Richard Barnes wrote:
>>>> On Wed, Jan 7, 2015 at 7:43 PM, Ryan Sleevi <sleevi@google.com> wrote:
>>>>
>>>>> As noted during the F2F during the 2014 TPAC, it's unlikely we would
>>>>> be able to support such a rechartering.
>>>>>
>>>>> In the goals, only the first goal is something that aligns with our
>>>>> interest.
>>>>> In the scope, we are explicitly not interested in "user managed"
>>>>> storage and "web certificate management". Further, we don't believe
>>>>> this group is the appropriate venue for the discussion of Web
>>>>> Authentication - that would be better for WebApps or WebAppSec.
>>>>> WebAppSec already has proposals for dealing with credentials -
>>>>> http://lists.w3.org/Archives/Public/public-webapps/2014JulSep/0141.html
>>>>>
>>>>> Put differently, for a rechartering, the only effort we'd likely
>>>>> support support is the maintenance and exploration of algorithms.
>>>>>
>>>>> Any other chartering discussions should follow the highly productive
>>>>> workmodes of WebApps and WebAppSecs - that is, concrete, defined
>>>>> proposals being brought forth and holding rechartering discussions in
>>>>> specific and narrow scopes if such proposals have consensus (in
>>>>> particular, from user agents).
>>>>>
>>>>
>>>> Reserving the right to disagree with Ryan on the particular scoping
>>>> above,
>>>> I strongly agree with the above paragraph.  None of the proposed work
>>>> items
>>>> to date has been defined in enough scope to make it clear what a WG
>>>> would
>>>> do.
>>>>
>>>> --Richard
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>> On Wed, Jan 7, 2015 at 1:48 AM, GALINDO Virginie
>>>>> <Virginie.Galindo@gemalto.com> wrote:
>>>>>> Dear all,
>>>>>>
>>>>>>
>>>>>>
>>>>>> Web Crypto WG charter [1] will end by the end of March. We need to
>>>>> prepare
>>>>>> the next charter of Web Crypto.
>>>>>>
>>>>>>
>>>>>>
>>>>>> As a reminder, the conversation has started on this page :
>>>>>> https://www.w3.org/Security/wiki/IG/webcryptonext_draft_charter
>>>>>>
>>>>>> Feel free to add you ideas and suggestions on the wiki and/or
>>>>>> expose your
>>>>>> opinion and question on the public-webcrypto@w3.org or
>>>>>> public-webcrypto-comment@w3.org (for non W3C Web Crypto WG members).
>>>>>>
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Virginie
>>>>>>
>>>>>>
>>>>>>
>>>>>> [1] http://www.w3.org/2011/11/webcryptography-charter.html
>>>>>>
>>>>>>
>>>>>>
>>>>>> ________________________________
>>>>>> This message and any attachments are intended solely for the
>>>>>> addressees
>>>>> and
>>>>>> may contain confidential information. Any unauthorized use or
>>>>>> disclosure,
>>>>>> either whole or partial, is prohibited.
>>>>>> E-mails are susceptible to alteration. Our company shall not be liable
>>>>> for
>>>>>> the message if altered, changed or falsified. If you are not the
>>>>>> intended
>>>>>> recipient of this message, please delete it and notify the sender.
>>>>>> Although all reasonable efforts have been made to keep this
>>>>>> transmission
>>>>>> free from viruses, the sender will not be liable for damages caused
>>>>>> by a
>>>>>> transmitted virus.
>>>>>
>>>>>
>>>>
>>>
>>
Received on Thursday, 15 January 2015 14:55:14 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 15 January 2015 14:55:15 UTC