W3C home > Mailing lists > Public > public-web-security@w3.org > March 2015

Re: [Web Crypto WG] draft Web Crypto WG charter : for your review and comments

From: Siva Narendra <siva@tyfone.com>
Date: Wed, 11 Mar 2015 14:32:29 -0700
Message-ID: <CAJhTYQy58ohSTA9PrTCGT+QRmWZtqJN9SXd_TcPd4rFTr-dYZA@mail.gmail.com>
To: Harry Halpin <hhalpin@w3.org>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Charles Engelke <w3c@engelke.com>, GALINDO Virginie <Virginie.Galindo@gemalto.com>, Wendy Seltzer <wseltzer@w3.org>
Thank you Harry.

-Siva


*--*


*Siva G. Narendra Ph.D. CEO - Tyfone, Inc.Portland | Bangalore |
Taipeiwww.tyfone.com <http://www.tyfone.com>*
*Voice: +1.661.412.2233*


On Wed, Mar 11, 2015 at 2:27 PM, Harry Halpin <hhalpin@w3.org> wrote:

>
>
> On 03/11/2015 09:59 PM, Siva Narendra wrote:
> > +adding Pub-Web-Security for continuity from the Workshop
> >
> > Thank you Harry. Few questions:
> >
> >    1. Does this mean "FIDO will not be implemented under this WG?"
> >    2. Is the statement "All the web browser implementers do not want to
> >    support hardware tokens or anything that is outside of cryptography in
> >    within the scope of WG?" or "One browser vendors does not want to
> support
> >    anything other than FIDO?"
>
> I think the answer should be:
>
> 1) FIDO will not be implemented under the Web Crypto Working Group, but
> may be pursued in another WG.
>
> 2) Hardware token support, both in a manner consistent with a revised
> Gemalto proposal that takes on board feedback like respect for
> same-origin policy, should be pursued in another Working Group, but not
> in the WebCrypto WG.
>
> Does that help?
>
> The real question now is what the shape and charter(s) of the new
> Working Groups will be, along with associated time-frames.
>
> There have been formal Member submissions neither from the smartcard
> vendors or FIDO, but lots of informal discussion. However, the workshop
> did reach consensus that hardware token support should be part of the
> Open Web Platform, and the W3C would like to follow this up with one or
> more new Working Groups if the work does not match existing Working Groups.
>
>
> As the discussion in Web Crypto WG shows, it does not match at the time
> being as the implementors want to focus on algorithm maintenance and
> finishing version 1.0.
>
> If opinions have drastically changed since the workshop, we would like
> to revisit that consensus via a survey of W3C members but we are hoping
> there is still consensus and momentum.
>
>    cheers,
>        harry
>
>
>
>
> >
> > This is important for the eco-system to know so we can determine if this
> > work should be pursued inside W3C or outside.
> >
> > Thank you,
> > Siva
> >
> >
> >
> >
> > *--*
> >
> >
> > *Siva G. Narendra Ph.D. CEO - Tyfone, Inc.Portland | Bangalore |
> > Taipeiwww.tyfone.com <http://www.tyfone.com>*
> > *Voice: +1.661.412.2233*
> >
> >
> > On Wed, Mar 11, 2015 at 11:16 AM, Harry Halpin <hhalpin@w3.org> wrote:
> >
> >>
> >>
> >> On 03/11/2015 07:08 PM, Charles Engelke wrote:
> >>> I'm new to this WG and W3C in general, so I may be missing points on
> >>> how this works. But until today that draft did include adding new use
> >>> cases. Today that was revised to say "the Web Crypto WG will not
> >>> adress any new use case others then the ones developed with the first
> >>> version of the Web Crypto API."
> >>>
> >>> Did I miss the process that made this change?
> >>
> >> There was strong objections from members of the Working Group, in
> >> particular implementers that are on public record.
> >>
> >> Thus, while the W3C is still committed do finding an appropriate home
> >> for these use-cases and associated standards, it will not be this
> >> Working Group.
> >>
> >> If you have a particular use-case and proposed technical solution that
> >> you think would be acceptable to implementers, e-mail the Web Security
> >> Interest Group at public-web-security@w3.org.
> >>
> >>     cheers,
> >>        harry
> >>
> >>>
> >>> Thanks,
> >>>
> >>> Charlie
> >>>
> >>> On Wed, Mar 11, 2015 at 1:13 PM, GALINDO Virginie
> >>> <Virginie.Galindo@gemalto.com> wrote:
> >>>> Dear all,
> >>>>
> >>>> You will find here
> >>>> https://www.w3.org/Security/wiki/IG/webcryptonext_draft_charter the
> >> basis of
> >>>> the next Web Crypto WG charter.
> >>>>
> >>>> Based on the feedback on this mailing list, despite the long
> >> discussions we
> >>>> had related to new features such as crypto service in secure element,
> >>>> certificate management, authentication management, this charter only
> >>>> adresses the maintenance of the Web Crypto API, and the creation of
> >>>> extension for specific algorithms.
> >>>>
> >>>> What I am expecting from working group participants now is the
> >> algorithms
> >>>> they would like to see as extension of the Web Crypto API. This will
> >> help us
> >>>> to get a list of the extension we plan to adress in the framework of
> >> that
> >>>> specific working group.
> >>>>
> >>>> Please note that there are some discussions in AC forum about
> >> restricting
> >>>> activities of any WG that does not work under a valid charter. Our
> >> charter
> >>>> will expire on the 31st of March, as such, we should try to get
> >> consensus on
> >>>> the new charter as soon as possible (or we will have to ask an
> >> extension to
> >>>> W3C director).
> >>>>
> >>>>
> >>>>
> >>>> Regards,
> >>>> Virginie Galindo
> >>>> gemalto
> >>>> chair of the web crypto WG
> >>>>
> >>>>
> >>>> ________________________________
> >>>> This message and any attachments are intended solely for the
> addressees
> >> and
> >>>> may contain confidential information. Any unauthorized use or
> >> disclosure,
> >>>> either whole or partial, is prohibited.
> >>>> E-mails are susceptible to alteration. Our company shall not be liable
> >> for
> >>>> the message if altered, changed or falsified. If you are not the
> >> intended
> >>>> recipient of this message, please delete it and notify the sender.
> >>>> Although all reasonable efforts have been made to keep this
> transmission
> >>>> free from viruses, the sender will not be liable for damages caused
> by a
> >>>> transmitted virus.
> >>>
> >>
> >>
> >
>
Received on Wednesday, 11 March 2015 21:33:15 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 March 2015 21:33:16 UTC