W3C home > Mailing lists > Public > public-webcrypto@w3.org > September 2012

Re: W3C Web Crypto - classifying issues - a new proposal

From: Ryan Sleevi <sleevi@google.com>
Date: Fri, 21 Sep 2012 13:01:16 -0700
Message-ID: <CACvaWvaaBrn7hY-OJzE_1fUy5MyFg6DW2Tct+p+M85GJwDTcKg@mail.gmail.com>
To: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Wendy Seltzer <wseltzer@w3.org>, Harry Halpin <hhalpin@w3.org>
On Tue, Sep 18, 2012 at 3:03 AM, GALINDO Virginie
<Virginie.GALINDO@gemalto.com> wrote:
> Dear all,
> You will find attached a new version of a table for structuring our ISSUES,
> together with a priority proposal. The dependency still have to be worked
> out.
> Please note that the exercise here is just to treat issues from a domain all
> together. As suggested in my Take Away, lets start with high priority crypto
> ISSUE and progress on that domain to help implementers. This does not
> prevent us from starting a second wave, e.g. functional or key description
> (that I have generated from key and access control domains).

Could you explain the criteria you used to determine priority here? It
looks like it has been changed somewhat significantly from the
previous version, and I don't see any discussion on the mailing list
or during our last telecon to explain why the changes.

> Any comment on this new structure of issues ?

As mentioned on the telecon, I still believe it's a mistake to
conflate key definitions and access control. I appreciate the close
relationship they are, but I still believe they represent distinct
sets of challenges. That some members have expressed a desire to
disregard the same origin policy I believe highlights this, since such
a discussion is wholly independent on "what makes a key a key" and is
directly related to the security properties.

> Any volunteer to work on dependency with me ?

As mentioned on IRC during the telecon, I do not think these
categories are necessarily exclusive. That is, categories are more
like a set of tags, and the domain is just highlighting the 'closest'

Within that, I don't think there is a matter of dependency ordering.
Discussions on a later issue may fundamentally alter a former issue.
Trying to order them into some structure of dependencies I think will
just end up taking time, while not necessarily adding value.

I suspect it's more important that we establish and agree upon the
priorities, since I think those are most blocking towards getting
progress done.

> Any strong opinion on treating two “waves” in parallel ?

I do not think we will be able to limit the mailing list discussions
to just one or two topics, nor do I think it would be helpful to do
Since we cannot pursue parallel discussions on a single telecon, if
this is a proposal to start a twice-weekly telecon, I'd be concerned
about the ability to make progress in either. I'm not sure the
time/value trade-off would be productive.

So I'm left being unclear on what you mean by this.

I think the most important part to making progress on any of these
issues is that people begin proposing strawman proposals that will
address their needs. The ISSUES have tried to capture what members
have expressed desire for or concerns of, but in the absence of
proposals, I fear we'll continually discuss how "This would be nice",
without actually making progress, and worse, that members will
continue to add new features without suggesting how their concerns can
be resolved.
Received on Friday, 21 September 2012 20:01:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:13 UTC