Re: [W3C Web Crypto WG] Take away from 11th of August WG call (mainly on NUMS curves integration)

I wholeheartedly and absolutely agree with every point Mark is making here.


On Tue, Aug 12, 2014 at 8:14 AM, Mark Watson <watsonm@netflix.com> wrote:

> Virginie, all,
>
> I believe the general sentiment was that we should specify how the NUMS
> curves can be used with WebCrypto, but there was no consensus on where /
> what document. Given this, I don't see that we have much alternative but to
> progress the technical work in a separate document for the moment, perhaps
> leaving open the door to integration into the main specification at a later
> point, if and when we have a recommendation from IETF / CFRG, depending on
> the status at that time of the main specification and if there is consensus
> to do that in the group (Perhaps that means the door is only very very
> slightly ajar.)
>
> Otherwise, we will be stalling progress on the technical work over a
> documentation / process issue.
>
> ...Mark
>
>
> On Tue, Aug 12, 2014 at 5:50 AM, GALINDO Virginie <
> Virginie.Galindo@gemalto.com> wrote:
>
>>  Dear all,
>>
>>
>>
>> This is a take away of our discussions held during the Web Crypto WG
>> call. Please note that this does not replace the minutes available under
>> http://www.w3.org/2014/08/11-crypto-minutes.html
>>
>>
>>
>> -          Wendy reminded us the process to go towards Candidate
>> Recommendation, highlighting the need to collect elements demonstrating
>> that the WG discussed sensitive bugs **and** shared with the bug
>> reviewers their decision (ideally having them happy). Wendy and Harry
>> mentioned that we still have few sensitive bugs that the WG need to
>> address. Note that the exhaustive list of 60 open bugs related to Web
>> Crypto API can be found here :
>> https://www.w3.org/Bugs/Public/buglist.cgi?quicksearch=web%20crypto&list_id=42115
>>
>> -          The WG discussed the way to move forward on the integration
>> of NUMS curves into the WG deliverables. The options discussed were based
>> on following scenario : addition of NUMS curve via an extension, inclusion
>> of NUMS curve in the main mains spec as feature risk, postponing our target
>> candidate recommendation to expect CFRG recommendation, dropping all NIST
>> algorithms in our main spec. All options informally voted, including the
>> option not to make a decision now, collected objections or massive
>> non-happy expression.
>>
>> -          Short summary of the informative votes : working extension as
>> a separate case (2 objections by Harry, Bal), working on the feature at
>> risk in the main spec (2 objections by Richard and Ryan, via delegation
>> vote), working on not making decision (3 times “-0.5” vote), delaying the
>> deliverables by 6 months (1 objection by Richard and a lots of unhappy
>> people).
>>
>> -          The question on which option would mandate a return to Last
>> Call was also discussed (which would delay by few weeks again the Candidate
>> Recommendation migration), and needs further discussions.
>>
>> -          The WG did not have time to address the curve25519 case,
>> neither bug related to extensibility mechanisms.
>>
>> -          It was discussed that IETF / CFRG algorithm recommendation
>> would happen during IETF#91, beginning November.
>>
>> -          It was stated at the beginning of the call that the chair
>> would trigger call for consensus via email to progress on the sensitive
>> bugs.
>>
>> -          The next call to follow up on that discussion will be on the
>> 25th of August at 20:00 UTC, usual bridge and irc
>>
>>
>>
>> In the meantime all conversation, alternatives, driving us toward
>> consensus will be appreciated…
>>
>>
>>
>> Virginie
>>
>> Chair of the Web Crypto WG
>>
>>
>>  ------------------------------
>> This message and any attachments are intended solely for the addressees
>> and may contain confidential information. Any unauthorized use or
>> disclosure, either whole or partial, is prohibited.
>> E-mails are susceptible to alteration. Our company shall not be liable
>> for the message if altered, changed or falsified. If you are not the
>> intended recipient of this message, please delete it and notify the sender.
>> Although all reasonable efforts have been made to keep this transmission
>> free from viruses, the sender will not be liable for damages caused by a
>> transmitted virus.
>>
>
>

Received on Tuesday, 12 August 2014 19:32:22 UTC