- From: <bugzilla@jessica.w3.org>
- Date: Sat, 11 Oct 2014 09:11:04 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618 --- Comment #53 from Harry Halpin <hhalpin@w3.org> --- (In reply to Ryan Sleevi from comment #52) > (In reply to Harry Halpin from comment #50) > > Domenic, > > > > I believe the issue you reference is *not* there should be no extension > > specs. > > > > To be precise, the issue is: *Improve Errata Management*. > > > > "For reasons of process and practice, W3C working groups do not necessarily > > issue errata in an expeditious fashion. We should fix the W3C Process so > > that it encourages groups to consistently issue errata. We should also > > explore Best Practices that groups could adopt to improve their handling of > > this issue." > > > > I agree with that. I would of course be happy to add errata to the spec > > pointing to any extensions that have made through the W3C process. > > > > However, currently the Web Crypto spec does *not* have a > > mandatory-to-implement list of algorithms. > > > > You have two options here: > > > > 1) All algorithms are mandatory to implement. Thus, developers know exactly > > what algorithms to implement and there are no extensions. > > > > 2) Some or no algorithms are mandatory to implement. Then, there may be > > extensions. > > > > Ryan has switched his position from 2) to 1). > > > > In particular, for the case of 1) there is no way to add Curve 25519 to the > > spec without having all browsers implement it and re-opening Last Call. > > > > So, you gotta chose - logically you can't have 2) and then not allow > > extension specs (and yes, extension specs could be mentioned in errata and > > be easily discoverable). > > > > Microsoft has already chosen 2). I'd like to know what Google's position is, > > not you with a TAG hat or Ryan's personal position. > > You are conflating two distinct issues. There is zero requirement to make > something normative in order to improve the process. I'm going to point out that Boris' objections about people expecting S2 hold in the current spec unless *all algorithms* are normative. That should be straightforward. > > That is, you're distinctly ignoring option 3 > > 3) The spec (and errata, aka 'living spec') list the algorithms. New > algorithms are incorporated, via errata, into "The spec", without > necessitating extension specs. If this is rephrasing Richard Barnes's "we can add forward-links to extension specs in an errata" per Mozilla's rather reasonable proposal on the mailing list, then yes, at least Mark Watson and Mozilla agree we can go with that. That is fine per W3C process as there is a well-defined procedure for errata, it solves the discoverability/maturity problem, and gives the spec the agility that BAL requires. So, thus, we have consensus. > > The issue of normative and profiles, which we've discussed at length and you > very well know Google's position on, is addressed as an orthogonal and > separate concern. > > Also, from a W3C staff representative, the tone is not appreciated, as has > been previously communicated privately but, unfortunately, continues to > attempt to dismiss the concerns Google is bringing you. Let's try to keep > things positive and productive, please. I think those questions I asked are exceedingly reasonable as this is the last blocking substantial bug and Microsoft has been very clear about what they want. We have simply asked the same from you and Google. I think Richard's proposal solves this bug. Richard, can you please put what you think is the final version of your proposal in bugzilla to make sure we have consensus? -- You are receiving this mail because: You are on the CC list for the bug.
Received on Saturday, 11 October 2014 09:11:06 UTC