Re: [W3C Web Crypto] Call for Consensus on removing algorithms from the web API specification -> 20th of October from Harry Halpin on 2015-10-06 (public-webcrypto@w3.org from October 2015)

From: Harry Halpin <hhalpin@w3.org>
Date: Tue, 06 Oct 2015 13:58:10 -0400
To: Ryan Sleevi <sleevi@google.com>, Eric Roman <ericroman@google.com>
CC: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Richard Barnes <rlb@ipv.sx>
Message-ID: <56140BB2.6020902@w3.org>

On 10/06/2015 01:41 PM, Ryan Sleevi wrote:
> Correct, and I believe Richard was looking at getting someone to
> implement it for Mozilla 'real soon'; there was just some additional
> NSS API work that had to happen before they could expose it to
> WebCrypto, and Firefox's underlying cryptographic library supports it
> with one or two tweaks.

Algorithms are up for removal due to lack of interoperability between
*two independent* browser teams. DH has Mozilla implementation but not
Chrome and Microsoft. Same with RSS-PSS (supported in Chrome) but not in
Mozilla and Microsoft.

Re RSA-PSS, I would personally prefer it in the spec. Thus this is great
news re Mozilla and we didn't know it in the meeting.

Thus, I'd like to add an addendum *to this call for consensus* is that
if algorithms have two or more interoperable implementations by the time
we got to CR, then we add them back into the spec.

We're hoping to go to PR in early November, so hopefully Mozilla can
pull this off by then.

              cheers,
                  harry

>
> On Tue, Oct 6, 2015 at 10:32 AM, Eric Roman <ericroman@google.com
> <mailto:ericroman@google.com>> wrote:
>
>     The meeting notes say that there are no implementations of RSA-PSS:
>     > No implementations: RSA-PSS, AES-CMAC, AES-CFB, CONCAT
>
>     Note that is not correct -- at least the Chrome browser implements
>     RSA-PSS
>
>
>     On Tue, Oct 6, 2015 at 10:20 AM, GALINDO Virginie
>     <Virginie.Galindo@gemalto.com
>     <mailto:Virginie.Galindo@gemalto.com>> wrote:
>
>         Dear all,
>
>          
>
>         Following our last meeting call, we decided to remove from the
>         normative part of our specification the following algorithms
>         for not being implemented in at least 2 of the platform tested
>         : RSA-PSS, AES-CMAC, AES-CFB, CONCAT, DH. Detailed discussion
>         can be found under
>         http://www.w3.org/2015/09/28-crypto-minutes.html.
>
>          
>
>         This mail is a call for consensus to validate that decision.
>
>          
>
>         Anyone objecting to that decision should make his motivated
>         point before the 20^th of October at 17:00 UTC.
>
>         If this decision is endorsed, the algorithms descriptions will
>         be gathered in a dedicated Note.
>
>          
>
>         Regards,
>
>         Virginie
>
>         Chair of the web crypto WG
>
>          
>
>         //please ignore the following statement
>
>         ------------------------------------------------------------------------
>         This message and any attachments are intended solely for the
>         addressees and may contain confidential information. Any
>         unauthorized use or disclosure, either whole or partial, is
>         prohibited.
>         E-mails are susceptible to alteration. Our company shall not
>         be liable for the message if altered, changed or falsified. If
>         you are not the intended recipient of this message, please
>         delete it and notify the sender.
>         Although all reasonable efforts have been made to keep this
>         transmission free from viruses, the sender will not be liable
>         for damages caused by a transmitted virus.
>
>
>

Received on Tuesday, 6 October 2015 17:58:21 UTC