Re: [W3C Web Crypto] Call for Consensus on removing algorithms from the web API specification -> 20th of October from Harry Halpin on 2015-10-06 (public-webcrypto@w3.org from October 2015)

From: Harry Halpin <hhalpin@w3.org>
Date: Tue, 06 Oct 2015 14:44:58 -0400
To: public-webcrypto@w3.org, Richard Barnes <rlb@ipv.sx>
Message-ID: <561416AA.2040703@w3.org>

On 10/06/2015 02:10 PM, Richard Barnes wrote:
> On Tue, Oct 6, 2015 at 1:41 PM, Ryan Sleevi <sleevi@google.com> wrote:
>> Correct, and I believe Richard was looking at getting someone to implement
>> it for Mozilla 'real soon'; there was just some additional NSS API work that
>> had to happen before they could expose it to WebCrypto, and Firefox's
>> underlying cryptographic library supports it with one or two tweaks.
> Yes, we are working on this in Q4.  I would oppose removing RSA-PSS
> from WebCrypto.
>
> Note also that RSA-PSS is a requirement for TLS 1.3.

Richard,

Do you think we should delay Rec to get this algorithm?

If not, do you think its possible to get this out at latest by end of
November?

  cheers,
          harry

>
> --Richard
>
>
>> On Tue, Oct 6, 2015 at 10:32 AM, Eric Roman <ericroman@google.com> wrote:
>>> The meeting notes say that there are no implementations of RSA-PSS:
>>>> No implementations: RSA-PSS, AES-CMAC, AES-CFB, CONCAT
>>> Note that is not correct -- at least the Chrome browser implements RSA-PSS
>>>
>>>
>>> On Tue, Oct 6, 2015 at 10:20 AM, GALINDO Virginie
>>> <Virginie.Galindo@gemalto.com> wrote:
>>>> Dear all,
>>>>
>>>>
>>>>
>>>> Following our last meeting call, we decided to remove from the normative
>>>> part of our specification the following algorithms for not being implemented
>>>> in at least 2 of the platform tested : RSA-PSS, AES-CMAC, AES-CFB, CONCAT,
>>>> DH. Detailed discussion can be found under
>>>> http://www.w3.org/2015/09/28-crypto-minutes.html.
>>>>
>>>>
>>>>
>>>> This mail is a call for consensus to validate that decision.
>>>>
>>>>
>>>>
>>>> Anyone objecting to that decision should make his motivated point before
>>>> the 20th of October at 17:00 UTC.
>>>>
>>>> If this decision is endorsed, the algorithms descriptions will be
>>>> gathered in a dedicated Note.
>>>>
>>>>
>>>>
>>>> Regards,
>>>>
>>>> Virginie
>>>>
>>>> Chair of the web crypto WG
>>>>
>>>>
>>>>
>>>> //please ignore the following statement
>>>>
>>>> ________________________________
>>>> This message and any attachments are intended solely for the addressees
>>>> and may contain confidential information. Any unauthorized use or
>>>> disclosure, either whole or partial, is prohibited.
>>>> E-mails are susceptible to alteration. Our company shall not be liable
>>>> for the message if altered, changed or falsified. If you are not the
>>>> intended recipient of this message, please delete it and notify the sender.
>>>> Although all reasonable efforts have been made to keep this transmission
>>>> free from viruses, the sender will not be liable for damages caused by a
>>>> transmitted virus.
>>>

Received on Tuesday, 6 October 2015 18:45:02 UTC