W3C home > Mailing lists > Public > public-webcrypto@w3.org > October 2015

RE: [W3C Web Crypto] Call for Consensus on removing algorithms from the web API specification -> 20th of October

From: GALINDO Virginie <Virginie.Galindo@gemalto.com>
Date: Tue, 6 Oct 2015 21:04:00 +0000
To: Richard Barnes <rlb@ipv.sx>, Harry Halpin <hhalpin@w3.org>
CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <540E99C53248CE468F6F7702588ABA2A0115B1DD29@A1GTOEMBXV005.gto.a3c.atos.net>
Richard,
Sharing with us a timing where it will be landing in Release Firefox may help us to adapt the rec track timing.
Regards,
Virginie

-----Original Message-----
From: Richard Barnes [mailto:rlb@ipv.sx]
Sent: mardi 6 octobre 2015 21:52
To: Harry Halpin
Cc: public-webcrypto@w3.org
Subject: Re: [W3C Web Crypto] Call for Consensus on removing algorithms from the web API specification -> 20th of October

On Tue, Oct 6, 2015 at 2:44 PM, Harry Halpin <hhalpin@w3.org> wrote:
>
>
> On 10/06/2015 02:10 PM, Richard Barnes wrote:
>> On Tue, Oct 6, 2015 at 1:41 PM, Ryan Sleevi <sleevi@google.com> wrote:
>>> Correct, and I believe Richard was looking at getting someone to
>>> implement it for Mozilla 'real soon'; there was just some additional
>>> NSS API work that had to happen before they could expose it to
>>> WebCrypto, and Firefox's underlying cryptographic library supports it with one or two tweaks.
>> Yes, we are working on this in Q4.  I would oppose removing RSA-PSS
>> from WebCrypto.
>>
>> Note also that RSA-PSS is a requirement for TLS 1.3.
>
> Richard,
>
> Do you think we should delay Rec to get this algorithm?
>
> If not, do you think its possible to get this out at latest by end of
> November?

Depends on what you mean by "out".  If you mean "landed in Nightly", maybe.  If you mean "in release Firefox", no.

--Richard


>
>   cheers,
>           harry
>
>>
>> --Richard
>>
>>
>>> On Tue, Oct 6, 2015 at 10:32 AM, Eric Roman <ericroman@google.com> wrote:
>>>> The meeting notes say that there are no implementations of RSA-PSS:
>>>>> No implementations: RSA-PSS, AES-CMAC, AES-CFB, CONCAT
>>>> Note that is not correct -- at least the Chrome browser implements
>>>> RSA-PSS
>>>>
>>>>
>>>> On Tue, Oct 6, 2015 at 10:20 AM, GALINDO Virginie
>>>> <Virginie.Galindo@gemalto.com> wrote:
>>>>> Dear all,
>>>>>
>>>>>
>>>>>
>>>>> Following our last meeting call, we decided to remove from the
>>>>> normative part of our specification the following algorithms for
>>>>> not being implemented in at least 2 of the platform tested :
>>>>> RSA-PSS, AES-CMAC, AES-CFB, CONCAT, DH. Detailed discussion can be
>>>>> found under http://www.w3.org/2015/09/28-crypto-minutes.html.

>>>>>
>>>>>
>>>>>
>>>>> This mail is a call for consensus to validate that decision.
>>>>>
>>>>>
>>>>>
>>>>> Anyone objecting to that decision should make his motivated point
>>>>> before the 20th of October at 17:00 UTC.
>>>>>
>>>>> If this decision is endorsed, the algorithms descriptions will be
>>>>> gathered in a dedicated Note.
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>>
>>>>> Virginie
>>>>>
>>>>> Chair of the web crypto WG
>>>>>
>>>>>
>>>>>
>>>>> //please ignore the following statement
>>>>>
>>>>> ________________________________
>>>>> This message and any attachments are intended solely for the
>>>>> addressees and may contain confidential information. Any
>>>>> unauthorized use or disclosure, either whole or partial, is prohibited.
>>>>> E-mails are susceptible to alteration. Our company shall not be
>>>>> liable for the message if altered, changed or falsified. If you
>>>>> are not the intended recipient of this message, please delete it and notify the sender.
>>>>> Although all reasonable efforts have been made to keep this
>>>>> transmission free from viruses, the sender will not be liable for
>>>>> damages caused by a transmitted virus.
>>>>
>

________________________________
 This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Received on Tuesday, 6 October 2015 21:04:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 October 2015 21:04:33 UTC