RE: Draft report: W3C WebCrypto v.Next report from Mike Jones on 2014-10-17 (public-web-security@w3.org from October 2014)

From: Mike Jones <Michael.Jones@microsoft.com>
Date: Fri, 17 Oct 2014 19:02:28 +0000
To: Colin Gallagher <colingallagher.rpcv@gmail.com>, GALINDO Virginie <Virginie.Galindo@gemalto.com>
CC: Wendy Seltzer <wseltzer@w3.org>, "public-web-security@w3.org" <public-web-security@w3.org>, Harry Halpin <hhalpin@w3.org>, "john.mattsson@ericsson.com" <john.mattsson@ericsson.com>, Israel Hilerio <israelh@microsoft.com>
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BB16871@TK5EX14MBXC286.redmond.corp.microsoft.>

A key point missing from the minutes is that platform-held secure keys were discussed as much as device-held keys.  These can be held in either in TPMs, TEEs, or other secure elements.  At a minimum, in the next steps, I would change “Hardware tokens in scope” to “Platform-held keys and hardware tokens in scope”.

I would also suggest describing the poll that I held that resulted in people unanimously agreeing that adding the ability to use platform-accessible secure keys (both platform-held and device-held keys) from the browser is a critical next step.

                                                                -- Mike

From: Colin Gallagher [mailto:colingallagher.rpcv@gmail.com]
Sent: Friday, October 17, 2014 11:50 AM
To: GALINDO Virginie
Cc: Wendy Seltzer; public-web-security@w3.org; Harry Halpin; john.mattsson@ericsson.com; Israel Hilerio; Mike Jones
Subject: RE: Draft report: W3C WebCrypto v.Next report

The wiki / content looks great! Thank you!
On Oct 17, 2014 8:29 AM, "GALINDO Virginie" <Virginie.Galindo@gemalto.com<mailto:Virginie.Galindo@gemalto.com>> wrote:
Harry,

Sorry if I missed something, but the draft report is not on http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/.

So I recommend people to read directly the wiki version you created here : https://www.w3.org/Security/wiki/Cryptoreport#DRAFT_Final_Report

Virginie

-----Original Message-----
From: Harry Halpin [mailto:hhalpin@w3.org<mailto:hhalpin@w3.org>]
Sent: mercredi 15 octobre 2014 23:50
To: public-web-security@w3.org<mailto:public-web-security@w3.org>; israel Hilerio; john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com>; Mike Jones; GALINDO Virginie; Wendy Seltzer
Subject: Draft report: W3C WebCrypto v.Next report

Here's a DRAFT final report:

http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/

I'm missing slides from (possibly in inbox, but perhaps deleted them, just resend):

1) John Mattsson
2) Mike  Jones
3) Israel Hilerio

Just email them to me and I'll update.

I've also put a version in the wiki for easy editing/corrections. Email me if there's anything substantial that must be rewritten:

https://www.w3.org/Security/wiki/Cryptoreport

I'll be taking comments until next Monday, so we can publish the report on W3C's website before TPAC and have an official announcement.

  thanks,
    harry

________________________________
 This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.

Received on Friday, 17 October 2014 19:03:41 UTC