Re: [Web Crypto WG] draft Web Crypto WG charter : for your review and comments from Colin Gallagher on 2015-03-11 (public-web-security@w3.org from March 2015)

From: Colin Gallagher <colingallagher.rpcv@gmail.com>
Date: Wed, 11 Mar 2015 14:36:51 -0700
To: Siva Narendra <siva@tyfone.com>
Cc: GALINDO Virginie <virginie.galindo@gemalto.com>, Wendy Seltzer <wseltzer@w3.org>, "public-web-security@w3.org" <public-web-security@w3.org>, Harry Halpin <hhalpin@w3.org>, Charles Engelke <w3c@engelke.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CABghAMhXc1Q3yG4MofhMySMjuYaL=sWxJHuZT5uityH9F5-2JQ@mail.gmail.com>

Long, though interesting ramble on stack exchange on FIDO:
http://security.stackexchange.com/questions/71316/how-secure-are-the-fido-u2f-tokens

These are interesting (though I don't use the hardware) for PGP:
http://www.epass.nl/en/solutions/epass-pgp-how.html

Similarly, in some respects, is trezor: https://www.bitcointrezor.com

Have fun reading.
On Mar 11, 2015 2:02 PM, "Siva Narendra" <siva@tyfone.com> wrote:

> +adding Pub-Web-Security for continuity from the Workshop
>
> Thank you Harry. Few questions:
>
>    1. Does this mean "FIDO will not be implemented under this WG?"
>    2. Is the statement "All the web browser implementers do not want to
>    support hardware tokens or anything that is outside of cryptography in
>    within the scope of WG?" or "One browser vendors does not want to support
>    anything other than FIDO?"
>
> This is important for the eco-system to know so we can determine if this
> work should be pursued inside W3C or outside.
>
> Thank you,
> Siva
>
>
>
>
> *--*
>
>
> *Siva G. Narendra Ph.D. CEO - Tyfone, Inc.Portland | Bangalore |
> Taipeiwww.tyfone.com <http://www.tyfone.com>*
> *Voice: +1.661.412.2233 <%2B1.661.412.2233>*
>
>
> On Wed, Mar 11, 2015 at 11:16 AM, Harry Halpin <hhalpin@w3.org> wrote:
>
>>
>>
>> On 03/11/2015 07:08 PM, Charles Engelke wrote:
>> > I'm new to this WG and W3C in general, so I may be missing points on
>> > how this works. But until today that draft did include adding new use
>> > cases. Today that was revised to say "the Web Crypto WG will not
>> > adress any new use case others then the ones developed with the first
>> > version of the Web Crypto API."
>> >
>> > Did I miss the process that made this change?
>>
>> There was strong objections from members of the Working Group, in
>> particular implementers that are on public record.
>>
>> Thus, while the W3C is still committed do finding an appropriate home
>> for these use-cases and associated standards, it will not be this
>> Working Group.
>>
>> If you have a particular use-case and proposed technical solution that
>> you think would be acceptable to implementers, e-mail the Web Security
>> Interest Group at public-web-security@w3.org.
>>
>>     cheers,
>>        harry
>>
>> >
>> > Thanks,
>> >
>> > Charlie
>> >
>> > On Wed, Mar 11, 2015 at 1:13 PM, GALINDO Virginie
>> > <Virginie.Galindo@gemalto.com> wrote:
>> >> Dear all,
>> >>
>> >> You will find here
>> >> https://www.w3.org/Security/wiki/IG/webcryptonext_draft_charter the
>> basis of
>> >> the next Web Crypto WG charter.
>> >>
>> >> Based on the feedback on this mailing list, despite the long
>> discussions we
>> >> had related to new features such as crypto service in secure element,
>> >> certificate management, authentication management, this charter only
>> >> adresses the maintenance of the Web Crypto API, and the creation of
>> >> extension for specific algorithms.
>> >>
>> >> What I am expecting from working group participants now is the
>> algorithms
>> >> they would like to see as extension of the Web Crypto API. This will
>> help us
>> >> to get a list of the extension we plan to adress in the framework of
>> that
>> >> specific working group.
>> >>
>> >> Please note that there are some discussions in AC forum about
>> restricting
>> >> activities of any WG that does not work under a valid charter. Our
>> charter
>> >> will expire on the 31st of March, as such, we should try to get
>> consensus on
>> >> the new charter as soon as possible (or we will have to ask an
>> extension to
>> >> W3C director).
>> >>
>> >>
>> >>
>> >> Regards,
>> >> Virginie Galindo
>> >> gemalto
>> >> chair of the web crypto WG
>> >>
>> >>
>> >> ________________________________
>> >> This message and any attachments are intended solely for the
>> addressees and
>> >> may contain confidential information. Any unauthorized use or
>> disclosure,
>> >> either whole or partial, is prohibited.
>> >> E-mails are susceptible to alteration. Our company shall not be liable
>> for
>> >> the message if altered, changed or falsified. If you are not the
>> intended
>> >> recipient of this message, please delete it and notify the sender.
>> >> Although all reasonable efforts have been made to keep this
>> transmission
>> >> free from viruses, the sender will not be liable for damages caused by
>> a
>> >> transmitted virus.
>> >
>>
>>
>

Received on Wednesday, 11 March 2015 21:38:10 UTC