- From: Colin Gallagher <colingallagher.rpcv@gmail.com>
- Date: Mon, 25 Apr 2016 22:51:58 -0700
- To: GALINDO Virginie <Virginie.Galindo@gemalto.com>
- Cc: "public-web-security@w3.org" <public-web-security@w3.org>
- Message-ID: <CABghAMjs1PhcmwcVeFTki5ZtAxLyW_W8pY9mTT4Pq=Ou9awc5A@mail.gmail.com>
Thank you, Virginie. The executive summary for the Web Crypto Next <https://www.w3.org/2012/webcrypto/webcrypto-next-workshop/report.html> included a link to this wiki <https://www.w3.org/Security/wiki/IG/webcryptonext_draft_charter> which seems out of date, I am curious if it will be updated to include links to github or other relevant areas where one can see the Web Crypto API (for example https://github.com/diafygi/webcrypto-examples / some extended commentary on it which appears to have run on for awhile at HN / ycombinator is at https://news.ycombinator.com/item?id=9094630 ) - but not only that as the wiki just seemed generally out of date. Under 'Deliverables,' the wiki did include an element which suggested: *extension of Web Crypto API for new curves [please insert a consensual list] * (However, there was never added a 'consensual list') Similarly, under 'Milestones' [dates of deliverables on the track recommendation line] does not show any dates. These are just my own observations so I am curious if this will be updated in the near term or not. It seems logical to me to update the wiki. -C On Mon, Apr 25, 2016 at 10:17 PM, GALINDO Virginie < Virginie.Galindo@gemalto.com> wrote: > Colin, > The web crypto next was a workshop name. The web crypto WG is still > alive, working with the same charter, same scope, it was created for, > which has been extended several time. > Regards, > Virginie > > > ---- Colin Gallagher a écrit ---- > > > What is presently the status of the Web Crypto Next charter(ing)? > > (ref.: > https://www.w3.org/2012/webcrypto/webcrypto-next-workshop/report.html ) > > On Wed, Feb 18, 2015 at 4:41 AM, GALINDO Virginie < > Virginie.Galindo@gemalto.com> wrote: > >> Dear all, >> >> (web security chair hat on) >> >> a lots of interesting and very diverse conversation going on here. I just >> would like to remind the segmentation of topics and ownership in W3C in >> ordre to help people to send their use cases, contributions and thoughts to >> the appropriate location : >> >> - Web Crypto next charter >> The charter will include anything related to cryptographic operation. At >> the moment, the WG targets the maintenance of the specification to include >> new algorithms (aka new curve familly). The group is currently discussing >> the gemalto proposal for certificate management, integrating the usage of >> hardware token for cryptographic operation, with no consensus on that >> matter. if you are willing to support one of those topic, please speak on >> the public-webcrypto mailing list [1]. >> >> - FIDO Alliance and authentication service >> The topic of authentication is currenlty owned and discussed by FIDO >> Alliance. the level of service expected there is about enrollement and >> authentication opertaions. That technology is backed by a strong strategy >> by Microsoft and Google. I suggest we let FIDO Alliance decide when they >> are ready to input to W3C their contribution in terms which are compliant >> with W3C IP policy. >> >> - Web Payment services >> That topic is discussed in the Web Payment Interest group, whihc is >> currently gathering use cases. There are no technical requirements, no >> technical proposal endorsed in the IG as of today. It may happen that the >> Web Payment IG ends with that kind of consensual requirements. I can only >> encourage people interested in payment to join the IG or at least monitor >> their deliverables [2]. >> >> - Any service accessing secure element >> That topic will not be adressed in the Web Crypto next charter, it has >> been rejected by main browser makers attending that WG. The way to go on >> the discussion could be either to create a W3C community group, it is very >> light and easy to manage and join. But there is another possibility : from >> what I see, GlobalPlatform is willing to host the discussion in ordre to >> allow all players to design a flexible technical solution, allowing browser >> to integrate in a flexible way any services using hardware token. GP will >> soon open a public working group, with an IP policy compliant with W3C one, >> to discuss that. >> >> Again, that mail is not to prevent you to share here your ideas and >> comments, but gives you guideline to make sure your are heard in the >> appropriate group(s). >> >> Regards, >> Virginie >> chair of the Web Security IG >> >> >> [1] https://lists.w3.org/Archives/Public/public-webcrypto/ >> [2] http://www.w3.org/Payments/IG/ >> ------------------------------ >> This message and any attachments are intended solely for the addressees >> and may contain confidential information. Any unauthorized use or >> disclosure, either whole or partial, is prohibited. >> E-mails are susceptible to alteration. Our company shall not be liable >> for the message if altered, changed or falsified. If you are not the >> intended recipient of this message, please delete it and notify the sender. >> Although all reasonable efforts have been made to keep this transmission >> free from viruses, the sender will not be liable for damages caused by a >> transmitted virus. >> ------------------------------ >> This message and any attachments are intended solely for the addressees >> and may contain confidential information. Any unauthorized use or >> disclosure, either whole or partial, is prohibited. >> E-mails are susceptible to alteration. Our company shall not be liable >> for the message if altered, changed or falsified. If you are not the >> intended recipient of this message, please delete it and notify the sender. >> Although all reasonable efforts have been made to keep this transmission >> free from viruses, the sender will not be liable for damages caused by a >> transmitted virus >> > > ------------------------------ > This message and any attachments are intended solely for the addressees > and may contain confidential information. Any unauthorized use or > disclosure, either whole or partial, is prohibited. > E-mails are susceptible to alteration. Our company shall not be liable for > the message if altered, changed or falsified. If you are not the intended > recipient of this message, please delete it and notify the sender. > Although all reasonable efforts have been made to keep this transmission > free from viruses, the sender will not be liable for damages caused by a > transmitted virus. >
Received on Tuesday, 26 April 2016 05:53:57 UTC