Re: "Recommended" is a bad word :) from Harry Halpin on 2014-05-16 (public-webcrypto-comments@w3.org from May 2014)

From: Harry Halpin <hhalpin@w3.org>
Date: Fri, 16 May 2014 18:42:07 +0200
To: "Salz, Rich" <rsalz@akamai.com>, Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>, Ryan Sleevi <sleevi@google.com>
CC: Mark Watson <watsonm@netflix.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <53763FDF.5040308@w3.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 05/16/2014 05:38 PM, Salz, Rich wrote:
> Ø  We’re stuck only if we define our job as determining whose
> favorite cryptographers are more right. We can choose not to take
> on that problem.
> 
> Well, that is kinda neatly put and it almost made me stop.  But
> then I realized that my suggestions are based on input from members
> of the IETF CFRG, which is the group of people the WG keeps
> pointing to for advice.
> 

One possible solution would be for the CFRG to write a document
containing security parameters, and for our spec to point to that.

What do you think of that Rich?

Could you bring it up to the CFRG?

The nice part of that solution is that as the crypto landscape
changes, you guys can keep that document continuously up to date,
while the W3C Rec will, like all W3C Recs (due to IPR reasons and
testing reasons) have a time-stamp on it.



> /r$ -- Principal Security Engineer Akamai Technologies, Cambridge,
> MA IM: rsalz@jabber.me<mailto:rsalz@jabber.me>; Twitter: RichSalz
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTdj/eAAoJEPgwUoSfMzqcAQEP/1deDOczJ+NY/t+SFGvMzlhE
DKcYZYvJR44KwltS/QB4h273RK4NQ+ExJDWSeMGqiD7/0t2iaSZFEJdluVoWFvU+
NuS7T8PRyaiYp07FpHGBKybrnIT9v3KBfkcYME/PqifnMV/K9IE/eMFC8dpmliI9
aB5VXRlXLGMSMyY/AKtK4KKo/kaDYysLcI1KPJc2ElmY5+vmhk3epcdf78KwGs6y
5+pIivCzZwrZQA4D34LmtTvauUnS3Qg7kAxaTIbPsZvLJQtK9fSykC9L6OwkIdKz
mqHy44AsgfoHrF5IeQegT5Y7mj8hQ7ZGKSRx//PbdoXH9GGhc4zJM3bn0AYe57zf
GeyfOzCCUjJQN+T6Ga6pLjFA/jVynSYO5UcdlhVR6vh4YtKSu+EYlCvN7EcyvH2y
xVZXAXhI/giGwm6X0gdk8bP+4wRR6vr9frSpCAbbYQnq+xyva3Lqd0Cg37KlJ86g
YDStg6xP0WsxhJLLx2A9/Zlc3y0ytvd7oNlZd6JG/fZyWiivZ4CIa0HQJPpp7WrT
LGPF6/PMBMpmdHlEuSfCz8MeaTDkmcmGwoM37o2sQ1F9mmkln3slYUS+voa8QX4M
Q+nH+7mHLQJ6a5aAkGurO6IWyJJ+ML3pAqnizia6WRz3vzAJ+n7KdeSjVGVN8+tJ
6UnQAqfd8dPLv7pxTIf7
=C0DM
-----END PGP SIGNATURE-----

Received on Friday, 16 May 2014 16:42:18 UTC