Re: [W3C Web Crypto WG] Take away from 11th of August WG call (mainly on NUMS curves integration)

Virginie, all,

I believe the general sentiment was that we should specify how the NUMS
curves can be used with WebCrypto, but there was no consensus on where /
what document. Given this, I don't see that we have much alternative but to
progress the technical work in a separate document for the moment, perhaps
leaving open the door to integration into the main specification at a later
point, if and when we have a recommendation from IETF / CFRG, depending on
the status at that time of the main specification and if there is consensus
to do that in the group (Perhaps that means the door is only very very
slightly ajar.)

Otherwise, we will be stalling progress on the technical work over a
documentation / process issue.

...Mark


On Tue, Aug 12, 2014 at 5:50 AM, GALINDO Virginie <
Virginie.Galindo@gemalto.com> wrote:

>  Dear all,
>
>
>
> This is a take away of our discussions held during the Web Crypto WG call.
> Please note that this does not replace the minutes available under
> http://www.w3.org/2014/08/11-crypto-minutes.html
>
>
>
> -          Wendy reminded us the process to go towards Candidate
> Recommendation, highlighting the need to collect elements demonstrating
> that the WG discussed sensitive bugs **and** shared with the bug
> reviewers their decision (ideally having them happy). Wendy and Harry
> mentioned that we still have few sensitive bugs that the WG need to
> address. Note that the exhaustive list of 60 open bugs related to Web
> Crypto API can be found here :
> https://www.w3.org/Bugs/Public/buglist.cgi?quicksearch=web%20crypto&list_id=42115
>
> -          The WG discussed the way to move forward on the integration of
> NUMS curves into the WG deliverables. The options discussed were based on
> following scenario : addition of NUMS curve via an extension, inclusion of
> NUMS curve in the main mains spec as feature risk, postponing our target
> candidate recommendation to expect CFRG recommendation, dropping all NIST
> algorithms in our main spec. All options informally voted, including the
> option not to make a decision now, collected objections or massive
> non-happy expression.
>
> -          Short summary of the informative votes : working extension as
> a separate case (2 objections by Harry, Bal), working on the feature at
> risk in the main spec (2 objections by Richard and Ryan, via delegation
> vote), working on not making decision (3 times “-0.5” vote), delaying the
> deliverables by 6 months (1 objection by Richard and a lots of unhappy
> people).
>
> -          The question on which option would mandate a return to Last
> Call was also discussed (which would delay by few weeks again the Candidate
> Recommendation migration), and needs further discussions.
>
> -          The WG did not have time to address the curve25519 case,
> neither bug related to extensibility mechanisms.
>
> -          It was discussed that IETF / CFRG algorithm recommendation
> would happen during IETF#91, beginning November.
>
> -          It was stated at the beginning of the call that the chair
> would trigger call for consensus via email to progress on the sensitive
> bugs.
>
> -          The next call to follow up on that discussion will be on the 25
> th of August at 20:00 UTC, usual bridge and irc
>
>
>
> In the meantime all conversation, alternatives, driving us toward
> consensus will be appreciated…
>
>
>
> Virginie
>
> Chair of the Web Crypto WG
>
>
>  ------------------------------
> This message and any attachments are intended solely for the addressees
> and may contain confidential information. Any unauthorized use or
> disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for
> the message if altered, changed or falsified. If you are not the intended
> recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission
> free from viruses, the sender will not be liable for damages caused by a
> transmitted virus.
>