Re: Note to editors - updating "status of CR" to reflect interoperability testing/date of estimated PR entrance from Harry Halpin on 2014-12-10 (public-webcrypto@w3.org from December 2014)

From: Harry Halpin <hhalpin@w3.org>
Date: Wed, 10 Dec 2014 17:09:05 -0000
To: "Ryan Sleevi" <sleevi@google.com>
Cc: "Harry Halpin" <hhalpin@w3.org>, public-webcrypto@w3.org
Message-ID: <1627c66e04316aecfb24cb5395f23de7.squirrel@webmail-mit.w3.org>

Note that the profile is non-normative. The point is to reduce, as you put
it, vanity algorithms.

> On Dec 10, 2014 6:26 AM, "Harry Halpin" <hhalpin@w3.org> wrote:
>>
>> During the CR transition call, the Director felt we were not explicitly
>> clear enough about the status of the "browser profile", although he was
>> happy to resolved the issue. I will thus have to link to one of the
>> editorial notes in the spec's status with the proposed criteria below
>> and a reference to the fact all "algorithms" are non-normative. The goal
>> is to make sure implementers know right now that all algorithms are not
>> supported cross browser, but should know after PR.
>>
>> In particular, the proposal was that we have two interoperable
>> implementations for every algorithm listed in the spec body. However,
>> the director is happy with algorithms being non-normative as long as
>> there is a clear browser profile of interoperable algorithms.
>> Interoperability will be determined by the test-suite. That is in line
>> with WG discussions. However, if folks in the WG have an objection,
>> please mention now.
>
> I still remain unconvinced we will be able to make meaningful progress or
> normative requirement, given that both politics and local policy directly
> affect what users experience, and so the availability of an algorithm
> during a given browsing session with a given user agent will ALWAYS remain
> non guaranteed.
>
> Our success criteria for continuing to include an algorithm in the spec
> requires interoperable implementations, and I have no objection there.
>
> Discussing a browser profile as a way of trimming the list of
> useless/vanity algorithms, I also agree there.
>
> But while I support exploring the possibility of discussing a browser
> profile, and while I absolutely thing it is a TBD, I do not and cannot
> guarantee that we will be supportive of a normative requirement for
> something that is as much a deployment/user configuration issue as it is a
> specification issue, nor when making an algorithm normative would inhibit
> future security improvements.
>
>>
>> We also estimated  to the WG that we exit PR at estimated date of "March
>> 12 2015". Again, usually 3 months is the minimum to get a unified
>> test-suite together, and we're working in the fact that there is
>> Christmas vacation soon.
>>
>>    cheers,
>>       harry
>>
>

Received on Wednesday, 10 December 2014 17:09:11 UTC