Re: [W3C Web Crypto WG] W3C Web Cryptography API CR Transition Call - minutes

On Wed, Dec 10, 2014 at 9:18 AM, GALINDO Virginie <
Virginie.Galindo@gemalto.com> wrote:

> Dear all,
> You will find below the minutes of the (successful) transition CR call,
> held yesterday with Wendy Seltzer, Harry Halpin and Philippe Le Hegaret
> from W3C.
> Few actions were required before we actually publish the last version of
> the specifications.
> Regards,
> Virginie
>
>
>
> -----Original Message-----
> From: Wendy Seltzer [mailto:wseltzer@w3.org]
> Sent: mercredi 10 décembre 2014 09:23
> Subject: [minutes] Re: W3C Web Cryptography API CR Transition Call
>
> Thanks for your work on this transition. Minutes of the successful
> transition call are: http://www.w3.org/2014/12/09-crypto-minutes.html
>
> Actions:
> [NEW] ACTION: hhalpin to make Director's decision, note that WG plans to
> make the "profile" for browser related to algorithm [recorded in
> http://www.w3.org/2014/12/09-crypto-minutes.html#action03]
> [NEW] ACTION: hhalpin to update exit criteria, reference to DOM [recorded
> in http://www.w3.org/2014/12/09-crypto-minutes.html#action01]
> [NEW] ACTION: hhalpin will notify webmaster of publication request and
> double-check with editors on changes [recorded in
> http://www.w3.org/2014/12/09-crypto-minutes.html#action02]
>
> Thanks!
> --Wendy
>
> On 12/03/2014 04:56 AM, GALINDO Virginie wrote:
> > Dear all,
> >
> > Please find below the elements for moving the W3C Web Crypto API towards
> CR.
> >
> > Provisioned publication date is 11th of December.
> >
> > Regards,
> >
> > Virginie Galindo
> >
> > Chair of Web Crypto WG
> >
> >
> >
> > ======
> >
> >
> >
> > 1 Document title
> >
> >
> >
> >   Web Cryptography API
> >
> >
> >
> > 2 Document URI
> >
> >
> >
> > We propose to publish the document at the following URI (adjusting the
> yyyymmdd portion of the URI as may be needed):
> >
> >
> >
> >   http://www.w3.org/TR/2014/CR-WebCryptoAPI-20141211
> >
> >
> >
> > Publication-ready copies of the document are already staged at the
> following URI in preparation for the telecon at which the Director's
> decision on this transition request will be finalized"
> >
> >
> >
> >   http://www.w3.org/2012/webcrypto/CR-WebCryptoAPI-20141211/
> >
> >
> >
> > 3 Estimated publication date
> >
> >
> >
> > Assuming (a) a Transition Call held before 10-December and (b) a
> favorable Director's decision, we propose to publish the documents on 11
> December 2013. We expect Philippe LeHegaret or Ralph Swick to review.
> >
> >
> >
> > 4 Record of the group's decision to advance
> >
> >
> >
> > The Web Cryptography Working Group did a call for consensus that ended
> Nov 3rd to request publication of the document named above as a Candidate
> Recommendation.
> >
> >
> >
> > http://lists.w3.org/Archives/Public/public-webcrypto/2014Oct/0169.html
> >
> >
> >
> > There were no objections as recorded in the public mailing list archive.
> >
> > Further bugs required some additional work so that the document would be
> ready for CR.
> >
> >
> >
> > 5 Document abstract
> >
> >
> >
> > This specification describes a JavaScript API for performing basic
> cryptographic operations in web applications, such as hashing, signature
> generation and verification, and encryption and decryption.
> >
> > Additionally, it describes an API for applications to generate and/or
> manage the keying material necessary to perform these operations. Uses for
> this API range from user or service authentication, document or code
> signing, and the confidentiality and integrity of communications.
> >
> >
> >
> > 6 Status of this document section
> >
> >
> >
> > See the status document at the staging URI:
> >
> >
> >
> > http://www.w3.org/2012/webcrypto/CR-WebCryptoAPI-20141211/
> >
> >
> >
> > 7 Important changes to the document
> >
> >
> >
> > All changes to the document are recorded and easily found within the
> Mercurial repository for the document at W3C available here:
> >
> >
> >
> > https://dvcs.w3.org/hg/webcrypto-api/
> >
> >
> >
> > There have been many changes to the text since the publication of the
> Last Call Working Draft in response to reviewer comments.  Details for
> larger changes are given in the Disposition of Comments, including major
> changes such as the extensibility mechanism.
> >
> >
> >
> > However, given that the changes were either additions to the
> specification done in response to resolving reviewer comments during Last
> Call or "minor edits" that clarified the specification for implementers,
> the Working Group believes that the changes made do not invalidate any
> earlier favorable review of the Web Cryptography API.
> >
> >
> >
> > List of changes:
> >
> >
> >
> > - The Working Group implemented an extensibility mechanism.
> >
> >
> >
> > "Extension specifications will be explicitly listed in the
> > specification
> >
> > - list to be updated with Errata. No longer possible to completely
> override existing algorithms. New hash algorithms can be added. EC curve
> extensibility intended to allow a variety of new curves, not just those
> that align with NIST ones."
> >
> >
> >
> > http://lists.w3.org/Archives/Public/public-webcrypto/2014Oct/0167.html
> >
> >
> >
> > - The Working Group also had a very large discussion of how to add
> additional elliptic curves.
> >
> >
> >
> > "The WG will not decide which additional curve to integrate before
> IETF/CFRG share its recommendation. Once this recommendation shared, based
> on timing constraint, algorithm maturity, the WG will make decision about
> integrating the curves, in accordance with the extensible mechanism the WG
> will decide, according to bug 25618 [0]. In case IETF/CFRG does not share
> recommendation before the Web Crypto API move to Proposed Recommendation,
> there will be no curve added.
> >
> >
> >
> >           The Web Crypto will exit Last Call without any mention to
> those algorithms, without any provisioned place holder, but an editorial
> note stating that 'some new curves may be added if IETF/CFRG issue
> recommendations and that curves description are mature and complete enough
> to be referenced in our deliverables before we move to Proposed
> Recommendation. In that special case, the specification would go back to
> Last Call'
> >
> >
> >
> >           If IETF/CFRG does not give any recommendation before we move
> to Proposed Recommendation, we will not integrate any new curve in our Web
> Crypto API current specification, and this will be done in the next version
> of our deliverables.
> >
> >
> >
> >           A liaison will be sent to IETF/CFRG exposing that situation.
> >
> >
> >
> > Note that this resolution does not prevent anyone to share with the
> Working Group some draft describing NUMS or 25519 curves, in line with the
> extension mechanism to be described in bug 25618 [0]. This resolution
> prevents someone asking to make decision about formal endorsement of a new
> curve, between the exit to Last Call and the move to Proposed
> Recommendation milestones, if the IETF/CFRG has not yet issued its own
> recommendation."
> >
> >
> >
> > http://lists.w3.org/Archives/Public/public-webcrypto/2014Sep/0011.html
> >
> >
> >
> > - Browser interoperability to be defined during CR
> >
> >
> >
> > Based on the exchanges related to this bug, one possible way to move
> > forward is to define a browser profile after interoperability testing
> > is conducted with different implementations. This browser profile
> > should describe the exact behavior of the browser in case part of the
> > algorithms are not available, or partially available, or disabled by
> > the user. As such it is required to treat that bug once
> > implementations have been demonstrated, which means after the call for
> > implementation
> >
> >
> >
> > https://www.w3.org/Bugs/Public/show_bug.cgi?id=25985
> >
> >
> >
> > 8 Requirements
> >
> >
> >
> > The requirements for this specification has not changed since the
> publication of the Last Call Working Draft. In light of the charter, the
> Web Cryptography API fulfills all the requirements for primary features,
> although key "control beyond the lifetime of a single session" has been
> reduced by making keys bound to a single session due to privacy reasons.
> >
> > In terms of secondary features, only "key import/export" have been
> addressed. The rest of the secondary features are left for possible future
> work in this Working Group or another Working Group.
> >
> >
> >
> > 9 Dependencies
> >
> >
> >
> > This specification has dependencies on one W3C specification that is not
> yet a W3C Candidate Recommendation; that document is the DOM (Living
> Standard) from WHATWG. As soon as W3C DOM4 goes to Candidate
> Recommendation, as noted in the specification, the dependency will change
> to W3C DOM4.
> >
> >
> >
> > 10 Evidence of Wide Review
> >
> >
> >
> > 58 reviewers have been received on this document via the Bugzilla
> tracking system during the Last Call Review period.  Comments received on
> the mailing list were re-directed into the Bugzilla. The vast majority of
> the comments came from outside of the Working Group. Every group listed in
> the charter was contacted for review. The specification also had review by
> the W3C TAG and Privacy Interest Group.
> >
> >
> >
> > 11 Disposition of comments
> >
> >
> >
> > The Last Call review period for this document closed on 20 May 2014.
> >
> > Each comment received before the 20 May 2014 end of the comment period
> has been formally addressed by the Working Group; details for each comment
> are shown in the Bugzilla entry for that comment. The Working Group has
> attempted in all cases to procure an affirmative response from each
> commenter that the comment has been resolved satisfactorily. The
> Disposition of Comments is available here:
> >
> >
> >
> > http://www.w3.org/2012/webcrypto/DispositionOfComments/WebCryptoDispos
> > itionOfComments.html
> >
> >
> >
> > Due to the continued work of the Working Group to resolve open issues
> brought up in Last Call, a further 37 bugs were created and resolved.
> >
> > These bugs are also listed in the Disposition of Comments for
> informative purposes in a secondary section.
> >
> >
> >
> > 12 Features At Risk
> >
> >
> >
> > All algorithms in this document that has been designated as "at risk". A
> "browser profile" will be created during CR to clarify the status of
> interoperability between algorithms.
> >
> >
> >
> > There is a current dependency with IRTF CFRG for the addition of a new
> "non-NIST" elliptic curve or curves, as the CFRG is supposed to give a
> recommendation for such curves to the IETF TLS WG. However, as these curves
> have yet to be recommended and the deadline by CFRG may change, the
> WebCrypto WG will make a decision on how to implement these via either
> direct inclusion or the extension mechanism once the CFRG decision has been
> announced.
> >
> >
> >
> > 13 Exit Criteria
> >
> >
> >
> > The chair and team contact agreed that the Candidate Recommendation
> > stage for this document will remain in effect until at least 12 March
> >
> > 2015 (if the CR document is published as planned on 11 December 2014).
> >
> > They have also agreed that transition to Proposed Recommendation will
> not be requested until the following criteria have been met:
> >
> >
> >
> > (1) There are at least two independent implementations of the
> > specification
> >
> > (2) There are no open substantive bugs or issues
> >
> > (3) Every external comment has been responded to satisfactorily
> >
> >
> >
> > 14 Objections
> >
> >
> >
> > There have been two formal objections raised against this document since
> their publication as Last Call Working Drafts. In both cases, the objection
> was resolved.
> >
> >
> >
> > (1) The first formal objection required the lack of security guidelines
> for developers by Rich Salz (Akamai, but formal objection as an individual).
> >
> >
> >
> > https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607
> >
> >
> >
> > It was resolved by writing security guidelines and then sending the
> guidelines to the CFRG. The CFRG may maintain the document and then Web
> Cryptography API will point to it. The draft document is here:
> >
> >
> >
> > http://www.w3.org/2012/webcrypto/draft-irtf-cfrg-webcrypto-algorithms-
> > 00.txt
> >
> >
> >
> > The response by the review shows that they accepted the response:
> >
> >
> >
> > https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607#c33
> >
> >
> >
> > (2) The second formal objection was over the extractability of private
> key material. Although the use-cases were not traditional Web use-cases as
> "end to end" encryption with a possibly malicious server is not handled by
> the Web Security Model, the use-case was accepted by some members of the
> Working Group as valid but also should be in-scope of the Web Application
> Security Working Group, not the Web Cryptography Working Group.
> >
> >
> >
> > https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721
> >
> >
> >
> > While the original non-W3C member reviewer who raised the formal
> objection did not respond, a second non-W3C member reviewer who also (Tom
> Lowenthal) accepted the response.
> >
> >
> >
> > https://www.w3.org/Bugs/Public/show_bug.cgi?id=25721#c34
> >
> >
> >
> > See the Disposition of Comments for further details.
> >
> >
> >
> > http://www.w3.org/2012/webcrypto/DispositionOfComments/WebCryptoDispos
> > itionOfComments.html
> >
> >
> >
> > 15 Test Suite
> >
> >
> >
> > A unified test suite for the Web Cryptography API has not been
> developed. However, the API has already been implemented and the tests are
> available from:
> >
> >
> >
> > http://dxr.mozilla.org/mozilla-central/search?tree=mozilla-central&q=p
> > ath%3Adom%2Fcrypto%2Ftest&redirect=true
> >
> >
> >
> > as are the tests from Google
> >
> > https://code.google.com/p/chromium/codesearch#chromium/src/content/tes
> > t/data/webcrypto/
> >
> > and
> >
> > https://code.google.com/p/chromium/codesearch#chromium/src/content/chi
> > ld/webcrypto/test/
> >
>

More tests for Chromium here:
https://chromium.googlesource.com/chromium/blink/+/master/LayoutTests/crypto/
(Includes overlap with the WebKit tests listed below)


> >
> >
> > and Webkit
> >
> > http://trac.webkit.org/browser/trunk/LayoutTests/crypto
> >
> >
> >
> > The focus of the CR phase will be to unify these diverse test-suites
> into a single test-suite to make sure Web developers can depend on the Web
> Cryptography API being interoperable. We believe the 3 months needed for CR
> are sufficient for this purpose.
> >
> >
> >
> > 15 Patent disclosures
> >
> >
> >
> > The patent disclosure pages at the URLs shown below indicate no
> exclusions and no disclosures for any documents in this group.
> >
> >
> >
> >   http://www.w3.org/2004/01/pp-impl/54174/status
> >
> > ________________________________
> > This message and any attachments are intended solely for the addressees
> and may contain confidential information. Any unauthorized use or
> disclosure, either whole or partial, is prohibited.
> > E-mails are susceptible to alteration. Our company shall not be liable
> for the message if altered, changed or falsified. If you are not the
> intended recipient of this message, please delete it and notify the sender.
> > Although all reasonable efforts have been made to keep this transmission
> free from viruses, the sender will not be liable for damages caused by a
> transmitted virus.
> >
>
>
> --
> Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Policy Counsel
> and Domain Lead, World Wide Web Consortium (W3C)
> http://wendy.seltzer.org/        +1.617.863.0613 (mobile)
>
> ________________________________
>  This message and any attachments are intended solely for the addressees
> and may contain confidential information. Any unauthorized use or
> disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for
> the message if altered, changed or falsified. If you are not the intended
> recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission
> free from viruses, the sender will not be liable for damages caused by a
> transmitted virus.
>