RE: [W3C Web Crypto WG] Security considerations and recommended algorithms bug from GALINDO Virginie on 2014-05-12 (public-webcrypto@w3.org from May 2014)

From: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
Date: Mon, 12 May 2014 11:01:23 +0200
To: Ryan Sleevi <sleevi@google.com>, Harry Halpin <hhalpin@w3.org>
CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <239D7A53E5B17B4BB20795A7977613A4022CD7C04531@CROEXCFWP04.gemalto.com>

Guys,
I think we are all in line - see my previous answer.
Regards,
Virginie

From: Ryan Sleevi [mailto:sleevi@google.com]
Sent: lundi 12 mai 2014 10:57
To: Harry Halpin
Cc: GALINDO Virginie; public-webcrypto@w3.org
Subject: Re: [W3C Web Crypto WG] Security considerations and recommended algorithms bug

On Mon, May 12, 2014 at 1:53 AM, Harry Halpin <hhalpin@w3.org<mailto:hhalpin@w3.org>> wrote:

On 05/12/2014 03:36 AM, Ryan Sleevi wrote:
> Virginie,
>
> Can you please comment on what you mean by "Blocking Bug"? That has a very
> specific connotation within the W3C process.
I think this is what Virginie means:

Note that for each comment we get during Last Call, we have to "formally
address all issues raised by Working Group participants, other Working
Groups, the Membership, and the public about the Working Draft." [1]

Note that comments out of scope of the charter don't count. Rich Salz
would count as "the public".

In particular then, we have to "In the context of this document, a
Working Group has formally addressed an issue when the Chair can show
(archived) evidence of having sent a response to the party who raised
the issue. This response should include the Working Group's resolution
and should ask the party who raised the issue to reply with an
indication of whether the resolution reverses the initial objection." [2]

Simply put, usually we need to send an email before May 20th stating
that "Here's what we did (or did not do) and why in response to your
review. Can you live with the response?"

If the answer is "yes" or no answer, then we move to CR. If we get a
"no", then we have to continue dialogue until a reasonable solution that
both the WG and the reviewer can live with until we exit CR. The point
of Last Call is to get these kind of comments finished before really
focusing on the test-suite.

I'm sure we can find a reasonable solution!

   cheers,
       harry

[1] http://www.w3.org/Consortium/Process-20010719/tr.html#last-call

[2] http://www.w3.org/Consortium/Process-20010719/groups.html#formal-address

Harry,

Thanks for the detailed response. I am familiar with each of those, and that's why I sought Virginie's clarification.

In this context, *every* bug is filed is a blocking bug, which is why I do not understand why special attention has been provided.

Further, in this context, a response has been provided explaining things.

So the question is, what makes this different than bugs such as https://www.w3.org/Bugs/Public/show_bug.cgi?id=25387 ? Arguably, nothing.

Cheers,
Ryan

>
>
> On Fri, May 9, 2014 at 6:12 AM, GALINDO Virginie <
> Virginie.GALINDO@gemalto.com<mailto:Virginie.GALINDO@gemalto.com>> wrote:
>
>>  Hi all,
>>
>> This is just to bring your attention on the fact that we received a
>> “blocking bug” from Rich Salz and Kenny Patterson about the need to improve
>> our security considerations in *Bug 25607* [1]
>>
>> Ryan is working on it, but views/support from all implementers would be
>> helpful …
>>
>> Regards,
>>
>> Virginie
>>
>>
>>
>> [1] https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607

>>
>>
>>
>>
>>
>> ------------------------------
>> This message and any attachments are intended solely for the addressees
>> and may contain confidential information. Any unauthorized use or
>> disclosure, either whole or partial, is prohibited.
>> E-mails are susceptible to alteration. Our company shall not be liable for
>> the message if altered, changed or falsified. If you are not the intended
>> recipient of this message, please delete it and notify the sender.
>> Although all reasonable efforts have been made to keep this transmission
>> free from viruses, the sender will not be liable for damages caused by a
>> transmitted virus
>>
>

________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus

Received on Monday, 12 May 2014 09:02:09 UTC