RE: [W3C Web Crypto WG] Rechartering discussion

Colin,

I was reminding the objective of the WG and working uses.
Note that it is not W3C habits to exclude people from mailing lists (unless they cause repeated problems, which is absolutely not your case). People subscribe and unsubscribe freely to the mailing lists.

Regards,
Virginie


From: Colin Gallagher [mailto:colingallagher.rpcv@gmail.com]
Sent: jeudi 8 janvier 2015 12:22
To: GALINDO Virginie
Cc: Richard Barnes; Ryan Sleevi; public-webcrypto@w3.org; public-web-security@w3.org; Wendy Seltzer; Harry Halpin; Maxwell Krohn; Chris Coyne
Subject: Re: [W3C Web Crypto WG] Rechartering discussion

This should be painfully obvious:
It shouldn't take years of work to realize that it isn't unproductive or inflammatory to point out that kicking off a discussion with a bang of "we are explicitly not interested in "user managed" (insert blah blah blah here and then lead into keys and other things) isn't what people come here to hear.
I didn't come here to hear, for example, what you are are here to exclude or marginalize or not interested in hearing, or what you may be interested in "narrowing" such that certain things get bumped off into the sidelines and users get squeezed even more.
Please bump me off this list if that sort of marginalization is going to continue, or ask me to leave these lists, and I'll happily do so of my own accord.
Respect,
Colin

On Thu, Jan 8, 2015 at 9:52 AM, GALINDO Virginie <Virginie.Galindo@gemalto.com<mailto:Virginie.Galindo@gemalto.com>> wrote:
Colin,

Please remember that W3C is a standardization body, W3C Web Crypto WG aims to  issue technical specifications, based on willingness of web actors to actually use and implement it.
You may want to analyze the rationale or relevance of browser makers product roadmap, but that is not the right place to do that.

In order to be productive, I’d suggest that supporters of specific topic join and provide good use cases and business model (yeah, that’s life) to convince web actors that they could have interest to implement them.

Regards,
Virginie



From: Colin Gallagher [mailto:colingallagher.rpcv@gmail.com<mailto:colingallagher.rpcv@gmail.com>]
Sent: jeudi 8 janvier 2015 03:33
To: Richard Barnes
Cc: Ryan Sleevi; GALINDO Virginie; public-webcrypto@w3.org<mailto:public-webcrypto@w3.org>; public-web-security@w3.org<mailto:public-web-security@w3.org>; Wendy Seltzer; Harry Halpin; Maxwell Krohn; Chris Coyne
Subject: Re: [W3C Web Crypto WG] Rechartering discussion

Hello,
As a participant in the Sept. 10-11, 2014 Web Crypto Next Steps
http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/

(and as a person who had a paper (however brief) accepted for that workshop),
--
It sounds as though there is an effort underway to limit the scope of what this group will be discussing, in such a manner that would not include user-managed storage of keys, and that would attempt to diminish the importance of trustless systems while encouraging users to place more trust in exchange for convenience in various ways with a variety of services, but where this group for rechartering as has been proposed above, would only focus on "rechartering discussions in specific and narrow scopes if such proposals have consensus (in particular, from user agents)" uh-huh.
At least, that's what the drift of it sounds like to me, and I don't like the sound of that.  I sense this strange struggle where:
tl'dr"  some people don't want users to be in control of their keys, and would rather info dump into the vast ether of FISA, business records, 3rd party cromnibus, etc., because hey, it's important to make sure that you squeeze all the profit you can out the users before discarding them, right?
or,
other people, perhaps wanting to give the users a better chance, try to give the users more of a choice in where they will store their keys and what happens next (thanks maxwell and chris and those at keybase, as examples).

Please advise what is the course of the group.  Thank you.  I just don't want to be here if the basic course is "oh let's um narrow it and try to throw people to the wolves but pretend we're not"
tl'dr:  Change course.
-c



On Wed, Jan 7, 2015 at 4:31 PM, Richard Barnes <rlb@ipv.sx<mailto:rlb@ipv.sx>> wrote:


On Wed, Jan 7, 2015 at 7:43 PM, Ryan Sleevi <sleevi@google.com<mailto:sleevi@google.com>> wrote:
As noted during the F2F during the 2014 TPAC, it's unlikely we would
be able to support such a rechartering.

In the goals, only the first goal is something that aligns with our interest.
In the scope, we are explicitly not interested in "user managed"
storage and "web certificate management". Further, we don't believe
this group is the appropriate venue for the discussion of Web
Authentication - that would be better for WebApps or WebAppSec.
WebAppSec already has proposals for dealing with credentials -
http://lists.w3.org/Archives/Public/public-webapps/2014JulSep/0141.html


Put differently, for a rechartering, the only effort we'd likely
support support is the maintenance and exploration of algorithms.

Any other chartering discussions should follow the highly productive
workmodes of WebApps and WebAppSecs - that is, concrete, defined
proposals being brought forth and holding rechartering discussions in
specific and narrow scopes if such proposals have consensus (in
particular, from user agents).

Reserving the right to disagree with Ryan on the particular scoping above, I strongly agree with the above paragraph.  None of the proposed work items to date has been defined in enough scope to make it clear what a WG would do.

--Richard



On Wed, Jan 7, 2015 at 1:48 AM, GALINDO Virginie
<Virginie.Galindo@gemalto.com<mailto:Virginie.Galindo@gemalto.com>> wrote:
> Dear all,
>
>
>
> Web Crypto WG charter [1] will end by the end of March. We need to prepare
> the next charter of Web Crypto.
>
>
>
> As a reminder, the conversation has started on this page :
> https://www.w3.org/Security/wiki/IG/webcryptonext_draft_charter

>
> Feel free to add you ideas and suggestions on the wiki and/or expose your
> opinion and question on the public-webcrypto@w3.org<mailto:public-webcrypto@w3.org> or
> public-webcrypto-comment@w3.org<mailto:public-webcrypto-comment@w3.org> (for non W3C Web Crypto WG members).
>
>
>
> Regards,
>
> Virginie
>
>
>
> [1] http://www.w3.org/2011/11/webcryptography-charter.html

>
>
>
> ________________________________
> This message and any attachments are intended solely for the addressees and
> may contain confidential information. Any unauthorized use or disclosure,
> either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for
> the message if altered, changed or falsified. If you are not the intended
> recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission
> free from viruses, the sender will not be liable for damages caused by a
> transmitted virus.


________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.

________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.