Re: [W3C Web Crypto] Call for Consensus on removing algorithms from the web API specification -> 20th of October from Richard Barnes on 2015-10-06 (public-webcrypto@w3.org from October 2015)

From: Richard Barnes <rlb@ipv.sx>
Date: Tue, 6 Oct 2015 15:52:09 -0400
To: Harry Halpin <hhalpin@w3.org>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CAL02cgS3kP=37nXsaU_HsDYP8=pH1Fxf6JYKC5keSeneYRY5iw@mail.gmail.com>

On Tue, Oct 6, 2015 at 2:44 PM, Harry Halpin <hhalpin@w3.org> wrote:
>
>
> On 10/06/2015 02:10 PM, Richard Barnes wrote:
>> On Tue, Oct 6, 2015 at 1:41 PM, Ryan Sleevi <sleevi@google.com> wrote:
>>> Correct, and I believe Richard was looking at getting someone to implement
>>> it for Mozilla 'real soon'; there was just some additional NSS API work that
>>> had to happen before they could expose it to WebCrypto, and Firefox's
>>> underlying cryptographic library supports it with one or two tweaks.
>> Yes, we are working on this in Q4.  I would oppose removing RSA-PSS
>> from WebCrypto.
>>
>> Note also that RSA-PSS is a requirement for TLS 1.3.
>
> Richard,
>
> Do you think we should delay Rec to get this algorithm?
>
> If not, do you think its possible to get this out at latest by end of
> November?

Depends on what you mean by "out".  If you mean "landed in Nightly",
maybe.  If you mean "in release Firefox", no.

--Richard


>
>   cheers,
>           harry
>
>>
>> --Richard
>>
>>
>>> On Tue, Oct 6, 2015 at 10:32 AM, Eric Roman <ericroman@google.com> wrote:
>>>> The meeting notes say that there are no implementations of RSA-PSS:
>>>>> No implementations: RSA-PSS, AES-CMAC, AES-CFB, CONCAT
>>>> Note that is not correct -- at least the Chrome browser implements RSA-PSS
>>>>
>>>>
>>>> On Tue, Oct 6, 2015 at 10:20 AM, GALINDO Virginie
>>>> <Virginie.Galindo@gemalto.com> wrote:
>>>>> Dear all,
>>>>>
>>>>>
>>>>>
>>>>> Following our last meeting call, we decided to remove from the normative
>>>>> part of our specification the following algorithms for not being implemented
>>>>> in at least 2 of the platform tested : RSA-PSS, AES-CMAC, AES-CFB, CONCAT,
>>>>> DH. Detailed discussion can be found under
>>>>> http://www.w3.org/2015/09/28-crypto-minutes.html.
>>>>>
>>>>>
>>>>>
>>>>> This mail is a call for consensus to validate that decision.
>>>>>
>>>>>
>>>>>
>>>>> Anyone objecting to that decision should make his motivated point before
>>>>> the 20th of October at 17:00 UTC.
>>>>>
>>>>> If this decision is endorsed, the algorithms descriptions will be
>>>>> gathered in a dedicated Note.
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>>
>>>>> Virginie
>>>>>
>>>>> Chair of the web crypto WG
>>>>>
>>>>>
>>>>>
>>>>> //please ignore the following statement
>>>>>
>>>>> ________________________________
>>>>> This message and any attachments are intended solely for the addressees
>>>>> and may contain confidential information. Any unauthorized use or
>>>>> disclosure, either whole or partial, is prohibited.
>>>>> E-mails are susceptible to alteration. Our company shall not be liable
>>>>> for the message if altered, changed or falsified. If you are not the
>>>>> intended recipient of this message, please delete it and notify the sender.
>>>>> Although all reasonable efforts have been made to keep this transmission
>>>>> free from viruses, the sender will not be liable for damages caused by a
>>>>> transmitted virus.
>>>>
>

Received on Tuesday, 6 October 2015 19:52:38 UTC