Re: [W3C Web Crypto] Call for Consensus on removing algorithms from the web API specification -> 20th of October

On 10/06/2015 03:52 PM, Richard Barnes wrote:
> On Tue, Oct 6, 2015 at 2:44 PM, Harry Halpin <hhalpin@w3.org> wrote:
>>
>> On 10/06/2015 02:10 PM, Richard Barnes wrote:
>>> On Tue, Oct 6, 2015 at 1:41 PM, Ryan Sleevi <sleevi@google.com> wrote:
>>>> Correct, and I believe Richard was looking at getting someone to implement
>>>> it for Mozilla 'real soon'; there was just some additional NSS API work that
>>>> had to happen before they could expose it to WebCrypto, and Firefox's
>>>> underlying cryptographic library supports it with one or two tweaks.
>>> Yes, we are working on this in Q4.  I would oppose removing RSA-PSS
>>> from WebCrypto.
>>>
>>> Note also that RSA-PSS is a requirement for TLS 1.3.
>> Richard,
>>
>> Do you think we should delay Rec to get this algorithm?
>>
>> If not, do you think its possible to get this out at latest by end of
>> November?
> Depends on what you mean by "out".  If you mean "landed in Nightly",
> maybe.  If you mean "in release Firefox", no.

I'm OK with using "nightly" as our test-suite, assuming there's
assurance from the relevant person in the browser team (you in this
case!) that the algorithm in nightly will eventually get in release.

 After all, the end-developer is developing for release, but we don't
want the specs algorithms to be dated quite so easily upon hitting Rec :)

>
> --Richard
>
>
>>   cheers,
>>           harry
>>
>>> --Richard
>>>
>>>
>>>> On Tue, Oct 6, 2015 at 10:32 AM, Eric Roman <ericroman@google.com> wrote:
>>>>> The meeting notes say that there are no implementations of RSA-PSS:
>>>>>> No implementations: RSA-PSS, AES-CMAC, AES-CFB, CONCAT
>>>>> Note that is not correct -- at least the Chrome browser implements RSA-PSS
>>>>>
>>>>>
>>>>> On Tue, Oct 6, 2015 at 10:20 AM, GALINDO Virginie
>>>>> <Virginie.Galindo@gemalto.com> wrote:
>>>>>> Dear all,
>>>>>>
>>>>>>
>>>>>>
>>>>>> Following our last meeting call, we decided to remove from the normative
>>>>>> part of our specification the following algorithms for not being implemented
>>>>>> in at least 2 of the platform tested : RSA-PSS, AES-CMAC, AES-CFB, CONCAT,
>>>>>> DH. Detailed discussion can be found under
>>>>>> http://www.w3.org/2015/09/28-crypto-minutes.html.
>>>>>>
>>>>>>
>>>>>>
>>>>>> This mail is a call for consensus to validate that decision.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Anyone objecting to that decision should make his motivated point before
>>>>>> the 20th of October at 17:00 UTC.
>>>>>>
>>>>>> If this decision is endorsed, the algorithms descriptions will be
>>>>>> gathered in a dedicated Note.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Virginie
>>>>>>
>>>>>> Chair of the web crypto WG
>>>>>>
>>>>>>
>>>>>>
>>>>>> //please ignore the following statement
>>>>>>
>>>>>> ________________________________
>>>>>> This message and any attachments are intended solely for the addressees
>>>>>> and may contain confidential information. Any unauthorized use or
>>>>>> disclosure, either whole or partial, is prohibited.
>>>>>> E-mails are susceptible to alteration. Our company shall not be liable
>>>>>> for the message if altered, changed or falsified. If you are not the
>>>>>> intended recipient of this message, please delete it and notify the sender.
>>>>>> Although all reasonable efforts have been made to keep this transmission
>>>>>> free from viruses, the sender will not be liable for damages caused by a
>>>>>> transmitted virus.

Received on Tuesday, 6 October 2015 20:07:05 UTC