- From: Wendy Seltzer <wseltzer@w3.org>
- Date: Tue, 6 Oct 2015 18:30:32 -0400
- To: public-webcrypto@w3.org
On 10/06/2015 04:06 PM, Harry Halpin wrote: > > > On 10/06/2015 03:52 PM, Richard Barnes wrote: >> On Tue, Oct 6, 2015 at 2:44 PM, Harry Halpin <hhalpin@w3.org> wrote: >>> >>> On 10/06/2015 02:10 PM, Richard Barnes wrote: >>>> On Tue, Oct 6, 2015 at 1:41 PM, Ryan Sleevi <sleevi@google.com> wrote: >>>>> Correct, and I believe Richard was looking at getting someone to implement >>>>> it for Mozilla 'real soon'; there was just some additional NSS API work that >>>>> had to happen before they could expose it to WebCrypto, and Firefox's >>>>> underlying cryptographic library supports it with one or two tweaks. >>>> Yes, we are working on this in Q4. I would oppose removing RSA-PSS >>>> from WebCrypto. >>>> >>>> Note also that RSA-PSS is a requirement for TLS 1.3. >>> Richard, >>> >>> Do you think we should delay Rec to get this algorithm? >>> >>> If not, do you think its possible to get this out at latest by end of >>> November? >> Depends on what you mean by "out". If you mean "landed in Nightly", >> maybe. If you mean "in release Firefox", no. > > I'm OK with using "nightly" as our test-suite, assuming there's > assurance from the relevant person in the browser team (you in this > case!) that the algorithm in nightly will eventually get in release. >From a process perspective, nightly counts as an implementation; we can test its interop. From a developer usage perspective, I agree we want to see it in the release too. --Wendy > > After all, the end-developer is developing for release, but we don't > want the specs algorithms to be dated quite so easily upon hitting Rec :) > >> >> --Richard >> >> >>> cheers, >>> harry >>> >>>> --Richard >>>> >>>> >>>>> On Tue, Oct 6, 2015 at 10:32 AM, Eric Roman <ericroman@google.com> wrote: >>>>>> The meeting notes say that there are no implementations of RSA-PSS: >>>>>>> No implementations: RSA-PSS, AES-CMAC, AES-CFB, CONCAT >>>>>> Note that is not correct -- at least the Chrome browser implements RSA-PSS >>>>>> >>>>>> >>>>>> On Tue, Oct 6, 2015 at 10:20 AM, GALINDO Virginie >>>>>> <Virginie.Galindo@gemalto.com> wrote: >>>>>>> Dear all, >>>>>>> >>>>>>> >>>>>>> >>>>>>> Following our last meeting call, we decided to remove from the normative >>>>>>> part of our specification the following algorithms for not being implemented >>>>>>> in at least 2 of the platform tested : RSA-PSS, AES-CMAC, AES-CFB, CONCAT, >>>>>>> DH. Detailed discussion can be found under >>>>>>> http://www.w3.org/2015/09/28-crypto-minutes.html. >>>>>>> >>>>>>> >>>>>>> >>>>>>> This mail is a call for consensus to validate that decision. >>>>>>> >>>>>>> >>>>>>> >>>>>>> Anyone objecting to that decision should make his motivated point before >>>>>>> the 20th of October at 17:00 UTC. >>>>>>> >>>>>>> If this decision is endorsed, the algorithms descriptions will be >>>>>>> gathered in a dedicated Note. >>>>>>> >>>>>>> >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Virginie >>>>>>> >>>>>>> Chair of the web crypto WG >>>>>>> >>>>>>> >>>>>>> >>>>>>> //please ignore the following statement >>>>>>> >>>>>>> ________________________________ >>>>>>> This message and any attachments are intended solely for the addressees >>>>>>> and may contain confidential information. Any unauthorized use or >>>>>>> disclosure, either whole or partial, is prohibited. >>>>>>> E-mails are susceptible to alteration. Our company shall not be liable >>>>>>> for the message if altered, changed or falsified. If you are not the >>>>>>> intended recipient of this message, please delete it and notify the sender. >>>>>>> Although all reasonable efforts have been made to keep this transmission >>>>>>> free from viruses, the sender will not be liable for damages caused by a >>>>>>> transmitted virus. > > -- Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Policy Counsel and Domain Lead, World Wide Web Consortium (W3C) http://wendy.seltzer.org/ +1.617.863.0613 (mobile)
Received on Tuesday, 6 October 2015 22:30:35 UTC