Re: [W3C Web Crypto WG] Review of WebRTC 1.0 from Web Crypto Working Group from Harry Halpin on 2015-10-25 (public-webcrypto@w3.org from October 2015)

From: Harry Halpin <hhalpin@w3.org>
Date: Sun, 25 Oct 2015 11:57:01 -0400
To: GALINDO Virginie <Virginie.Galindo@gemalto.com>, Ryan Sleevi <sleevi@google.com>
CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <562CFBCD.2010201@w3.org>
On 10/25/2015 06:48 AM, GALINDO Virginie wrote:
>
> Ryan,
> There is no formal process for reviewing other WG specs in the Web
> Crypto WG.
> W3C is currently promoting a formal review process on the security
> side, but it relies on good whell of (scarce) reviewers in Web
> Security IG and/or TAG ones.
> Whatever Harry will report during his review will be personnal views, 
> yes, and the WG does not need to endorse it, or individuals could even
> challenge/complete it, to make it better.
> I think that the Web RTC request falls here in the good practice of
> awareness and helping each other for a better Web, not really
> following a process.
> Regards
> Virginie
>
>
>
> ---- Ryan Sleevi a écrit ----
>
> Harry, Virginie,
>
> Is there a W3C process for reviews? I'm aware of the TAG-approach of
> Markdown'd findings, but I'm also aware that some of these requests
> are informally-formal, and simply a call for all members to review,
> consider, and offer their own (personal) feedback, such as emails, bug
> reports, open issues, etc.
>
> My understanding is that this is the latter camp - for which nothing
> should stop Harry from offering feedback, and that feedback may
> ultimately be disagreed with w/ other members of the WG; put
> differently, there is no need for the WG to formalize consensus of
> feedback and formally offer it - it is simply sufficient to review and
> send away.
>
> Is this a correct understanding from the W3C process perspective?

Indeed, although I'd throw my feedback to the public-webcrypto@w3.org
mailing-list first for WG-wide feedback before drafting.

Obviously WebCrypto and WebRTC are different parts of the 'stack' but
WebRTC has some interesting properties which should be noted.

      cheers,
             harry

>
> On Fri, Oct 23, 2015 at 6:00 AM, Harry Halpin <hhalpin@w3.org
> <mailto:hhalpin@w3.org>> wrote:
>
>     I'm happy to give a review if no-one else wants to.
>
>     On 10/23/2015 07:01 AM, GALINDO Virginie wrote:
>     > Dear all,
>     > Any kind reviewer for that request, specially on the attestation
>     signature side ?
>     > Regards,
>     > Virginie
>     >
>     > -----Original Message-----
>     > From: Stefan Håkansson LK
>     [mailto:stefan.lk.hakansson@ericsson.com
>     <mailto:stefan.lk.hakansson@ericsson.com>]
>     > Sent: jeudi 15 octobre 2015 11:09
>     > To: GALINDO Virginie; public-webcrypto-comments@w3.org
>     <mailto:public-webcrypto-comments@w3.org>
>     > Cc: webrtc-chairs@w3.org <mailto:webrtc-chairs@w3.org>
>     > Subject: Review of WebRTC 1.0 from Web Crypto Working Group
>     >
>     > Dear Web Crypto Working Group,
>     >
>     > The WebRTC Working Group is working toward publishing the WebRTC
>     1.0 specification to Candidate Recommendation and is thus seeking
>     review from a variety of groups on the document:
>     > http://w3c.github.io/webrtc-pc/
>     >
>     > We are particularly interested on feedback on the following
>     aspects from the Web Crypto WG:
>     > - the management of certificates used to establish the DTLS
>     connections,
>     > - the usage and exchange of signed assertions in the identity
>     provider mechanism.
>     >
>     > We of course also welcome feedback on any other aspect of the
>     specification.
>     >
>     > Any such feedback received the week before TPAC would make it
>     possible for us to look at it during our F2F there and so would be
>     appreciated.
>     > We hope to transition request to Candidate Recommendation by the
>     end of this year.
>     >
>     > If you have any comments, we prefer you submit them as Github
>     issues:
>     > https://github.com/w3c/webrtc-pc/issues
>     <https://github.com/w3c/webrtc-pc/issues>
>     >
>     > Alternatively, you can send your comments by email to
>     public-webrtc@w3.org <mailto:public-webrtc@w3.org>.
>     >
>     > Thanks,
>     >
>     > For the WebRTC co-chairs,
>     > Stefan
>     > ________________________________
>     >  This message and any attachments are intended solely for the
>     addressees and may contain confidential information. Any
>     unauthorized use or disclosure, either whole or partial, is
>     prohibited.
>     > E-mails are susceptible to alteration. Our company shall not be
>     liable for the message if altered, changed or falsified. If you
>     are not the intended recipient of this message, please delete it
>     and notify the sender.
>     > Although all reasonable efforts have been made to keep this
>     transmission free from viruses, the sender will not be liable for
>     damages caused by a transmitted virus.
>     >
>
>
>
> ------------------------------------------------------------------------
> This message and any attachments are intended solely for the
> addressees and may contain confidential information. Any unauthorized
> use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable
> for the message if altered, changed or falsified. If you are not the
> intended recipient of this message, please delete it and notify the
> sender.
> Although all reasonable efforts have been made to keep this
> transmission free from viruses, the sender will not be liable for
> damages caused by a transmitted virus.
Received on Sunday, 25 October 2015 15:57:06 UTC