- From: Harry Halpin <hhalpin@w3.org>
- Date: Mon, 28 Sep 2015 16:56:20 -0400
- To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <5609A974.9040102@w3.org>
Myself or Wendy will try to send a properly formatted out version before next meeting. However, for those that want the raw minutes now, here they are! chair: Virginie scribe: hhalpin present: vijay, markw, jyates, kodong, mikepie_msft [16:24] ==hhalpin changed the topic of #crypto to: WebEx: +16173240000 code: 649 188 250 password: w3c (if needed [16:25] <virginie> https://lists.w3.org/Archives/Public/public-webcrypto/2015Sep/0028.html [16:25] <hhalpin> chair: Virginie [16:25] <hhalpin> scribe: hhalpin [16:25] <hhalpin> Virginie: Objective of the call is to have discussion with browser profile [16:25] <hhalpin> ... and then make edits to the spec [16:28] <hhalpin> No implementations: RSA-PSS, AES-CMAC, AES-CFB, CONCAT [16:28] <hhalpin> Probably keep them since there are two different teams: DH, CONCAT, HKDF, PBDKDF2 [16:29] <hhalpin> Delete algorithms with no implementation, and keep onces with at least two different *teams* who made implementation even if they only work on one platform. [16:30] <hhalpin> So we'd give MarkW an action to remove RSA-PSS, AES-CMAC, AES-CFB, CONCAT [16:31] <hhalpin> The browser profile seems stable: RSASSA-PKCS1-v1_5, RSA-OAEP, AES-CBC, AES-GCM, AES-KW, HMAC, SHA-256, SHA-384, SHA-512 [16:33] <hhalpin> markw: We should ask to see if browser profiles and if there's fundamental reason why some will never be implemented [16:33] <hhalpin> vijay: I'll be sad to see RSA-PSS and PBKDF2 go [16:33] <hhalpin> hhalpin: We can keep PBKDF2 [16:34] <hhalpin> vijay: I'd hazard a guess that RSA-PSS is just not widely implemented yet in various libraries [16:34] <hhalpin> ... its in Windows OS in underyling platform but we're not ready [16:34] <hhalpin> markw: How about AES-CTR? [16:35] <hhalpin> hhalpin: it's kept but we don't expose it since there's two platforms [16:35] <hhalpin> vijay: We've had a debate in terms of AES-CTR since lots of people don't have underlying security properties [16:35] <hhalpin> markw: I could have a use-case AES-CTR and you have media files encrypted with AES counter and you wan't to described, so you'd need AES-CTR [16:35] <hhalpin> markw: That's abstract rather than something we necessarily want to do [16:36] <hhalpin> virgine: Markw, we have to demonstrate several implementations [16:36] <hhalpin> ... we cannot negotiate [16:37] <virginie> Action for editor to remove : RSA-PSS, AES-CMAC, AES-CFB, CONCAT [16:37] * trackbot is creating a new ACTION. [16:37] <trackbot> Error finding 'for'. You can review and register nicknames at <http://www.w3.org/2012/webcrypto/track/users> <http://www.w3.org/2012/webcrypto/track/users%3E>. [16:37] <@wseltzer_transit> [we can even leave the text as non-normative notes] [16:38] <hhalpin> virginie: How do we proceed to capture the reality of implementations [16:39] <hhalpin> ack hhalpin [16:40] <hhalpin> hhalpin: Someone needs to craft a paragraph, probably before the algorithm section, that says what algorithms are implemented across all browsers with the best implementation. [16:42] <hhalpin> Virginie: I can try to write this paragraph, but how do we keep it updated? [16:43] <hhalpin> We can just refer to the time-stamp of the spec, and then update as the spec matures. We can try to check once a year, and if there's major changes in algorthm support we can do a co-edited CR. [16:43] <hhalpin> Virginie: Any alternatives? [16:45] <hhalpin> Vriginie: If we make call for consensus for the plan October 13th [16:46] <hhalpin> ... call with management beginning of November [16:46] <hhalpin> and then we'd try to transition out of CR and into PR into November at some point [16:47] <hhalpin> virginie: A phone call one week prior to TPAC Monday the 19th [16:47] <hhalpin> 20 UTC [16:47] * hhalpin I'll double-check WebEx [16:48] <mikepie_msft> thanks. bye
Received on Monday, 28 September 2015 20:56:25 UTC