Re: Meeting minutes Sept 28th WebCrypto meeting from Harry Halpin on 2015-09-28 (public-webcrypto@w3.org from September 2015)

From: Harry Halpin <hhalpin@w3.org>
Date: Mon, 28 Sep 2015 17:34:48 -0400
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <5609B278.6030509@w3.org>
Thanks to Wendy Seltzer, we now have a link to the properly formatted HTML:

http://www.w3.org/2015/09/28-crypto-minutes.html

On 09/28/2015 04:56 PM, Harry Halpin wrote:
> Myself or Wendy will try to send a properly formatted out version
> before next meeting. However, for those that want the raw minutes now,
> here they are!
>
> chair: Virginie
> scribe: hhalpin
> present: vijay, markw, jyates, kodong, mikepie_msft
>
> [16:24] ==hhalpin changed the topic of #crypto to: WebEx: +16173240000
> code: 649 188 250 password: w3c (if needed
> [16:25] <virginie>
> https://lists.w3.org/Archives/Public/public-webcrypto/2015Sep/0028.html
> [16:25] <hhalpin> chair: Virginie
> [16:25] <hhalpin> scribe: hhalpin
> [16:25] <hhalpin> Virginie: Objective of the call is to have
> discussion with browser profile
> [16:25] <hhalpin> ... and then make edits to the spec
> [16:28] <hhalpin> No implementations: RSA-PSS, AES-CMAC, AES-CFB, CONCAT
> [16:28] <hhalpin> Probably keep them since there are two different
> teams: DH, CONCAT, HKDF, PBDKDF2
> [16:29] <hhalpin> Delete algorithms with no implementation, and keep
> onces with at least two different *teams* who made implementation even
> if they only work on one platform.
> [16:30] <hhalpin> So we'd give MarkW an action to remove RSA-PSS,
> AES-CMAC, AES-CFB, CONCAT
> [16:31] <hhalpin> The browser profile seems stable: RSASSA-PKCS1-v1_5,
> RSA-OAEP, AES-CBC, AES-GCM, AES-KW, HMAC, SHA-256, SHA-384, SHA-512
> [16:33] <hhalpin> markw: We should ask to see if browser profiles and
> if there's fundamental reason why some will never be implemented
> [16:33] <hhalpin> vijay: I'll be sad to see RSA-PSS and PBKDF2 go
> [16:33] <hhalpin> hhalpin: We can keep PBKDF2
> [16:34] <hhalpin> vijay: I'd hazard a guess that RSA-PSS is just not
> widely implemented yet in various libraries
> [16:34] <hhalpin> ... its in Windows OS in underyling platform but
> we're not ready
> [16:34] <hhalpin> markw: How about AES-CTR?
> [16:35] <hhalpin> hhalpin: it's kept but we don't expose it since
> there's two platforms
> [16:35] <hhalpin> vijay: We've had a debate in terms of AES-CTR since
> lots of people don't have underlying security properties
> [16:35] <hhalpin> markw: I could have a use-case AES-CTR and you have
> media files encrypted with AES counter and you wan't to described, so
> you'd need AES-CTR
> [16:35] <hhalpin> markw: That's abstract rather than something we
> necessarily want to do
> [16:36] <hhalpin> virgine: Markw, we have to demonstrate several
> implementations
> [16:36] <hhalpin> ... we cannot negotiate
> [16:37] <virginie> Action for editor to remove : RSA-PSS, AES-CMAC,
> AES-CFB, CONCAT
> [16:37] * trackbot is creating a new ACTION.
> [16:37] <trackbot> Error finding 'for'. You can review and register
> nicknames at <http://www.w3.org/2012/webcrypto/track/users>
> <http://www.w3.org/2012/webcrypto/track/users%3E>.
> [16:37] <@wseltzer_transit> [we can even leave the text as
> non-normative notes]
> [16:38] <hhalpin> virginie: How do we proceed to capture the reality
> of implementations
>
> [16:39] <hhalpin> ack hhalpin
> [16:40] <hhalpin> hhalpin: Someone needs to craft a paragraph,
> probably before the algorithm section, that says what algorithms are
> implemented across all browsers with the best implementation.
> [16:42] <hhalpin> Virginie: I can try to write this paragraph, but how
> do we keep it updated?
> [16:43] <hhalpin> We can just refer to the time-stamp of the spec, and
> then update as the spec matures. We can try to check once a year, and
> if there's major changes in algorthm support we can do a co-edited CR.
> [16:43] <hhalpin> Virginie: Any alternatives?
> [16:45] <hhalpin> Vriginie: If we make call for consensus for the plan
> October 13th
> [16:46] <hhalpin> ... call with management beginning of November
> [16:46] <hhalpin> and then we'd try to transition out of CR and into
> PR into November at some point
> [16:47] <hhalpin> virginie: A phone call one week prior to TPAC Monday
> the 19th
> [16:47] <hhalpin> 20 UTC
> [16:47] * hhalpin I'll double-check WebEx
> [16:48] <mikepie_msft> thanks. bye
>
Received on Monday, 28 September 2015 21:34:49 UTC