Minutes, 21 March (Re: [W3C Web Crypto WG] today's call agenda) from Wendy Seltzer on 2016-03-21 (public-webcrypto@w3.org from March 2016)

From: Wendy Seltzer <wseltzer@w3.org>
Date: Mon, 21 Mar 2016 16:47:10 -0400
To: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <56F05DCE.9060607@w3.org>
We had a quick schedule review today. Minutes at
https://www.w3.org/2016/03/21-crypto-minutes.html
and in text below:


                               - DRAFT -

             Web Cryptography Working Group Teleconference

21 Mar 2016

   See also: [2]IRC log

      [2] http://www.w3.org/2016/03/21-crypto-irc

Attendees

   Present
          hhalpin, wseltzer, jyates, jimsc, ttaubert, RobTrace

   Regrets
          Virginie, markw
...

   <hhalpin> OK, I am happy to chair as stated on the phone.

   hhalpin: review quickly with implementors, implementation
   schedule

   <jimsc> Jim Schaad on the phone

Updated schedule

   hhalpin: WebCrypto charter was renewed for a 6mo extension
   ... check in on scheduling
   ... To get to Recommendation, we need to move from CR to PR,
   Rec
   ... show that we have two interoperable implementations of each
   feature
   ... So we need to gather implementation status over the next 2
   weeks
   ... 2-3 weeks of work on tests
   ... ~ May, review status of test suite and test results
   ... end of May, determine whehter to keep/cancel each feature
   ... June/July, CfC to Proposed Rec

   ->
   [7]https://lists.w3.org/Archives/Public/public-webcrypto/2016Ma
   r/0048.html Virginie's email re schedule

      [7]
https://lists.w3.org/Archives/Public/public-webcrypto/2016Mar/0048.html

   RobTrace: When we talk about features and cutting features
   ... that doesn't account for an implementor who wants features
   but doesn't have current resources for them

   hhalpin: that's a schedule proposed by Virginie

   RobTrace: Do we have to change the schedule, or if all
   algorithms are listed as optional,
   ... with algorithms that can be implement, can we finalize
   without having 2 implementations of each

   hhalpin: there are different kinds of features

   wseltzer: we need to be able to move forward; we could do that
   by showing progress, by doing extensions, or by cutting

   RobTrace: lookng at media, codecs, we had some options, let the
   market decide
   ... we had some items that we didn't implement at first, then
   when the market showed interest, implemented later

   wseltzer: are you asking for extension points, where we
   finalize the core, and then extend?

   hhalpin: @@

   RobTrace: RSA-PSS is the example we'd ask for

   hhalpin: that will remain in the final spec, Firefox
   implemented
   ... the resolution we had to stabilize the specwas to put
   removed algorithms into a "proposed" status, then move them to
   the spec when implemented

   <hhalpin> RSA-PSS will be kept

   <hhalpin> The implementation report needs to be updated to take
   into account Firefox's latest work

   <hhalpin> Microsoft will not change, but wants to keep RSA-PSS

   RobTrace: MS implementation won't change in next 6mo, but we
   have desire to implement

   <hhalpin> I believe Chrome wants to keep RSA-PSS

   RobTrace: we want to complete implementation, support; just
   can't at the moment
   ... Are we making everything mandatory?

   hhalpin: No. nothing is mandatory

   <ttaubert> RSA-PSS is currently available in Firefox Beta

   hhalpin: but we could note in test suite, "browser profile"
   what algorithms are implemented everywhere
   ... not cutting things out for the sake of process, but
   recognizing what has actual interop
   ... others that are specd but not implemnted stick around for
   potential later use.
   ... So everyone -> "browser profile"
   ... 2 implementations stay in the spec
   ... one or no implementations, go into "proposed" for later Rec

   <hhalpin> AES-CMAC, AES-CFB, CONCAT, DH are the ones at risk to
   be moving in a different section.

   hhalpin: other issues, key format, service workers

   <jimsc> CONCAT has already been killed from the spec

   <hhalpin> Sorry missed that jimsc

   ttaubert: I'm working on getting webcrypto supported in workers
   ... going to turn to service workers after

   RobTrace: I don't know that we've fully internalized SW crypto
   ... no official roadmap

   hhalpin: I think it's in chrome
   ... so we can keep that part of the spec
   ... Then key format issues remain
   ... everyone agrees JWKs work fine, but cross-browser and
   in-browser issues with other formats
   ... there's desire from users to have PKCS

   jimsc: 2 ways to deal with asn1 imports
   ... no longer tie algorithms hard to keys
   ... pretty simple in current spec
   ... versus getting people to implement what's in current spec
   is hard, not doable in time-frame

   RobTrace: Not something we've had deep discussions on

   ttaubert: same
   ... can someone summarize on ml the problems iwth key imports

   jimsc: I'll send something on the ML

   hhalpin: concenrn that dealing with asn1 lots of work
   ... markw willing to do the work
   ... testing training, 11 am Friday re TTWF

   <jimsc> This is still a clear time for me

   RobTrace: I could track that

   ttaubert: I couldn't participate Friday night
   ... but would track ML

   [calendar syncing]

   hhalpin: one training, with Mike Smith, then work moving
   forward

   ttaubert: this Friday doesn't work for me

   <jimsc> Harry, we should try and record it since it is on
   webexo

   hhalpin: I'll share the info
   ... any other questions?

   <hhalpin> [8]http://testthewebforward.org/

      [8] http://testthewebforward.org/

   <hhalpin> We'll go through this agenda

   jimsc: note, IETF meeting in 2 weeks, I can't attend then

   hhalpin: I'll check with Virginie
   ... Rob and Tim, how much time do you want for review of Jim's
   proposal

   ttaubert: propose 3 weeks

   hhalpin: I'll follow up with Virginie

   [adjourned]


On 03/21/2016 07:29 AM, GALINDO Virginie wrote:
> Dear all,
> 
> A kind reminder that today we will have a web crypto WG call at 20 :00 UTC. Keep in mind that there was a one hour shift last week in US, but the call *is still at 20:00 UTC*.
> 
> The provisioned agenda is :
> 
> -          Implementation status
> 
> -          Bugs status
> 
> -          Test status
> 
> -          - presentation of the milestones [1]
> 
> -          AOB
> 
> Regards,
> Virginie
> [1] https://lists.w3.org/Archives/Public/public-webcrypto/2016Mar/0048.html
> 
> ________________________________
> This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
> 


-- 
Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
http://wendy.seltzer.org/        +1.617.863.0613 (mobile)
Received on Monday, 21 March 2016 20:47:14 UTC