[wot-security] minutes - 31 May 2021

available at:
  https://www.w3.org/2021/05/31-wot-sec-minutes.html

also as text below.

Thanks a lot for taking the minutes, Elena!

Kazuyuki

---
   [1]W3C

      [1] https://www.w3.org/

                              WoT Security

31 May 2021

   [2]IRC log.

      [2] https://www.w3.org/2021/05/31-wot-sec-irc

Attendees

   Present
          Elena_Reshetova, Kaz_Ashimura, Michael_McCool,
          Oliver_Pfaff, Philipp_Blum, Tomoaki_Mizushima

   Regrets
          -

   Chair
          McCool

   Scribe
          elena

Contents

    1. [3]meeting minutes
    2. [4]Fixing wot security best practices doc
    3. [5]PR for TD signatures
    4. [6]Summary of issues

Meeting minutes

  meeting minutes

   [7]https://www.w3.org/2021/05/24-wot-sec-minutes.html

      [7] https://www.w3.org/2021/05/24-wot-sec-minutes.html

   McCool makes a summary of things discussed during the last
   meeting

   McCool: any objections to publishing the minutes?

   no objections, minutes accepted

  Fixing wot security best practices doc

   McCool: we have a number of issues that needs fixing - can see
   in github issues. I have volunteered for some issues, others
   need more volunteers

   <kaz> [8]wot-security-best-practices Issue 14 - TD Signatures
   and Object Security

      [8] https://github.com/w3c/wot-security-best-practices/issues/14

   McCool will do an initial cleanup for this issue and then
   Oliver can continue in July

   Issue: Update secure transport section [9]https://github.com/
   w3c/wot-security-best-practices/issues/13

      [9] https://github.com/w3c/wot-security-best-practices/issues/13

   McCool is explaining the issue based on comments

   McCool: if someone volunteers to help with this would be great
   or be a reviewer

   Philipp can probably help with secure transport issue

   McCool: if you can try to do a first draft for this

   Philipp agrees to try

  PR for TD signatures

   McCool: we need to have a proper security review for this one

   <McCool> [10]https://github.com/w3c/wot-thing-description/pull/
   1151

     [10] https://github.com/w3c/wot-thing-description/pull/1151

   McCool: I did a first draft for this

   McCool marking in the comments the parts that have been
   addressed via PR

   McCool: I picked enveloped signature type because it is local
   to this document that it covers, it is also optional.

   McCool: need to understand how to do canonicalization and name
   references

   discussing the signature crypto algorithms

   Elena was proposing to include stronger cryptography options
   and making them defaults

   Oliver was saying that there is no interest in the 384
   versions, it is either 256-based on 512

   at the end having a catalog of options and choices should be
   the best

   McCool: does it make a difference to have hash and signature
   algorithm separately?

   Elena: usually they are used together as a pair of similar
   security strength algorithms

   McCool: please review this PR and raise issues

   McCool: next meeting lets discuss F2F planning, please take a
   look and suggest topic

   <kaz> [adjourned]

Summary of issues

    1. [11]Update secure transport section https://github.com/w3c/
       wot-security-best-practices/issues/13


    Minutes manually created (not a transcript), formatted by
    [12]scribe.perl version 136 (Thu May 27 13:50:24 2021 UTC).

     [12] https://w3c.github.io/scribe2/scribedoc.html

Received on Tuesday, 20 July 2021 06:00:27 UTC