- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 20 Jul 2021 15:00:20 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at: https://www.w3.org/2021/05/31-wot-sec-minutes.html also as text below. Thanks a lot for taking the minutes, Elena! Kazuyuki --- [1]W3C [1] https://www.w3.org/ WoT Security 31 May 2021 [2]IRC log. [2] https://www.w3.org/2021/05/31-wot-sec-irc Attendees Present Elena_Reshetova, Kaz_Ashimura, Michael_McCool, Oliver_Pfaff, Philipp_Blum, Tomoaki_Mizushima Regrets - Chair McCool Scribe elena Contents 1. [3]meeting minutes 2. [4]Fixing wot security best practices doc 3. [5]PR for TD signatures 4. [6]Summary of issues Meeting minutes meeting minutes [7]https://www.w3.org/2021/05/24-wot-sec-minutes.html [7] https://www.w3.org/2021/05/24-wot-sec-minutes.html McCool makes a summary of things discussed during the last meeting McCool: any objections to publishing the minutes? no objections, minutes accepted Fixing wot security best practices doc McCool: we have a number of issues that needs fixing - can see in github issues. I have volunteered for some issues, others need more volunteers <kaz> [8]wot-security-best-practices Issue 14 - TD Signatures and Object Security [8] https://github.com/w3c/wot-security-best-practices/issues/14 McCool will do an initial cleanup for this issue and then Oliver can continue in July Issue: Update secure transport section [9]https://github.com/ w3c/wot-security-best-practices/issues/13 [9] https://github.com/w3c/wot-security-best-practices/issues/13 McCool is explaining the issue based on comments McCool: if someone volunteers to help with this would be great or be a reviewer Philipp can probably help with secure transport issue McCool: if you can try to do a first draft for this Philipp agrees to try PR for TD signatures McCool: we need to have a proper security review for this one <McCool> [10]https://github.com/w3c/wot-thing-description/pull/ 1151 [10] https://github.com/w3c/wot-thing-description/pull/1151 McCool: I did a first draft for this McCool marking in the comments the parts that have been addressed via PR McCool: I picked enveloped signature type because it is local to this document that it covers, it is also optional. McCool: need to understand how to do canonicalization and name references discussing the signature crypto algorithms Elena was proposing to include stronger cryptography options and making them defaults Oliver was saying that there is no interest in the 384 versions, it is either 256-based on 512 at the end having a catalog of options and choices should be the best McCool: does it make a difference to have hash and signature algorithm separately? Elena: usually they are used together as a pair of similar security strength algorithms McCool: please review this PR and raise issues McCool: next meeting lets discuss F2F planning, please take a look and suggest topic <kaz> [adjourned] Summary of issues 1. [11]Update secure transport section https://github.com/w3c/ wot-security-best-practices/issues/13 Minutes manually created (not a transcript), formatted by [12]scribe.perl version 136 (Thu May 27 13:50:24 2021 UTC). [12] https://w3c.github.io/scribe2/scribedoc.html
Received on Tuesday, 20 July 2021 06:00:27 UTC