- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Tue, 20 Jul 2021 15:00:20 +0900
- To: public-wot-ig@w3.org, public-wot-wg@w3.org
available at:
https://www.w3.org/2021/05/31-wot-sec-minutes.html
also as text below.
Thanks a lot for taking the minutes, Elena!
Kazuyuki
---
[1]W3C
[1] https://www.w3.org/
WoT Security
31 May 2021
[2]IRC log.
[2] https://www.w3.org/2021/05/31-wot-sec-irc
Attendees
Present
Elena_Reshetova, Kaz_Ashimura, Michael_McCool,
Oliver_Pfaff, Philipp_Blum, Tomoaki_Mizushima
Regrets
-
Chair
McCool
Scribe
elena
Contents
1. [3]meeting minutes
2. [4]Fixing wot security best practices doc
3. [5]PR for TD signatures
4. [6]Summary of issues
Meeting minutes
meeting minutes
[7]https://www.w3.org/2021/05/24-wot-sec-minutes.html
[7] https://www.w3.org/2021/05/24-wot-sec-minutes.html
McCool makes a summary of things discussed during the last
meeting
McCool: any objections to publishing the minutes?
no objections, minutes accepted
Fixing wot security best practices doc
McCool: we have a number of issues that needs fixing - can see
in github issues. I have volunteered for some issues, others
need more volunteers
<kaz> [8]wot-security-best-practices Issue 14 - TD Signatures
and Object Security
[8] https://github.com/w3c/wot-security-best-practices/issues/14
McCool will do an initial cleanup for this issue and then
Oliver can continue in July
Issue: Update secure transport section [9]https://github.com/
w3c/wot-security-best-practices/issues/13
[9] https://github.com/w3c/wot-security-best-practices/issues/13
McCool is explaining the issue based on comments
McCool: if someone volunteers to help with this would be great
or be a reviewer
Philipp can probably help with secure transport issue
McCool: if you can try to do a first draft for this
Philipp agrees to try
PR for TD signatures
McCool: we need to have a proper security review for this one
<McCool> [10]https://github.com/w3c/wot-thing-description/pull/
1151
[10] https://github.com/w3c/wot-thing-description/pull/1151
McCool: I did a first draft for this
McCool marking in the comments the parts that have been
addressed via PR
McCool: I picked enveloped signature type because it is local
to this document that it covers, it is also optional.
McCool: need to understand how to do canonicalization and name
references
discussing the signature crypto algorithms
Elena was proposing to include stronger cryptography options
and making them defaults
Oliver was saying that there is no interest in the 384
versions, it is either 256-based on 512
at the end having a catalog of options and choices should be
the best
McCool: does it make a difference to have hash and signature
algorithm separately?
Elena: usually they are used together as a pair of similar
security strength algorithms
McCool: please review this PR and raise issues
McCool: next meeting lets discuss F2F planning, please take a
look and suggest topic
<kaz> [adjourned]
Summary of issues
1. [11]Update secure transport section https://github.com/w3c/
wot-security-best-practices/issues/13
Minutes manually created (not a transcript), formatted by
[12]scribe.perl version 136 (Thu May 27 13:50:24 2021 UTC).
[12] https://w3c.github.io/scribe2/scribedoc.html
Received on Tuesday, 20 July 2021 06:00:26 UTC