IRC log of crypto on 2012-05-14

Timestamps are in UTC.

18:56:52 [RRSAgent]
RRSAgent has joined #crypto
18:56:52 [RRSAgent]
logging to
18:56:55 [ekr]
zakim, who is here?
18:56:55 [Zakim]
sorry, ekr, I don't know what conference this is
18:56:55 [wseltzer]
zakim, this will by CRYPT
18:56:56 [Zakim]
On IRC I see RRSAgent, Zakim, emily, wtc, ekr, mcdondan, rbarnes, kaepora, Channy, tjr, tl1, ddahl, timeless, davidsarah, wseltzer
18:56:56 [Zakim]
I don't understand 'this will by CRYPT', wseltzer
18:57:53 [wseltzer]
zakim, this will be CRYPT
18:57:53 [Zakim]
ok, wseltzer; I see SEC_WebCryp()3:00PM scheduled to start in 3 minutes
18:58:04 [smc]
smc has joined #crypto
18:58:12 [virginie_galindo]
virginie_galindo has joined #crypto
18:59:52 [rbarnes]
zakim, who's on the phone?
18:59:52 [Zakim]
SEC_WebCryp()3:00PM has not yet started, rbarnes
18:59:54 [Zakim]
On IRC I see virginie_galindo, smc, RRSAgent, Zakim, emily, wtc, ekr, mcdondan, rbarnes, kaepora, Channy, tjr, tl1, ddahl, timeless, davidsarah, wseltzer
19:00:54 [PhilipG]
PhilipG has joined #crypto
19:00:57 [Channy]
Hi, all. I'm only on IRC because it's 4am in Korea :)
19:01:21 [ddahl]
hi Channy - thanks for waking up!
19:01:27 [fluffy]
fluffy has joined #crypto
19:01:52 [rbarnes]
zakim, who's on the phone?
19:01:52 [Zakim]
SEC_WebCryp()3:00PM has not yet started, rbarnes
19:01:53 [Zakim]
On IRC I see fluffy, PhilipG, virginie_galindo, smc, RRSAgent, Zakim, emily, wtc, ekr, mcdondan, rbarnes, kaepora, Channy, tjr, tl1, ddahl, timeless, davidsarah, wseltzer
19:02:11 [hhalpin]
hhalpin has joined #crypto
19:02:32 [christopherkula]
christopherkula has joined #crypto
19:02:56 [hhalpin]
Zakim, what's the code?
19:02:56 [Zakim]
the conference code is 27978 (tel:+1.617.761.6200, hhalpin
19:03:16 [rsleevi]
rsleevi has joined #crypto
19:03:17 [christopherkula]
calling from 510-387-xxxx
19:04:16 [MitchZ]
MitchZ has joined #crypto
19:04:21 [rbarnes]
rbarnes has joined #crypto
19:04:23 [virginie_galindo]
hi all, solving few problems of connection with wendy. will be there in a minute
19:04:29 [ddahl]
Zakim, who's on the phone?
19:04:29 [Zakim]
SEC_WebCryp()3:00PM has not yet started, ddahl
19:04:30 [Zakim]
On IRC I see rbarnes, MitchZ, rsleevi, christopherkula, hhalpin, fluffy, PhilipG, virginie_galindo, smc, RRSAgent, Zakim, emily, wtc, ekr, mcdondan, kaepora, Channy, tjr, tl1,
19:04:30 [Zakim]
... ddahl, timeless, davidsarah, wseltzer
19:04:51 [hhalpin]
Zakim, who's on the phone?
19:04:51 [Zakim]
SEC_WebCryp()3:00PM has not yet started, hhalpin
19:04:52 [Zakim]
On IRC I see rbarnes, MitchZ, rsleevi, christopherkula, hhalpin, fluffy, PhilipG, virginie_galindo, smc, RRSAgent, Zakim, emily, wtc, ekr, mcdondan, kaepora, Channy, tjr, tl1,
19:04:52 [Zakim]
... ddahl, timeless, davidsarah, wseltzer
19:04:59 [hhalpin]
Zakim, who's on the phone?
19:04:59 [Zakim]
SEC_WebCryp()3:00PM has not yet started, hhalpin
19:05:00 [Zakim]
On IRC I see rbarnes, MitchZ, rsleevi, christopherkula, hhalpin, fluffy, PhilipG, virginie_galindo, smc, RRSAgent, Zakim, emily, wtc, ekr, mcdondan, kaepora, Channy, tjr, tl1,
19:05:02 [Zakim]
... ddahl, timeless, davidsarah, wseltzer
19:05:47 [Karen]
Karen has joined #crypto
19:05:51 [hhalpin]
Zakim, who's on the phone?
19:05:51 [Zakim]
SEC_WebCryp()3:00PM has not yet started, hhalpin
19:05:52 [Zakim]
On IRC I see Karen, rbarnes, MitchZ, rsleevi, christopherkula, hhalpin, fluffy, PhilipG, virginie_galindo, smc, RRSAgent, Zakim, emily, wtc, ekr, mcdondan, kaepora, Channy, tjr,
19:05:52 [Zakim]
... tl1, ddahl, timeless, davidsarah, wseltzer
19:05:55 [sdurbha]
sdurbha has joined #crypto
19:05:58 [wseltzer]
zakim has been having trouble lately
19:07:22 [Asad]
Asad has joined #crypto
19:08:31 [hhalpin]
Web Cryptography Meeting Convened
19:08:37 [hhalpin]
chair: virginie_galindo
19:08:40 [hhalpin]
scribe: hhalpin
19:08:46 [hhalpin]
Zakim, agenda?
19:08:46 [Zakim]
I see nothing on the agenda
19:08:56 [wseltzer]
agenda+ Introduction
19:09:04 [wseltzer]
agenda+ "Virtual round table" of delegates
19:09:04 [hhalpin]
topic: Introduction
19:09:14 [wseltzer]
agenda+ Brief reminder of usecases for primary features
19:09:23 [wseltzer]
agenda+ Brief presentation of editor's draft API (by editors)
19:09:29 [hhalpin]
virginie: let's have a quick overview of all the topics we need to address
19:09:34 [wseltzer]
agenda+ Review of comments on draft Web Crypto API
19:09:47 [wseltzer]
agenda+ Web Cryptography Usecases and Requirements related to secondary features
19:09:53 [hhalpin]
... and then go over some of the logistics to make sure we are all at the same place.
19:09:59 [wseltzer]
agenda+ Test Suite for Web Crypto API
19:10:08 [wseltzer]
agenda+ Feedback from public conf call
19:10:17 [wseltzer]
agenda+ Group life
19:10:22 [hhalpin]
Zakim, who's on the phone?
19:10:22 [Zakim]
SEC_WebCryp()3:00PM has not yet started, hhalpin
19:10:23 [Zakim]
On IRC I see Asad, sdurbha, Karen, rbarnes, MitchZ, rsleevi, christopherkula, hhalpin, fluffy, PhilipG, virginie_galindo, smc, RRSAgent, Zakim, emily, wtc, ekr, mcdondan, kaepora,
19:10:23 [Zakim]
... Channy, tjr, tl1, ddahl, timeless, davidsarah, wseltzer
19:10:28 [wseltzer]
agenda+ Liaisons with other groups
19:11:34 [MitchZ]
Harry, I'm here! -MitchZ
19:12:22 [tjr]
tjr - Tom Ritter, iSEC Partners. I'm on the phone.
19:13:03 [wseltzer]
kaepora: is that Nadim?
19:13:08 [tjr]
19:13:21 [sdurbha]
sdurbha: Seetharama Durbha, CableLabs
19:14:02 [hhalpin]
Asad from Gelmato, SDurbha from Cabelalbs, Karen from Gemalto, Richard Barnes (BBN), Ryan Sleevi (Google), Christopher Kula (indepdnent), Fluffy (Cisco), PhilipG (Cisco), Virginie (Gemlato), SMC (Shawn McGregor - Oregon State University) ,m Emily Stark (MIT), , Wan-Teh Changg (Google, Eric (RRTM), McDondan (?? - may not on phone), Kaepora (?? - maybe not on phone), Tom Ritter (iSec partners - IEs), Channy (?? maybe) , tl1 (Tom Lowenthal David (Phone), David
19:14:25 [wseltzer]
19:14:25 [ekr]
19:14:37 [kaepora]
Hey guys
19:14:39 [kaepora]
Sorry I'm late
19:14:45 [hhalpin]
19:17:12 [emily]
emily has joined #crypto
19:17:17 [hhalpin]
19:18:46 [JimD]
JimD has joined #crypto
19:18:50 [hhalpin]
David Hooley (Cablelabs Gate)
19:18:57 [JimD]
Jim Davenport (MITRE) here
19:19:23 [hhalpin]
Jim Davenport (MITRE)
19:20:08 [hhalpin]
19:20:13 [wseltzer]
19:20:19 [wseltzer]
19:21:41 [wseltzer]
we'll have a separate public-webcrypto-comments list
19:22:20 [hhalpin]
Topic: use-cases
19:22:49 [wseltzer]
zakim, take up agendum 3
19:22:49 [Zakim]
agendum 3. "Brief reminder of usecases for primary features" taken up [from wseltzer]
19:23:16 [hhalpin]
virginie: what we have seen is that the use-cases behind the primary features are under debate last week
19:23:50 [hhalpin]
... I propose we have a wiki-page where we store the use-cases
19:23:57 [hhalpin]
ekr: the primary use-cases are too vague
19:24:28 [Channy]
I just summarized some of features in community wiki. It's very starting page.
19:24:30 [hhalpin]
ekr: we need to be a lot more detailed than the list of things, largely because of the requirement of key isolation
19:24:35 [timeless]
RRSAgent, draft minutes
19:24:35 [RRSAgent]
I have made the request to generate timeless
19:24:45 [hhalpin]
... we hvae to list them excruciating detail
19:24:58 [hhalpin]
richard: if we have a requirement that the javascript layer can't handle the key
19:25:08 [hhalpin]
... then we need to have explicit functions for derived key
19:25:28 [hhalpin]
ekr: every single protocol, as there's a azillion different key derivation functions
19:25:29 [hhalpin]
19:26:06 [hhalpin]
karen: I also think we define the scope and the level
19:26:19 [hhalpin]
... most of the messages do not seem aimed at high-value use-cases
19:26:27 [ekr]
Particularly, it needs to say stuff like JOSE, FIPS 800-108, etc.
19:26:39 [kaepora]
Hey guys, I'm in the conference call (I'm Nadim Kobeissi)
19:26:40 [timeless]
19:26:45 [hhalpin]
wtc: I suggest that we need to sharpen the editors draft in the use-case
19:26:54 [hhalpin]
ack hhalpin
19:27:02 [tjr]
I proposed some use cases way back in December: I can revisit those and flesh them out if desired.
19:27:16 [tjr]
(Some of those are clearly outside the scope now.)
19:27:28 [rbarnes]
tjr: probably would be helpful
19:27:41 [ekr]
tjr: these seem like the right kind of thing.
19:27:52 [ekr]
(not necessarily saying I agree that they are exactly right)
19:29:29 [ddahl]
19:30:00 [kaepora]
I think it's definitely to be interpreted as key isolation
19:30:30 [kaepora]
What else would you do with secret key material?
19:30:58 [kaepora]
How can I put myself on the speaker queue?
19:31:23 [hhalpin]
ddahl: let's consider key material still open at this point
19:31:28 [hhalpin]
... in some cases we'll need it
19:31:33 [ekr]
19:31:40 [timeless]
RRSAgent, draft minutes
19:31:40 [RRSAgent]
I have made the request to generate timeless
19:31:44 [JimD]
good Zakim guide here:
19:31:47 [hhalpin]
q- ddhal
19:31:49 [MitchZ]
Isn't the complexity around key isolation really two things: (1) how you derive / access the key or (2) how may crypto APIs you want in the generic case, whether you support key isolation or not?
19:31:53 [ddahl]
19:32:10 [rbarnes]
19:32:26 [MitchZ]
We don't need to add all crypto algorithms under the sun in version 1 of the APIs, do we?
19:32:29 [timeless]
19:32:34 [timeless]
s/Hey guys//
19:32:38 [timeless]
s/Sorry I'm late//
19:32:49 [timeless]
19:32:52 [ddahl]
MitchZ: no, we should not
19:32:55 [hhalpin]
kaepora: the charter should be interpreted as key isolation
19:32:59 [timeless]
19:33:05 [hhalpin]
... no other thing that is actually helpful
19:33:09 [timeless]
s||-> Bugzilla|
19:33:23 [timeless]
RRSAgent, draft minutes
19:33:23 [RRSAgent]
I have made the request to generate timeless
19:33:26 [MitchZ]
can the speaker please introduce himself?
19:33:31 [hhalpin]
ekr: I'm not sure why this a surprise for people, its important to distinguish between two different kinds of key isolation
19:34:01 [hhalpin]
... one form that I effectively trust JS with Key 0, but I'm worried about key theft at a later point
19:34:15 [JimD]
zakim, who's talking?
19:34:15 [Zakim]
sorry, JimD, I don't know what conference this is
19:34:19 [hhalpin]
... the other case is where you consider the browser is a trusted platform, and I'm not even allowed the access the keys
19:34:26 [rbarnes]
19:34:31 [ddahl]
JimD: ekr is talking
19:34:52 [hhalpin]
ekr: we should distinguish them, most of security rationales are about the first, not the second
19:35:09 [hhalpin]
19:35:11 [MitchZ]
19:35:14 [hhalpin]
q- ekr
19:35:44 [hhalpin]
MitchZ: Our concerns around key protection have to be about writing more and more web applicaitons in HTML5, XSS attacks
19:36:12 [hhalpin]
... what is we are pulling down stuff from location we though we were (ala TLS) that may work in some cases
19:36:22 [ekr]
19:36:32 [hhalpin]
... as applications being arbitrarily deployed, our concern is concern is for the user
19:36:36 [JimD]
zakim, this is SEC_WebCryp
19:36:36 [Zakim]
ok, JimD; that matches SEC_WebCryp()3:00PM
19:36:54 [hhalpin]
... if they want to take the keys to different application or a browser, we are worried about rogue attacks and non-renewable firmware
19:37:35 [hhalpin]
ekr: I'll be honest if we have XSS attacks, then we a problem and you need to figure out reseed their applications
19:37:49 [kaepora]
Good distinction: browser/devices
19:38:35 [hhalpin]
MitchZ: that may be true in browser world, but things may be very different in devices where the keys are hidden from anything but secure OS
19:38:47 [hhalpin]
... usually the keys are hidden in HSM is becoming more common and necki
19:38:51 [hhalpin]
19:39:04 [timeless]
s|good Zakim guide here:||
19:39:14 [MitchZ]
I keep hearing "Eckert"
19:39:20 [MitchZ]
Are people referring to "ekr"?
19:39:23 [rsleevi]
19:39:25 [MitchZ]
If so, apologies, Eric.
19:39:30 [MitchZ]
Of course I know you ;)
19:39:36 [MitchZ]
We need to do lunch again soon...
19:39:51 [timeless]
s/m Emily/Emily/
19:39:54 [timeless]
s/, ,/,/
19:40:00 [hhalpin]
ekr: in exactly the case in MitchZ is talking about exposure of ephermeral keys is not so bad, but exposure of permanent keys is terrible
19:40:12 [hhalpin]
... a design where every key has to be hidden may be impossible
19:40:18 [hhalpin]
... not an all or nothing issue
19:40:23 [ddahl]
hhalpin: i think this is an open issue that cannot be viewed as an all or nothing situation. I can see some API methods that allow you to create accessible key material, but the default main usage will be via keyID
19:40:56 [rsleevi]
19:41:18 [fluffy]
19:41:27 [hhalpin]
ack MitchZ
19:41:29 [ekr]
so, for instance, if you said that you couldn't access certain long-term keys, but you could export symmetric keying material, the whole KDF problem goes away
19:41:51 [hhalpin]
MitchZ: it is true that in many cases session keys can be revoked and renewed, so maybe XSS isn't a huge issue
19:42:13 [ddahl]
ekr: we should create some psuedo-code examples that better explain when we might want have access to the secret key material
19:42:17 [hhalpin]
... we have examples of how third parties take those keys and abuse them in interesting ways, and we have internally implemented things were session keys are inaccessible
19:42:23 [ekr]
I'm not suggesting that there is *no* benefit to protecting keys ever.
19:42:24 [hhalpin]
... its not a religious standpoint
19:42:31 [hhalpin]
... should have a either-or design
19:42:34 [hhalpin]
q- MitchZ
19:42:37 [hhalpin]
q- ekr
19:42:40 [virginie_galindo]
19:43:11 [hhalpin]
rsleevi: lets look at high level, low level, normal
19:43:22 [hhalpin]
... PCKS11 gives you option, and you see thats common with other API
19:43:42 [rbarnes]
rsleevi: +1 to this approach
19:43:49 [hhalpin]
.. look at the "refer to by handle" but you can export it potentially in Crypto API and Next Gen Crypto API from Microsoft
19:43:53 [hhalpin]
... you have things and consistently refer to them by handles
19:44:02 [ekr]
Where things get really messy is whether the application of a key to a piece of data taints the output of that operation.
19:44:12 [hhalpin]
... but as some of this is implenmtatnion dependent, we can get them
19:44:18 [rbarnes]
19:44:31 [ekr]
So, say I have an RSA key and I do X=RSA_decrypt(K, msg)
19:44:36 [hhalpin]
... but if we go low-level like PKS11 for JS we're going to have a very trickty time
19:44:38 [ekr]
Should I be able to see the output of X?
19:44:43 [hhalpin]
... padding schemes, encrpytion modes,
19:44:46 [ekr]
19:45:02 [kaepora]
kaepora has joined #crypto
19:45:23 [hhalpin]
... we should allow implemention dpeendent
19:46:03 [hhalpin]
... import/export out of key material
19:46:06 [hhalpin]
rbarnes: I'd like more info on use-caes before making decision on use-cases
19:46:07 [ekr]
This becomes especially difficult if some of the operations reveal information about the keys.
19:46:13 [fluffy]
19:46:53 [hhalpin]
Virginie: A need for us to write the use-cases down and transform them into functional requirements
19:46:57 [ekr]
So, for instance, it's generally safe to operate an RSA decryption oracle as long as I'm not allowed to do raw output of PKCS#1 non-compliant data
19:47:03 [kaepora]
kaepora has joined #crypto
19:47:14 [ekr]
but it's *not* necessarily safe to output the results of DH key agreement compuations
19:47:14 [hhalpin]
... the multiple levels approach is a proposal
19:47:18 [kaepora]
Someone mentioned earlier that W3Crypto would be used on Bluray devices – could someone expand on that? Examples?
19:47:18 [fluffy]
I'm having a hard time hearing Virginie
19:47:29 [kaepora]
New idea to me
19:48:04 [ddahl]
kaepora: There is a netflix use case for this...
19:48:55 [virginie_galindo]
to fluffy : hearing of understanding my frenc accent ? ;-)
19:48:58 [kaepora]
19:49:02 [ddahl]
hhalpin: i will if no one else does
19:49:13 [ekr]
so, I don't generally understand the problem that people think they are trying to solve. I know how I would design a system :)
19:49:18 [rbarnes]
ddahl: i can help
19:49:22 [MitchZ]
i'll volunteer to work with ddahl
19:49:24 [ddahl]
19:49:33 [ddahl]
19:49:35 [hhalpin]
ACTION: ddahl amd MtichZ to help collect use-cases around key isolation
19:49:50 [ddahl]
hhalpin: don't forget rbarnes
19:50:02 [hhalpin]
19:50:16 [wseltzer]
zakim, drop agendum 2
19:50:16 [Zakim]
agendum 2, "Virtual round table" of delegates, dropped
19:50:30 [wseltzer]
zakim, take up agendum 4
19:50:30 [Zakim]
agendum 4. "Brief presentation of editor's draft API (by editors)" taken up [from wseltzer]
19:50:42 [hhalpin]
s/and MitchZ/ and MitchZ and rbarnes
19:50:54 [hhalpin]
topic: Brief presentation of editor's draft API
19:51:00 [wseltzer]
19:51:10 [hhalpin]
ddahl: This is just a starting point for conversation on the API
19:51:22 [ddahl]
19:51:24 [hhalpin]
... I've expanded on DomCrypt work
19:52:03 [MitchZ]
w.r.t. to ekr's question on the RSA decrypt, i believe that what is described does not work b/c... the initial message from client -> server does not contain any sort of acknowledgement that the exchange has the eventual purpose of key exchange with key hiding
19:52:23 [hhalpin]
... the big change is we've moved to event driven model
19:52:30 [ekr]
sorry, I don't understand your point.
19:52:30 [hhalpin]
... that's the largest change from DomCrypt
19:52:40 [hhalpin]
... I'd like to see if this event-driven model makes more sense
19:52:40 [MitchZ]
DH has the benefit of the SS creation happening under the covers, so it's obvious how this would work w/ DH
19:53:00 [hhalpin]
... no such thing as call-back driven DOM interface as event-driven is cleaner, allows multiple listeners
19:53:06 [hhalpin]
... seems to be "what the web expects"
19:53:10 [MitchZ]
but an RSA "for hidden key exchange" could certainly be possible, but it isn't regular RSA encrypt/decrypt
19:53:15 [ekr]
19:53:20 [kaepora]
19:53:27 [hhalpin]
... as far as key isolation, everything is what I think of as "high-leveL'
19:53:37 [hhalpin]
... what appears to be high-level could be low-layer from a different layer
19:53:40 [virginie_galindo]
19:53:57 [ekr]
Mitch: well, as I said, I'd like to see a threat analysis that explains why it's desirable to hide the RSA output.
19:54:08 [hhalpin]
ddahl: I'm a browser engineer, not a cryptographer
19:54:22 [ekr]
I don't understand how this API works if I have concurrent key generations.
19:54:25 [hhalpin]
... the main other things that have changed is hashing and MAC
19:54:28 [hhalpin]
... other folks want CMAC
19:54:32 [ekr]
how do I distinguish them?
19:54:36 [hhalpin]
... so some other things have came up
19:54:41 [hhalpin]
... this is a starting point
19:54:49 [hhalpin]
... I have tried to add as much example code as possible
19:55:06 [ekr]
can't we use hg?
19:55:16 [ekr]
That's what WebApSec is using.
19:55:51 [ekr]
perhaps the hub of git. :)
19:56:19 [kaepora]
The question I'm planning to ask: will adding DRM a-la-Netflix be worth modifying our spec, or is it not enough of a priority?
19:56:51 [MitchZ]
? Netflix' involvement in this has nothing to do with DRM?
19:57:06 [MitchZ]
So, I'll be curious to hear your question.
19:57:08 [hhalpin]
virginie: we want to address as much as we have
19:57:26 [hhalpin]
... so let's stick to discussion on mailing list rather than raising new version
19:57:29 [ekr]
ddahl: how do you handle concurrent async operations?
19:57:40 [wseltzer]
19:57:42 [hhalpin]
19:57:42 [kaepora]
MitchZ: specifies "DRM license exchanges"
19:57:43 [rbarnes]
19:57:50 [hhalpin]
q- ekr
19:58:05 [kaepora]
19:58:10 [hhalpin]
ddahl: we will try to create constructors
19:58:15 [hhalpin]
ekr: I'm not have callback vs events
19:58:21 [hhalpin]
... but we need to have concurrent operations
19:58:35 [hhalpin]
ddahl: what will happen is that you'll create a constructor and isolate it via constructor
19:58:44 [rsleevi]
ddahl: That was the motivation for the object-based approach discussed on the mailing list - so that different objects may have different callbacks, and for the use via Workers
19:58:53 [rsleevi]
19:59:07 [MitchZ]
19:59:30 [hhalpin]
kaepora: API to grant license exchange, we would modify the charter
19:59:35 [ddahl]
rsleevi: indeed, that was another thing that Mozilla platform engineers recommended - a synchronous API in parallel that only runs in Workers
19:59:41 [kaepora]
Whew, great news
19:59:47 [hhalpin]
MitchZ: I'll remove the DRM acronym from use-case document now, our protocol has to do with device and user-authentication
19:59:55 [kaepora]
MitchZ: That's wonderful news, thanks.
19:59:58 [hhalpin]
... the DRM question confuses
20:00:02 [PhilipG]
20:00:04 [Zakim]
20:00:11 [kaepora]
Yeah, I was a bit frazzled by the mention of DRM ;-)
20:00:13 [MitchZ]
20:00:24 [hhalpin]
PhilipG: I wonder about higher level stuff
20:00:27 [Karen]
20:00:34 [JimmyD0nut]
JimmyD0nut has joined #crypto
20:00:48 [PhilipG]
20:00:49 [hhalpin]
20:00:54 [MitchZ]
kaepora: thanks for input on use case doc.
20:01:09 [hhalpin]
topic: secondary use-cases
20:01:11 [ddahl]
hhalpin: i think there might be a question from karen
20:01:12 [kaepora]
MitchZ: Thanks for the reassuring answer, I'd hate this spec to be DRM-oriented.
20:01:35 [MitchZ]
me too :)
20:01:55 [hhalpin]
karen: for the API itself I don't quite understand where is the ciphertext is
20:02:17 [hhalpin]
ddahl: the ciphertext shows inside of the function handler that is run after things are encrypted
20:02:33 [hhalpin]
wtc: a few minor typos
20:02:48 [hhalpin]
karen: keystore of cryptoprovider
20:02:52 [hhalpin]
... is that in-scope?
20:03:30 [rsleevi]
20:03:30 [hhalpin]
browser could provide key operations
20:03:31 [hhalpin]
... but could smartcard?
20:03:36 [hhalpin]
q- Karen
20:04:05 [hhalpin]
rsleevi: looking at different levels of keys, looking at persistent keys on smartcards
20:04:06 [hhalpin]
... some of its contigent on use-cases that come in
20:04:13 [tjr]
Is this meeting capped at ending in 30 minutes, or is expected to run indefinetly?
20:05:13 [JimD]
zakim, JimD is temporarily JimmyD0nut
20:05:13 [Zakim]
sorry, JimD, I do not recognize a party named 'JimD'
20:05:14 [rsleevi]
20:05:36 [timeless]
timeless has joined #crypto
20:06:04 [Zakim]
- +1.403.244.aagg
20:06:08 [timeless]
RRSAgent, draft minutes
20:06:08 [RRSAgent]
I have made the request to generate timeless
20:06:12 [timeless]
Zakim, where is +1403?
20:06:12 [Zakim]
North American dialing code 1.403 is Alberta
20:06:25 [rsleevi]
20:06:35 [wseltzer]
meeting: Web Cryptography Working Group
20:07:01 [Zakim]
- +
20:07:28 [hhalpin]
wtc: what I have in mind is that the website use very high-level criteria, similar to TLS
20:07:35 [timeless]
RRSAgent, draft minutes
20:07:35 [RRSAgent]
I have made the request to generate timeless
20:07:41 [hhalpin]
... specifying the set of acceptable criteria to find key in right key container
20:07:51 [hhalpin]
20:07:55 [rsleevi]
20:08:16 [hhalpin]
topic: gathering secondary feature use-cases
20:08:23 [kaepora]
20:08:30 [wseltzer]
phone troubles here for virginie and wendy
20:08:44 [kaepora]
I have a pretty elaborate use-case
20:09:10 [rsleevi]
20:09:41 [hhalpin]
nadim: I might want to volunteer for that document if no-one else does
20:09:46 [hhalpin]
... I'd need to be briefed
20:10:04 [hhalpin]
... I have an elaborate use-case for encrypted IM using HTML5
20:10:16 [hhalpin]
... porting to Android to iOS using PhoneGap
20:10:22 [hhalpin]
... it would benefit from such an API
20:10:47 [hhalpin]
... secret key storage would be very useful
20:11:07 [hhalpin]
... the project is already running so we can use it for a testbed
20:11:25 [Zakim]
+ +
20:11:47 [Channy]
There is secondary feature use-cases from Korea too.
20:11:55 [JimD]
I'll volunteer to assist nadim with secondary use-cases
20:12:09 [kaepora]
Link to my project (Cryptocat)
20:12:11 [hhalpin]
... move from Stanford Library to W3C library
20:12:13 [kaepora]
20:12:22 [kaepora]
20:12:36 [ekr]
rsleevi: do you mean just erasing it on the client or a message to the server?
20:12:43 [hhalpin]
ryan: we really want to fix the TLS session stuff, but as its in charter, that's one we are very interested in Google, could be done independently but could happen here
20:12:52 [hhalpin]
... browsers each do it differenty
20:12:56 [hhalpin]
... we will put together a strawman
20:13:28 [rsleevi]
ekr: API for the client to 'forget' its session ID
20:13:42 [rsleevi]
ekr: invaliding the (client) session ID cache
20:13:46 [ekr]
rsleevi: why doesn't the server do it
20:13:47 [ekr]
20:14:00 [hhalpin]
ACTION: JimD and Nadim to start a wikipage to start collecting the use-cases for secondary features
20:14:21 [ekr]
Isn't it kind of a problem to have the session cache hanging around on the server?
20:14:25 [kaepora]
JimD: Please email me so we can get started:
20:14:29 [hhalpin]
Topic: Test Suite
20:14:40 [hhalpin]
virginie: We will want to address test suite
20:14:53 [christopherkula]
Interested in possibly helping Nadim on secondary use cases
20:14:56 [rsleevi]
ekr: Browser behaviours actively thwart effectively managing it at the server. I can provide more details on the list of previous discussions where this has arrived (eg: the W3C CG for WebID catalogued these pretty well)
20:15:03 [hhalpin]
topic: feedback from public call
20:15:31 [ekr]
I'm not disagreeing with that, but it seems like a security problem to have it exist on the server
20:15:32 [hhalpin]
the definition of use-cases of primary features
20:15:47 [kaepora]
20:15:53 [hhalpin]
topic: Group life
20:16:03 [rsleevi]
ekr: The expressed desire for log out has less to be about security issues, and more about the general usability of SSL client certs within browsers
20:16:12 [ekr]
rsleevi: ah
20:16:22 [hhalpin]
lets have a face-to-face meeting during the summer
20:16:27 [hhalpin]
can't have something earlier than 8 weeks
20:16:29 [kaepora]
That's a great idea
20:16:36 [Zakim]
- +1.510.387.aaii
20:16:37 [hhalpin]
end of july would be earliest
20:16:49 [hhalpin]
we could do near the IETF meeting in Vancounver
20:16:59 [ekr]
what is the proposed time?
20:17:05 [Channy]
@hhalpin I want to join job of secondary feature use-cases
20:17:06 [ekr]
IETF is already *really* long
20:17:18 [rbarnes]
hhalpin: +1 to IETF colo
20:17:41 [wseltzer]
IETF is July 20-Aug 3 in Vancouver
20:17:44 [kaepora]
Vancouver would be cool
20:17:52 [rsleevi]
wseltzer: July 29, you mean, right?
20:17:53 [wseltzer]
20:18:12 [hhalpin]
20:18:26 [ekr]
20:18:35 [wtc]
wtc has joined #crypto
20:18:37 [tjr]
That overlaps with Black Hat July 23-26
20:18:40 [hhalpin]
ekr: its a problem to schedule stuff right before IETF
20:18:45 [hhalpin]
... I probably already have somethig then
20:18:49 [rbarnes]
20:19:11 [hhalpin]
... if you are trying to capture then, it will increase conflcits rather than decrease
20:19:56 [rbarnes]
20:19:56 [hhalpin]
q- ekr
20:20:05 [hhalpin]
q- rbarnes
20:20:24 [hhalpin]
PROPOSAL: meet at Vancouver last week of July, need to decide by next WG meeting
20:20:28 [Zakim]
+ +1.510.387.aaqq
20:20:32 [JimD]
Next Meeting: IETF 84, July 29-August 3, 2012 (from
20:20:34 [hhalpin]
virginie: we will also deifnitely meet at TPAC
20:20:39 [wseltzer]
20:21:08 [Zakim]
20:21:36 [Zakim]
20:21:43 [kaepora]
Alright everyone, I must be on my way
20:21:49 [kaepora]
Very much appreciated this meeting
20:21:58 [kaepora]
Will be in touch with JimD regarding our new editing responsibilities
20:21:59 [kaepora]
Thank you
20:22:33 [Karen]
It is better to do it 4 hours earlier.
20:22:41 [JimD]
Yes, Can make it 2 or 4 hours earlier
20:22:45 [PhilipG]
can't do 4 hours earlier
20:22:51 [Karen]
If it is 2hr earlier, it will be midnight in asia
20:23:00 [tjr]
+1 doodle
20:23:12 [Channy]
20:24:08 [hhalpin]
RESOLUTION: Meet next Monday 2 hours earlier
20:24:23 [hhalpin]
ACTION: virginie to send out Doodle with a range of meeting times
20:24:28 [wtc]
How long will the next meeting be? 1 or 1.5 hours?
20:25:03 [hhalpin]
we will try to keep them to 1 hour typically, but they will tend to go over in the beginning of the WG life to 1.5 hours
20:25:19 [hhalpin]
people in general should feel to OK with dropping after the first hour
20:27:22 [hhalpin]
Summary: Two new wikis over primary and secondary use-cases, need decision re Vancounver f2f by next meeting, the test-suite and liason topics need to be visited next meeting, next meeting 2 hours earlier with a Doodle for new meetings
20:27:30 [hhalpin]
virginie: we need better consistency
20:27:43 [hhalpin]
... in following up points on mailing list
20:28:27 [Zakim]
- +1.212.462.aacc
20:28:28 [Zakim]
20:28:29 [hhalpin]
Meeting Adjourned
20:28:29 [Zakim]
- +1.978.936.aahh
20:28:30 [Zakim]
- +1.408.540.aaoo
20:28:30 [Zakim]
- +1.650.678.aabb
20:28:31 [Zakim]
- +1.707.799.aadd
20:28:31 [Zakim]
- +1.510.387.aaqq
20:28:33 [Zakim]
- +1.773.939.aaaa
20:28:33 [hhalpin]
RRSAgent, generate minutes
20:28:33 [RRSAgent]
I have made the request to generate hhalpin
20:28:34 [Zakim]
20:28:35 [Zakim]
- +1.619.200.aann
20:28:37 [Zakim]
- +
20:28:39 [JimD]
JimD has left #crypto
20:28:40 [Zakim]
20:28:41 [PhilipG]
PhilipG has left #crypto
20:28:41 [Zakim]
- +1.650.214.aajj
20:28:44 [Zakim]
- +1.703.284.aaee
20:28:45 [Zakim]
- +1.512.257.aaff
20:28:48 [Zakim]
- +1.978.831.aamm
20:28:50 [Zakim]
20:28:51 [Zakim]
SEC_WebCryp()3:00PM has ended
20:28:54 [Zakim]
Attendees were +1.773.939.aaaa, +1.650.678.aabb, +1.212.462.aacc, +1.707.799.aadd, +1.703.284.aaee, +1.512.257.aaff, +1.403.244.aagg, +1.978.936.aahh, +1.510.387.aaii, [Microsoft],
20:28:56 [Zakim]
... +1.650.214.aajj, +1.408.540.aakk, Harry_Halpin, +, +1.978.831.aamm, +1.619.200.aann, +1.408.540.aaoo, +, +1.510.387.aaqq
20:29:28 [sdurbha]
sdurbha has left #crypto
20:29:38 [wseltzer]
Meeting: Web Cryptography Working Group
20:29:47 [wseltzer]
rrsagent, generate minutes
20:29:47 [RRSAgent]
I have made the request to generate wseltzer
20:30:33 [christopherkula]
christopherkula has joined #crypto
20:52:09 [christopherkula]
christopherkula has joined #crypto
20:53:51 [smc]
smc has joined #crypto
20:54:10 [fluffy]
fluffy has left #crypto
21:07:57 [wseltzer]
RRSAgent, where am I?
21:07:57 [RRSAgent]
22:34:35 [smc]
smc has joined #crypto
22:40:54 [smc]
smc has joined #crypto