IRC log of crypto on 2012-08-27

Timestamps are in UTC.

18:00:51 [RRSAgent]
RRSAgent has joined #crypto
18:00:51 [RRSAgent]
logging to
18:00:53 [trackbot]
RRSAgent, make logs webcrypto
18:00:53 [Zakim]
Zakim has joined #crypto
18:00:55 [trackbot]
Zakim, this will be SEC_WebCryp
18:00:55 [Zakim]
ok, trackbot; I see SEC_WebCryp()3:00PM scheduled to start in 60 minutes
18:00:56 [trackbot]
Meeting: Web Cryptography Working Group Teleconference
18:00:56 [trackbot]
Date: 27 August 2012
18:50:18 [virginie]
virginie has joined #crypto
18:56:04 [JimD]
JimD has joined #crypto
18:56:42 [virginie]
agenda+ welcome
18:56:49 [asad]
asad has joined #crypto
18:56:56 [virginie]
agenda+ Web Crypto Draft API
18:57:07 [selfissued]
selfissued has joined #crypto
18:57:08 [virginie]
agenda+ action review
18:57:09 [wtc]
wtc has joined #crypto
18:57:23 [selfissued]
selfissued is Mike Jones, Microsoft
18:57:26 [virginie]
agenda+ Group Life
18:57:42 [virginie]
agenda+ AOB
18:57:45 [virginie]
18:58:22 [Zakim]
SEC_WebCryp()3:00PM has now started
18:58:29 [Zakim]
18:58:40 [Zakim]
18:59:05 [virginie]
Chair: Virginie Galindo
18:59:08 [Zakim]
18:59:14 [karen_]
karen_ has joined #crypto
18:59:30 [Zakim]
19:00:06 [Zakim]
19:00:08 [Zakim]
19:00:12 [arunranga]
arunranga has joined #crypto
19:00:20 [Zakim]
19:00:22 [vgb]
vgb has joined #crypto
19:00:26 [AnthonyNadalin]
AnthonyNadalin has joined #crypto
19:00:31 [Zakim]
19:00:39 [zooko]
zooko has joined #crypto
19:00:51 [Zakim]
19:01:08 [vgb]
Zakim, [Microsoft.aa] is me
19:01:08 [Zakim]
+vgb; got it
19:01:19 [rsleevi]
rsleevi has joined #crypto
19:01:23 [hhalpin_]
hhalpin_ has joined #crypto
19:01:27 [rsleevi]
Zakim, Google has wtc, rsleevi
19:01:27 [Zakim]
+wtc, rsleevi; got it
19:01:39 [hhalpin]
Zakim, what's the code?
19:01:39 [Zakim]
the conference code is 27978 (tel:+1.617.761.6200, hhalpin
19:01:44 [Zakim]
19:01:47 [rsleevi]
Zakim, who is on the phone?
19:01:47 [Zakim]
On the phone I see [Microsoft], [Microsoft.a], asad, JimD, zooko, Google, virginie, ddahl, vgb, karen
19:01:50 [Zakim]
Google has wtc, rsleevi
19:02:02 [emily]
emily has joined #crypto
19:02:09 [Zakim]
19:02:20 [Zakim]
19:02:21 [arunranga]
zakim, mute me
19:02:21 [Zakim]
arunranga should now be muted
19:02:27 [hhalpin]
Zakim, ??P20 is hhalpin
19:02:27 [Zakim]
+hhalpin; got it
19:02:28 [markw]
markw has joined #crypto
19:02:41 [drogersuk]
drogersuk has joined #crypto
19:03:04 [virginie]
Zakim, who is on the phone?
19:03:04 [Zakim]
On the phone I see [Microsoft], [Microsoft.a], asad, JimD, zooko, Google, virginie, ddahl, vgb, karen, arunranga (muted), hhalpin
19:03:06 [Zakim]
Google has wtc, rsleevi
19:03:12 [Zakim]
19:03:18 [Zakim]
19:03:29 [markw]
Zakim, Netflix has markw
19:03:29 [Zakim]
+markw; got it
19:04:46 [Zakim]
+ +1.617.384.aaaa
19:05:16 [asad]
19:06:24 [asad]
19:06:44 [wseltzer]
zakim, pick a victim
19:06:44 [Zakim]
Not knowing who is chairing or who scribed recently, I propose zooko
19:06:57 [hhalpin]
Zakim, pick a scribe
19:06:57 [Zakim]
Not knowing who is chairing or who scribed recently, I propose vgb
19:07:23 [wseltzer]
Chair: Virginie_Galindo
19:07:57 [wseltzer]
scribe: zooko
19:08:01 [wseltzer]
scribenick: zooko
19:08:11 [virginie]
agenda ?
19:08:13 [zooko]
LEt's see... everything I type in here becomes part of the scribed record, right? Except for things I prefix with something/
19:08:19 [virginie]
Zakim, who is on the phone?
19:08:19 [Zakim]
On the phone I see [Microsoft], [Microsoft.a], asad, JimD, zooko, Google, virginie, ddahl, vgb, karen, arunranga (muted), hhalpin, emily, Netflix, wseltzer
19:08:22 [Zakim]
Google has wtc, rsleevi
19:08:22 [Zakim]
Netflix has markw
19:08:57 [hhalpin]
Zakim, [Microsoft.a] is vgb
19:08:57 [Zakim]
+vgb; got it
19:09:05 [Zakim]
+ +1.978.652.aabb
19:09:09 [hhalpin]
Zakim, [Microsoft] is AnthonyNadalin
19:09:09 [Zakim]
+AnthonyNadalin; got it
19:09:15 [Zakim]
19:09:26 [JimD]
zakim, aabb is JimD
19:09:26 [Zakim]
+JimD; got it
19:09:47 [hhalpin]
Zakim, Netflix has MarkW
19:09:47 [Zakim]
markw was already listed in Netflix, hhalpin
19:09:54 [vgb]
Zakim, [Microsoft.a] is selfissued
19:09:54 [Zakim]
sorry, vgb, I do not recognize a party named '[Microsoft.a]'
19:10:11 [hhalpin]
Zakim, vgb has selfissued
19:10:11 [Zakim]
+selfissued; got it
19:10:25 [virginie]
19:10:40 [hhalpin]
PROPOSED: Approve meeting minutes of Aug 20th -
19:10:57 [hhalpin]
RESOLVED: meeting minutes of Aug 20th are approved -
19:11:02 [hhalpin]
19:11:11 [hhalpin]
topic: Web Crypto Draft API
19:11:11 [JimD]
JimD has joined #crypto
19:11:51 [zooko]
Nothing changes since the previous version. Everyone waited until this morning to start giving feedback.
19:11:55 [zooko]
There is a lot of good feedback
19:11:58 [zooko]
Ryan said that. --^
19:12:55 [zooko]
rsleevi: No changes since the previous version. Everyone waited until this morning to start giving feedback. There is a lot of good feedback.
19:13:04 [zooko]
thanks, hhalpin.
19:13:15 [zooko]
Did "thanks, hhalpin" just go into the scribe record?
19:13:40 [hhalpin]
s/thanks, hhalpin//
19:13:58 [zooko]
rsleevi: the plan is to incorporate all the feedback into another draft. If people can get their feedback in today, it would be reasonable to use it for the next version.
19:14:43 [zooko]
How do I say things not for the record?
19:14:49 [zooko]
s/How do I say things not for the record?//
19:15:36 [asad]
19:15:57 [markw]
19:16:19 [hhalpin]
19:16:32 [zooko]
asad: the draft is good. There are a few things that need to be polished.
19:16:56 [zooko]
asad: in the past we had some sample code. I don't see it now.
19:17:32 [zooko]
asad: I fear that when we talk about the scope of this API, we mention secure elements and smartcards, but it is not in the right light.
19:17:52 [zooko]
asad: It is out of scope how to generate the keys or mandating that smartcards be used, but for applications where those are required we
19:18:12 [zooko]
... should at least mention the relevant features, within the scope.
19:18:19 [zooko]
... Please look at the email that I sent out this morning.
19:18:41 [Zakim]
+ +1.303.661.aacc
19:18:44 [sdurbha]
sdurbha has joined #crypto
19:18:46 [zooko]
virginie: two proposals: add sample code, and add mention of relevant features
19:20:41 [virginie]
19:20:47 [rsleevi]
q+ to reply to asad's use case concern
19:20:56 [virginie]
ack asad
19:21:00 [wseltzer]
ack markw
19:22:23 [zooko]
markw: we need to be clear on which things are still open issues.
19:22:23 [JimD]
JimD has joined #crypto
19:22:33 [markw]
I said that there are issues we've been discussing on the mailing list and I wanted to be sure these were properly documented in the specification before it goes to FPWD
19:22:33 [hhalpin]
Zakim, who's making noise?
19:22:37 [karen_]
19:22:43 [Zakim]
hhalpin, listening for 10 seconds I heard sound from the following: karen (29%)
19:23:26 [zooko]
rsleevi: if there are issues you want to raise, use the bug tracker or the mailing list to make it clear what are the issues or bugs.
19:23:34 [zooko]
rsleevi: I'm not sure at what point we start using bugzilla to trac bugs.
19:23:43 [zooko]
rsleevi: I want to make sure that everyone's opinions on these are getting captured.
19:23:45 [hhalpin]
We can kill Bugzilla if users prefer W3C Tracker
19:23:46 [virginie]
19:23:57 [hhalpin]
different working groups hae different styles
19:23:58 [zooko]
markw: the issue tracker is fine.
19:24:16 [hhalpin]
we can link to chromium, mozilla bug trackers perhaps
19:24:20 [zooko]
virginie: does anyone feel that there are issues that are not tracked at the moment?
19:24:30 [vgb]
19:24:35 [hhalpin]
not sure if IE has a bugtracker per se or public open issue list, does it?
19:24:40 [rsleevi]
@harry: I didn't mean Chromium/Mozilla bugs, bug the W3C bug tracker
19:24:48 [rsleevi]
*meant bugs in the W3C bug tracker
19:24:57 [markw]
s/the issue tracker is fine/the issue tracker is fine so long as issues are linked from appropriate parts of the specification/
19:26:00 [markw]
19:26:04 [zooko]
@@: the application needs to know that this key is indeed from the smartcard.
19:26:12 [wseltzer]
19:26:33 [zooko]
karen: for example, a banking application may allow a different kind of transaction or higher or lower limit depending on which key is used.
19:26:53 [hhalpin]
@rsleevi: I'm suggesting we remove the W3C bugzillas unless we plan to use them, and include links to the bugzillas of implementations instead
19:26:54 [hhalpin]
but not right now, since we aren't in implementation mode yet
19:27:19 [zooko]
karen: I would suggest that we talk about the key storage.
19:27:37 [rsleevi]
hhalpin: I was meaning to use the bugzilla to track bugs in the spec, which leads to ISSUES (points of discussion) or ACTIONs (resolutions for bugs)
19:27:48 [zooko]
virginie: we need to create an issue, because we don't have explicit discussion of this question of the application knowing where the key is coming from.
19:27:59 [wseltzer]
19:27:59 [trackbot]
ISSUE-16 -- Definition for Key Expiration -- raised
19:27:59 [trackbot]
19:28:01 [zooko]
@@: this is Issue 16, which is closed and resolved as something that we're not going to do.
19:28:14 [rsleevi]
19:28:14 [rsleevi]
19:28:18 [wseltzer]
19:28:18 [trackbot]
ISSUE-11 -- Is there a need for a storage attribute, indicating storage in a hardware token -- closed
19:28:18 [trackbot]
19:28:26 [zooko]
rsleevi: sorry, ISSUE-11
19:28:31 [hhalpin]
it is possible to re-open issues, but we prefer not to
19:28:33 [zooko]
karen: How is this use case resolved?
19:28:35 [hhalpin]
in general
19:28:40 [Zakim]
19:28:51 [virginie]
19:29:08 [sdurbha]
19:29:16 [asad]
Issue 16 is for key expiration not for the source of key, right?
19:29:20 [JimD]
JimD has joined #crypto
19:29:25 [zooko]
... How does an application -- a banking application -- know that a certain key satisfies its requirement?
19:29:48 [asad]
Ok thanks.
19:29:56 [JimD]
It's one thing to say smart cards are out of scope, but it's another thing to create an API that prohibits
19:30:21 [JimD]
That prohibits smart card use
19:30:27 [zooko]
virginie: How to allow an application to make sure that a key is in a secure element, without prohibiting any type of technical solution to this.
19:30:37 [virginie]
19:30:44 [zooko]
karen: We don't have to use an attribute, as long as there is a way for an application to make sure that a key is coming from where it desires.
19:30:54 [asad]
19:31:13 [Zakim]
19:31:16 [hhalpin]
ack hhalpin
19:32:16 [zooko]
rsleevi: we're supposed to give feedback by today.
19:32:25 [virginie]
ack karen_
19:32:27 [rsleevi]
19:32:30 [zooko]
rsleevi: Editors are supposed to use this feedback and put a new document by September 4.
19:32:36 [zooko]
rsleevi: And then the document is basically done.
19:32:44 [zooko]
rsleevi: And then we'll have a formal go-around and ask for objections.
19:32:48 [zooko]
19:32:51 [zooko]
19:33:02 [virginie]
19:33:03 [zooko]
And by "rsleevi" I mean harry.
19:33:29 [hhalpin]
sample code can go into a primer
19:33:42 [hhalpin]
or even the use-cases, and link to the spec.
19:33:44 [zooko]
rsleevi: might be early for sample code since the API is still changing rapidly
19:34:41 [zooko]
rsleevi: an attribute is problematic, but the goal is not to prevent smartcards or secure elements.
19:34:59 [zooko]
... origin-generated vs. origin-authorized
19:35:22 [zooko]
... The current spec isn't against smartcards.
19:35:29 [zooko]
... We need to work out some new mechanism.
19:35:31 [zooko]
... On the mailing list.
19:35:41 [virginie]
19:35:42 [zooko]
... If you could send your concerns to the mailing list along with what proposal you'd like to see.
19:35:45 [wseltzer]
ack next
19:35:46 [Zakim]
rsleevi, you wanted to reply to asad's use case concern
19:35:53 [wseltzer]
ack next
19:36:59 [hhalpin]
good idea, and that is what folks were supposed to do last week :)
19:37:05 [zooko]
@@: It sounds like there are people proposing open issues that think they're being misunderstood.
19:37:08 [rsleevi]
+1 to vgb, that's what I was asking for :)
19:37:21 [zooko]
19:37:27 [wseltzer]
ack next
19:37:38 [vgb]
19:39:51 [hhalpin]
19:40:01 [wseltzer]
ACTION on mark to write some non-normative text about pre-shared keys
19:40:01 [trackbot]
Sorry, couldn't find user - on
19:40:12 [wseltzer]
ACTION mark to write some non-normative text about pre-shared keys
19:40:12 [trackbot]
Created ACTION-38 - Write some non-normative text about pre-shared keys [on Mark Watson - due 2012-09-03].
19:40:50 [rsleevi]
q+ to reply to asad
19:40:58 [rsleevi]
er, sdurbha :)
19:41:01 [zooko]
sdurbha: maybe we need a method of searching for a key based on the type of key
19:41:32 [wseltzer]
19:41:34 [wseltzer]
ack sdurbha
19:41:36 [sdurbha]
19:42:35 [wseltzer]
zakim, close queue
19:42:35 [Zakim]
ok, wseltzer, the speaker queue is closed
19:42:55 [sdurbha]
zooko: I think that will be good idea too
19:43:21 [zooko]
asad: +1 whoever indicates -- at this late stage of the game -- that the text needs to be changed should provide the proposed new text.
19:43:39 [sdurbha]
19:44:03 [zooko]
asad: once the user has selected the key, the application should be made aware of that.
19:44:34 [zooko]
virginie: just to try to clarify, when you say "what key" do you mean the specific identifier -- which has been heavily discussed.
19:44:43 [zooko]
asad: it is basically the source -- if it is coming from local storage or from a smartcard.
19:45:24 [asad]
19:45:30 [zooko]
@@: we've had a week to do what we've talked about -- send notes about open issues and proposed changes.
19:45:45 [zooko]
@@: given that we're moving the next telecomm to Sept 4, that we give people basically until the end of tomorrow to do that.
19:45:47 [arunranga]
19:45:57 [zooko]
... And if they do it afterward, fine, but it may not get into the first edition of the working draft.
19:46:09 [zooko]
... If the discussions carry on to the end of the week it will be too late to get it in.
19:46:26 [zooko]
... For this *particular* round of publication, I'm suggesting that we give people until the end of tomorrow to submit whatever proposed changes that they want.
19:46:55 [hhalpin]
its a short deadline, but we need to have a hard deadline somewhere for this FPWD
19:47:05 [hhalpin]
EOD tomorrow
19:47:17 [wseltzer]
ack ryan
19:47:22 [wseltzer]
ack hhalpin
19:47:24 [wseltzer]
ack rsleevi
19:47:24 [Zakim]
rsleevi, you wanted to reply to asad
19:47:39 [hhalpin]
PROPOSAL: All comments for FPWD have to be in Tuesday tomorrow evening.
19:47:50 [virginie]
19:48:05 [hhalpin]
Remember, we can *keep* changing things after the FPWD
19:48:18 [zooko]
@@: issues should be as specific as possible -- if you have a use case that requires three things, it might be better to put it as three issues.
19:48:37 [wseltzer]
19:48:56 [zooko]
... We are talking about keys that are either generated by the application, or provided by some out of band means -- pre-shared, pre-provisioned.
19:49:02 [zooko]
... What has not been discussed yet is authorizing keys.
19:49:35 [zooko]
... Key authorization is like multi-origin access, which has a number of challenging security issues.
19:49:55 [zooko]
... If it doesn't make it into the first public working draft, that doesn't mean that we're not going to work on it, but be prepared...
19:50:33 [virginie]
19:53:34 [rsleevi]
19:53:40 [zooko]
virginie: Does anyone have a vision of what they want the next step after the working draft
19:53:51 [wseltzer]
zakim, reopen queue
19:53:51 [Zakim]
ok, wseltzer, the speaker queue is open
19:54:20 [vgb]
19:54:24 [asad]
19:55:00 [zooko]
@@: If we have a clear semantic description of how origin-authorized keys work... pre-provisioned keys should be very similar.
19:55:11 [zooko]
... I would expect a lot more discussion about import/export, wrap/unwrap and key representation.
19:55:34 [wseltzer]
ack vgb
19:55:38 [zooko]
19:55:52 [zooko]
asad: there's another bundle of issues around certificates that's awaiting us.
19:56:16 [zooko]
... One of the problems that I see with the way we're currently doing things is that we have loads of open issues and things don't get closed and stay closed.
19:56:37 [asad]
19:57:03 [rsleevi]
19:57:13 [hhalpin]
any of those is fine after FPWD, but in the beginning the main issue is to explore the space of issus.
19:57:59 [zooko]
@@: once you have one public working draft, then the public review goes on for the next almost year.
19:58:08 [zooko]
... The public can send feedback at any time up until last call.
19:58:23 [asad]
19:58:29 [wseltzer]
zakim, close queue
19:58:29 [Zakim]
ok, wseltzer, the speaker queue is closed
19:58:31 [zooko]
... After last call we do not accept feedback from the public, although the working group can still changes things up until lTer.
19:59:38 [Zakim]
20:00:13 [hhalpin]
we can focus existing calls as well, as has been suggested
20:00:49 [zooko]
virginie: I would prefer to dedicate one of our regular conference calls to a specific problem.
20:00:59 [zooko]
... Not to increase the level of required work -- it is already kind of tough.
20:01:43 [rsleevi]
Last call for new issues; Tuesday evening. New draft target is Friday, for review over the weekend & Monday
20:01:56 [Zakim]
20:01:57 [Zakim]
20:01:58 [Zakim]
20:01:58 [Zakim]
20:02:00 [Zakim]
20:02:02 [Zakim]
20:02:05 [Zakim]
20:02:06 [Zakim]
20:02:08 [Zakim]
20:02:10 [Zakim]
20:02:13 [wseltzer]
trackbot, end teleconf
20:02:13 [trackbot]
Zakim, list attendees
20:02:14 [Zakim]
20:02:21 [hhalpin]
Trackbot, end meeting
20:02:21 [Zakim]
20:02:21 [trackbot]
RRSAgent, please draft minutes
20:02:21 [RRSAgent]
I have made the request to generate trackbot
20:02:22 [trackbot]
RRSAgent, bye
20:02:22 [RRSAgent]
I see no action items
20:02:22 [trackbot]
Sorry, hhalpin, I don't understand 'Trackbot, end meeting'. Please refer to for help
20:02:23 [Zakim]
20:03:05 [RRSAgent]
RRSAgent has joined #crypto
20:03:05 [RRSAgent]
logging to
20:03:07 [wseltzer]
rrsagent, make minutes public
20:03:07 [RRSAgent]
I'm logging. I don't understand 'make minutes public', wseltzer. Try /msg RRSAgent help
20:03:34 [wseltzer]
rrsagent, make log public
20:04:21 [wseltzer]
present+ asad, JimD, zooko, virginie, ddahl, wtc, rsleevi, karen, arunranga, hhalpin, emily, markw, +1.617.384.aaaa, wseltzer, +1.978.652.aabb, AnthonyNadalin, selfissued,
20:05:49 [wseltzer]
rrsagent, bye
20:05:49 [RRSAgent]
I see no action items