07:38:53 RRSAgent has joined #crypto 07:38:53 logging to http://www.w3.org/2012/11/01-crypto-irc 07:38:55 RRSAgent, make logs webcrypto 07:38:55 markw_ has joined #crypto 07:38:55 Zakim has joined #crypto 07:38:57 Zakim, this will be SEC_WebCryp 07:38:57 I do not see a conference matching that name scheduled within the next hour, trackbot 07:38:58 Meeting: Web Cryptography Working Group Teleconference 07:38:58 Date: 01 November 2012 07:39:07 Chair: Virginie Galindo 07:39:58 pal has joined #crypto 07:40:27 rsleevi has joined #crypto 07:41:36 How did it feel, Virginie? 07:43:49 http://www.w3.org/2012/webcrypto/wiki/F2F_TPAC_Lyon_Nov2012 07:43:55 ddahl has joined #crypto 07:44:06 http://www.w3.org/2012/webcrypto/track/ 07:44:15 Agenda & Issues, respectively 07:45:00 christine_ has joined #crypto 07:45:10 mountie has joined #crypto 07:45:19 jin has joined #crypto 07:45:24 ttanaka2 has joined #crypto 07:46:11 Present+ Ryan_Sleevi 07:47:01 Milan has joined #crypto 07:49:11 Present+ olivier, Gemalto 07:49:26 Present+ David_Rogers, invited expert 07:49:44 Present+ Wendy_Seltzer, W3C 07:50:14 Present+ Wan_Teh_Chang, Google 07:50:39 Present+ David_Dahl, Mozilla 07:51:35 sangrae has joined #crypto 07:51:59 Present+ Mountie_Lee, Paygate/Mobile Web Forum 07:52:33 Present+ Mike_Jones, Microsoft 07:56:25 Present+ Virginie_Galindo, Gemalto 07:57:09 wtc has joined #crypto 07:58:29 virginie: Agenda overview, scribe hunting 07:58:45 Present+ Richard_Barnes, BBN 07:58:57 hhalpin has joined #crypto 07:59:02 scribenick: selfissued 07:59:05 scribe: Mike_Jones 07:59:19 amirabella has joined #crypto 07:59:23 Is it possible to avoid the key format discussions overlapping with the Encrypted Media and Media Source discussions in HTML ? 07:59:42 I will can you exactly when those are scheduled shortly 07:59:46 agenda+ status 07:59:51 agenda+ usability 07:59:56 agenda+ keyformat 08:00:03 agenda+ implementations 08:00:05 agenda+ usecases 08:00:11 Mike Jones - I am the scribe for this hour 08:00:34 trackbot start meeting 08:00:44 [agenda on the wiki: http://lists.w3.org/Archives/Public/public-webcrypto/2012Oct/0149.html ] 08:00:54 [http://www.w3.org/2012/webcrypto/wiki/F2F_TPAC_Lyon_Nov2012#Proposed_agenda] 08:00:56 tpacbot, start meeting 08:02:00 chair: virginie_gallindo 08:02:04 scribe: selfissued 08:02:50 Present+ David_Rogers 08:03:27 Virginie: We want to understand what our disagreements are and why we have them 08:03:55 ... We have lots of open issues - we should be creating actions during this meeting to close them 08:04:16 The WG can eat together at Bouchon lyonnais 08:04:31 http://www.w3.org/2012/webcrypto/wiki/F2F_TPAC_Lyon_Nov2012 08:04:43 https://www.w3.org/2012/10/TPAC/live/schedule/ 08:04:47 [tpac live app https://www.w3.org/2012/10/TPAC/live/schedule] 08:04:53 Sign up for dinner at the URL above by noon 08:06:11 JonathanJ1 has joined #crypto 08:07:33 Mountie: Asks us to consider call times that work for Asian members 08:07:56 wseltzer has changed the topic to: WebCrypto F2F. call-in code 1932# 08:08:03 kotakagi has joined #crypto 08:08:05 rbarnes has joined #crypto 08:08:12 Present+ Jonathan_Jeon 08:08:38 rrsagent, draft minutes 08:08:38 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html JonathanJ1 08:08:44 We have 53 group participants 08:08:50 We have 11 invited experts 08:08:55 We have 20 organizations 08:09:04 kotakagi has left #crypto 08:09:11 We have 10-20 participants in each call 08:09:23 We have 17 group members registered for this F2F 08:10:12 We have a 2 year charter 08:10:33 Virginie: FWPD draft published 08:10:39 ... very few formal comments 08:10:54 ... Formal comments from Oxford, DT 08:11:16 ... Some informal comments in tweets, etc. criticizing the premise behind the work 08:11:37 ... We have 30 open issues and 9 high-priority issues 08:11:41 bjkim has joined #crypto 08:12:26 ... They are sorted into specific domains: crypto, functional, design, key, definition, next usability 08:12:28 [issues list: http://www.w3.org/2012/webcrypto/track/issues/open?sort=product ] 08:12:46 Wonsuk has joined #crypto 08:12:53 ... We have a wiki with use cases and an editor for it - Arun from Mozilla 08:13:36 ... We are almost ready to make a blog post about the work 08:14:04 ... Proposed next steps for two upcoming months 08:14:19 ... Publish a new working draft incorporating solved issues 08:14:25 ... Create a use case specification 08:14:37 blogpost will be posted as soon as tlr gets a chance to look over a version, happy to discuss his issues first thing in the morning 08:14:39 ... Create a draft security document 08:14:48 timeless has joined #crypto 08:14:59 ... Possibly a draft high level API description 08:16:01 Mike: We would need to decide whether to have a high-level API at all or not at this point 08:16:32 priority list: https://docs.google.com/spreadsheet/ccc?key=0Atia00Ba4s7XdGNtYTJBdTFELXV3eWZfMEVud09RV1E#gid=0 08:17:15 Mountie: Asked about issue prioritization 08:17:37 Virginie: Certificate management is currently categorized as a secondary feature 08:18:07 Virginie: The working group is contribution based 08:19:31 At this point in the agenda, Ryan Sleevi will give an overview of the state of the API 08:22:43 Ryan: Goal recommendation-track specification 08:22:49 wseltzer1 has joined #crypto 08:23:02 ... Long list of primary features 08:23:21 ... Also list of secondary features 08:23:36 ... (Many of the secondary features about keys and key management) 08:23:49 ... Why are there so many features? 08:24:51 ... Today Web Apps have JavaScript that runs in a browser 08:25:10 ... Today most Web Apps use cryptography only through SSSL 08:25:33 ... Today a few have JavaScript crypto libraries 08:26:42 ... Today native apps can use crypto without even being aware of it, such as protected storage 08:26:45 tpacbot has joined #crypto 08:27:29 tlr has joined #crypto 08:27:36 ... Some native apps use crypto APIS such as CAPI, CNG, CDSA, CC, PKCS#11, etc. 08:28:03 ... Some native apps use software and smart card cryptographic providers 08:29:14 ... The full picture can be even more complex, including NFC, Bluetooth, USB, ISA, Smart Card, PC/SC, etc. 08:29:30 ... Sometimes national crypto features as well 08:30:46 ... In Asia and Europe, often browser plugins used to give access to native crypto implementations 08:31:53 ... Plugins are not the future 08:32:04 ... They will not work across mobile browsers, etc. 08:32:32 ... Standards are often set on a national basis 08:32:55 ... We need to understand the problem space to produce a workable solution 08:33:05 ... The problem space is huge 08:33:57 ... Tomorrow Web Apps should be able to use crypto without being highly aware of it (just like native apps today) 08:34:17 ... Tomorrow Web Apps should be able to directly use crypto APIs (just like native apps today) 08:35:17 ... There are lots of other W3C efforts that relate to this 08:35:44 ... Web intents, accessibility, UI, NFC, Smart Card API, etc. 08:36:08 Wonsuk has left #crypto 08:37:07 markw has joined #crypto 08:37:26 ... Lots of middleware in W3C WGs 08:37:50 ... Gemalto will be proposing a smart card API in another WG 08:38:13 ... We want to move from plugin-based solutions to standards-based solutions 08:38:22 q+ 08:39:53 wtc has joined #crypto 08:41:32 Ryan: Combined, the different W3C APIs and efforts can provide a rich standards-based Web App platform 08:41:43 ... We shouldn't feel like we have to do everything 08:44:14 rrsagent, draft minutes 08:44:14 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html JonathanJ1 08:44:33 q+ 08:44:51 Virgine: We should use the work of other WGs to drive UI decisions - not make them ourselves 08:46:53 Ryan: One current hole is key storage 08:47:13 ... We may need UI to inform users that the web application has access to sensitive information 08:47:51 ... Some UI elements, such as presentation of document to sign, may be the subject of national standards 08:48:41 David Rogers: What levels of assurance do we think are achievable? 08:49:23 Ryan: We need to assure that what is shown to the user is what is actually acted upon 08:49:45 ... For instance, sending $100, rather than saying that $100 is being sent and actually sending $1000 08:50:23 ... We may want to capture some of this through Web intents 08:51:06 q+ 08:52:23 Ryan: We need to prevent the intent provider from being owned 08:52:35 ... This is being addressed in the Web App sec WG 08:53:20 David: Criminals do client side attacks 08:53:27 q? 08:53:31 ack hhalpin 08:53:37 ... Our security model needs to encompass this 08:54:34 Harry: We split the Crypto API work out of the WebApp security work, but we still depend upon WebAppSec 08:55:33 David: We need to clearly state our security considerations to do a professional job 08:58:23 Mike: Does the web intent and UI work you're describing result in work for this WG? 08:58:48 Ryan: No, my point was that end-to-end solutions will necessarily depend upon work in other WGs as well 08:59:20 (the WG is now taking a 15 minute break) 09:13:33 rrsagent, draft minutes 09:13:33 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html wseltzer 09:13:43 I'm logging. I don't understand 'make minutes public', wseltzer. Try /msg RRSAgent help 09:14:06 Sorry, wseltzer, I don't understand 'trackbot, make logs public'. Please refer to http://www.w3.org/2005/06/tracker/irc for help. 09:14:44 ISSUE-12? 09:14:44 ISSUE-12 -- Should the API distinguish between algorithm and operation parameters? -- open 09:14:44 http://www.w3.org/2012/webcrypto/track/issues/12 09:14:49 ISSUE-14? 09:14:49 ISSUE-14 -- Representation of raw key material -- open 09:14:49 http://www.w3.org/2012/webcrypto/track/issues/14 09:14:50 rbarnes has joined #crypto 09:14:54 ISSUE-19? 09:14:54 ISSUE-19 -- Does it make sense to have authorized-origin and specific-origin keys -- open 09:14:54 http://www.w3.org/2012/webcrypto/track/issues/19 09:14:58 hello, i will be your scribe this hour 09:15:05 scribenick: rbarnes 09:15:06 virginie: intro 09:15:30 ddahl: 09:15:52 cjkula has joined #crypto 09:16:09 JonathanJ1 has joined #crypto 09:16:25 selfissued: suggest people who didn't introduce themselves introduce themselves 09:16:47 mark, harry, cjkula, rbarnes 09:17:18 ddahl: as we're working through these usability issues, keep in mind things like code examples 09:18:17 … don't know any web developers who could use the API today 09:18:26 … that's OK, but we should keep that in the back of our heads 09:20:02 hhalpin: to rsleevi: what is your feeling on high level vs. low level 09:20:14 drogersuk has joined #crypto 09:20:18 rsleevi: probably part of a holistic look at the API and how we make it easier to use 09:20:42 q? 09:20:54 ack selfissued 09:20:57 ddahl: i'm also keeping in mind that there will be a "jQuery of web crypto" to create abstractions 09:21:06 … so we don't need to address everything here 09:21:28 rsleevi: it creates more objects to be defined, could get back into the problems with key generation/derivation 09:21:39 … creating ontologies and applying them consistently is a hard problem 09:21:46 … algorithm vs. operation is a tricky question 09:22:02 … e.g. if you're only using the objects once, maybe it's not even meaningful 09:22:15 q+ 09:22:51 wtc: it's clear that certain things belong to operation, e.g., IV 09:23:13 … so if we make IV a parameter of the algorithm identifier, we run into problems with algorithm comparison 09:24:11 mountie: the current spec has many algorithms, but there are lots of others 09:24:25 … e.g., Korea has several local algorithms 09:24:45 … updating specs can be difficult, maybe separating things could help adaptability 09:25:06 virginie_galindo: we decided as WG that we are going to recommend some algorithms and describe them a bit more 09:25:15 … we know we can't address all the algorithms in the world 09:25:16 q+ to respond to mountie 09:25:23 … but we need to provide some guidance to web developers 09:25:28 q+ 09:27:02 q+ 09:27:02 q+ 09:27:05 rsleevi, you wanted to respond to mountie 09:27:24 rsleevi: quick response to mountie: sounds like that issue is slightly different than what we're discussing 09:27:37 … more about document organization / modularization, do that later 09:28:08 … in response to wtc on algorithm normalization: don't think it requires a change to the rules 09:28:17 q? 09:28:25 … the normalization rules were our jacky way to deal with using strings in some places and not others 09:28:35 s/jacky/hacky/ 09:29:59 … this issue is about calling convention 09:30:18 selfissued: in terms of doc organization, we should be very clear about what things are part of the algorithm vs. which are data 09:30:34 … e.g., mgf vs. iv / authenticated data 09:30:54 … don't have a strong opinion on the need to separate as a calling convention, but should be clear editorially 09:31:27 wtc has joined #crypto 09:31:41 q+ 09:31:50 markw: pretty confusing when people look at this at first and see all this stuff in AlgorithmIdentifier 09:31:59 q+ 09:32:17 ack selfissued 09:32:18 ack markw 09:32:18 q- 09:32:29 ack hhalpin 09:32:41 hhalpin: from a process standpoint, agree with ryan that this is part of a larger usability issue 09:32:48 … should we just have the usability discussion now? 09:33:05 … what we need in the spec is, what is the larger pattern / anti-pattern for parameterization? 09:33:44 q+ 09:33:57 … my intuition is that keeping operations separate kind of makes sense, but it also makes things more complicated 09:34:15 ack hhalpin 09:34:16 virginie_galindo: you're looking at ryan, but everybody should be concerned 09:34:31 ack wtc 09:34:54 wtc: seems a little extreme to have to make two dictionaries just to do a simple CBC operation 09:35:11 … if i want an AES-CBC mode key, don't want to specify an IV parameter 09:35:13 q+ 09:35:29 … maybe we should separate namespaces for "key algorithms" and "operation algorithms" 09:35:33 ack rsleevi 09:35:54 rsleevi: feedback from i've received from internal developers is that the use of a single dictionary is seen as a natural point 09:36:10 … many APIs are preferring dictionaries over positional arguments 09:36:30 … i wouldn't worry about using dictionaries here 09:36:49 … to respond to wt.'s point, we do have some separation now, between key generation parameters and operation parameters 09:37:01 selfissued: could we project the part of the spec that says that? 09:37:41 example of issue impact http://www.w3.org/2012/webcrypto/WebCryptoAPI/ section 24.3.2 09:38:28 rsleevi: 09:38:37 … so there is some separation now 09:38:45 q? 09:38:53 … in a broader sense of improving usability, let's get some concrete proposal 09:39:06 … if we're going to split, then someone needs to propose text 09:39:46 … absent a proposal, we're going to continue to circle on this 09:40:21 ddahl: was going to say the same thing that wtc did 09:40:26 ack ddahl 09:40:29 ack markw 09:40:47 markw: we can talk about whether it's a good idea in principle, then someone can go off and write something specifc 09:41:03 … you could even go as far as creating an Algorithm object 09:41:27 … regarding things like AES keys, could be useful to separate key algorithms from operational algorithms 09:41:31 q+ 09:41:49 … my implementors were like "there's no such thing as an AES-CTR key, there's an AES key" 09:41:56 ack rsleevi 09:42:05 rsleevi: that's a separate point, and a reasonable one to discuss 09:42:12 … don't want to mix keys in some spaces 09:42:44 … when you're dealing with an implementation's cryptographic spec, does it support CBC but not CTR 09:42:48 … or not GCM 09:43:12 … you could create a key for GCM, but not be able to use it 09:43:47 … for AES, it's less of a big deal, for asymmetric, might waste a lot of time on keygen if say there's no OAEP 09:43:52 q? 09:43:56 markw: well, there should be capability discovery 09:44:08 agenda? 09:44:08 rsleevi: for now, the key is the starting point for capability discovery 09:44:27 … if we're going to revisit discovery, we would need some proposals 09:44:53 … the way that it works today is that trying to initialize the operation is the point at which you learn about unsupported algorithms 09:45:16 rogers: isn't that kind of inefficient? 09:45:44 rsleevi: yes, kind of. but you might not find out until operation time (e.g., with a smart card) 09:45:45 q? 09:46:24 … this starts to move toward secondary features, like multiple key stores and how to deal with that 09:47:05 virginie_galindo: who would like to volunteer to improve the parameters / identifiers 09:47:09 09:47:39 wtc: want to propose a solution, but it might not separate operational parameters 09:47:51 … see a hole in the current editor's draft in specifying parameters for key generation 09:48:04 rsleevi: that's not the ISSUE-12 problem, that's a new problem 09:48:58 hhalpin: maybe wtc can solve ISSUE-12 while he's at it 09:49:07 virginie_galindo: markw and etc can work together 09:49:36 s/etc/wtc/ 09:49:52 ACTION Wan-Teh and Mark to work on proposal for ISSUE-12 09:49:53 Created ACTION-58 - And Mark to work on proposal for ISSUE-12 [on Wan-Teh Chang - due 2012-11-08]. 09:58:31 kotakagi has joined #crypto 10:05:04 pal has joined #crypto 10:05:49 tlr has joined #crypto 10:09:08 markw has joined #crypto 10:11:06 ttanaka2 has joined #crypto 10:12:06 slightlyoff has joined #crypto 10:14:27 wtc has joined #crypto 10:15:08 scribenick: wtc 10:15:25 To sign up for dinner, log in at https://www.w3.org/2012/10/TPAC/live/schedule and click on the start next to "Web Crypto WG dinner" so that the star turns gold 10:15:52 virginie_galindo: in this session we will start with usability and then switch to key formats. 10:16:03 ISSUE-14? 10:16:03 ISSUE-14 -- Representation of raw key material -- open 10:16:03 http://www.w3.org/2012/webcrypto/track/issues/14 10:16:32 ddahl: ISSUE-14: representation of raw key material. We are going back and forth on how to represent key material. 10:16:59 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html rsleevi 10:17:17 ddahl: ASN.1 DER seems natural for a low-level API, but JSON should also be supported. Perhaps there should be a way to convert between the formats. 10:17:59 q? 10:18:00 q+ 10:18:03 ddahl: are there any key types that can't be represented in JSON? 10:18:24 q+ 10:18:31 q+ 10:18:49 hhalpin has joined #crypto 10:18:50 tantek: is this meant to cover the use-case of someone posting public key on a web page? 10:18:51 Celik: will this allow people to publish their public keys on their websites? 10:19:10 q+ 10:19:15 My thinking re key publication is that folks will keep using armored ASCII key encryption of their public keys 10:19:32 This is more app-facing 10:19:35 @hhalpin: You mean the form that is not specified/standardized anywhere? 10:19:35 q+ 10:19:39 q? 10:19:51 ekr has joined #crypto 10:19:54 q+ 10:20:02 ddahl: Yes. But we need to cover other types of keys. There is a lot of back and forth about this. I am not sure how to solve this issue. 10:20:32 when you see people publish keys, its usually something like this: http://www.ibiblio.org/hhalpin/harryhalpin.asc.gpg 10:20:49 @hhalpin: What, no WebID love? ;) 10:20:51 i.e. on "their webpage" which was Tantek's question, as hje's a microformat guy 10:21:21 q? 10:21:25 ddahl: we could standardize on using ASN.1 DER internally and then specify which key types could be exported in JSON. 10:21:33 q+ 10:21:49 slightlyoff: could you give an example of a key type that couldn't be represented in JSON? 10:22:17 well, we have to chose one :) 10:22:22 ack rsleevi 10:22:27 rbarnes: why do we need to even standardize on a key format? 10:22:53 re import, export - but that's in secondary features in particular 10:23:07 rsleevi: we need to find out what is easier for developers in practice. 10:23:47 rsleevi: there are cases where JSON would make sense or ASN.1 DER would make sense. 10:23:49 q? 10:23:57 rrsagent, draft minutes 10:23:57 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html JonathanJ1 10:24:41 rsleevi: requiring an application to convert from other formats to the format we choose would be acceptable. 10:25:09 https://tools.ietf.org/html/draft-ietf-jose-json-web-key-06 10:25:17 rsleevi: I raised this issue because at that time it wasn't clear based on the use cases which format would be optimal. 10:25:25 q? 10:26:15 Present+ Alex_Russell 10:26:56 selfissued: the JOSE working group felt that there are compelling reasons not to reinvent a new format. 10:27:35 HadleyBeeman has joined #crypto 10:27:45 selfissued: for certain use cases we would recommend just using ASN.1 DER for things like keys used in an attestation chain. 10:28:21 matt has joined #crypto 10:28:40 selfissued: the Editor's API is in a good position because the import/export methods take a key format argument. 10:28:43 matt has left #crypto 10:29:05 matt has joined #crypto 10:29:15 selfissued: In the JOSE working group I will ask if the private key document should become a working group document. 10:29:30 kotakagi has joined #crypto 10:29:44 selfissued: I'd like opinions on whether we would like a standard JSON representation of shared (symmetric) keys. 10:30:02 q? 10:30:23 ack selfissued 10:30:39 ack olivier 10:31:03 olivier: I'd need strong motivation to invent new formats for keys. DER encoding is sufficient for using the crypto API. What's the motivation for a new format? 10:31:09 matt has left #crypto 10:31:17 matt has joined #crypto 10:31:20 matt has left #crypto 10:31:48 ddahl: to give web developers who are not familiar with crypto a more transparent view of what's in the key. 10:32:35 markw: If you have JSON, you have serialization. Whereas JavaScript objects don't. 10:32:44 tantek_ has joined #crypto 10:33:00 markw: we need a serialization format for every key type that we need to wrap. 10:33:20 markw: also the key attributes. 10:33:31 markw: I don't know if such standard exists. 10:34:06 markw: I'd prefer if the JOSE working group take on the representation of private keys and symmetric keys. 10:34:48 q? 10:34:54 ack markw 10:35:17 Present+ Eric_Rescorla 10:35:21 markw: extending JSON web keys seems to be a good way to reach our goal (of facilitating key wrapping). 10:36:04 fwiw, i would be fine with doing JWK or PEM-encoded DER. i just don't see that this is a hugely difficult question 10:36:46 ekr: in most cases apps don't need to inspect the keys, so transparency of the key format isn't important in those cases. But when they do, it would be a hassle to have to write a DER decoder. 10:37:03 q? 10:37:12 ack ekr 10:37:17 ekr: why not support multiple formats? 10:37:17 q+ 10:37:23 ack hhalpin 10:37:35 markw: there is no DER format for key attributes (for key wrapping). 10:38:49 hhalpin: it would be dangerous if web developers need to do DER encoding themselves. So I think we need to support ASN.1 DER. The question is whether we should *also* support a JSON format. 10:39:11 q+ 10:39:16 q+ 10:40:32 rsleevi: usability is an issue. If we give developers 10 options for key format, it would be hard to figure out which format would be appropriate for the particular application. 10:40:54 q+ 10:42:02 rrsagent, draft minutes 10:42:02 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html JonathanJ1 10:42:04 rsleevi: so we need to focus on usability. Also, I'd like to clarify the DER format. It is actually a much larger set because DER is just an encoding format. For example, there are two ways to represent an RSA public key in the DER format. 10:42:08 I think *also* support JSON Web Key as its probably not too hard and much easier for developers to understand. 10:42:17 Zakim, close queue 10:42:17 ok, hhalpin, the speaker queue is closed 10:42:39 rsleevi: can we make our API as easy to use as jQuery, so that they don't need to become a crypto expert to use it? 10:42:43 what rsleevi said = ) 10:43:24 selfissued: is there a DER key format which is just a bare key? 10:43:37 rbarnes: yes, SubjectPublicKeyInfo. 10:43:37 q? 10:43:51 ack rsleevi 10:43:53 ack selfissued 10:44:08 ack markw 10:45:18 RRSAgent, make minutes public 10:45:18 I'm logging. I don't understand 'make minutes public', hhalpin. Try /msg RRSAgent help 10:45:19 q+ 10:45:21 markw: the important issue is the format of the key to be wrapped, because the key format for unwrapped key can be converted (just a matter of programming). 10:46:22 bjkim has joined #crypto 10:46:26 darobin has joined #crypto 10:46:42 ekr has joined #crypto 10:46:48 q+ 10:47:02 q+ 10:47:18 rbarnes: have support for ASN.1 based formats when there are requirements to work with legacy systems, but prefer JWK for other applications. 10:47:27 just to clarify, it seems like for legacy reasons ASN.1 import/export is necessary, and since its not too hard, lets use JOSE(++) keys that map directly to the JSON objects in the API as well. 10:47:44 jin has joined #Crypto 10:48:02 darobin has left #crypto 10:48:18 this helps usability as we cannot expect webdevs to deal with ASN.1 formats, but we ideally do not want keys to be sent around using JSON in the future. 10:48:25 s/not want/want 10:48:26 :) 10:49:06 rbarnes: the focus here is on just the keys, not X.509 certificates. 10:50:05 virginie_galindo: we need a volunteer to write a proposal for this issue. 10:50:19 tantek has joined #crypto 10:50:19 SPKI in this case = http://tools.ietf.org/html/rfc5280#section-4.1.2.7 10:50:31 rsleevi: the current Editor's API has a KeyFormat argument for the key import and export APIs. 10:51:15 This list needs to add SPKI 10:51:41 @ekr: Is that volunteering to propose additional text? ;-) 10:51:50 was about to ask the same 10:52:12 (or perhaps this is an issue for the editors to clarify edition) 10:52:24 "subjectpublickeyinfo" "The RFC 5280 SubjectPublicKeyInfo format" 10:52:32 Actually, I would remove both PKCS#1 10:52:36 values 10:52:43 in favor of the wrapped versions 10:53:08 rsleevi: the need to support many formats would be extra burden for implementors of the API and also usability concerns for developers who will use the API. 10:54:17 q? 10:54:20 ISSUE-35? 10:54:20 ISSUE-35 -- Handling of wrap/unwrap operations -- open 10:54:20 http://www.w3.org/2012/webcrypto/track/issues/35 10:54:27 Zakim, reopen the queue 10:54:27 ok, rsleevi, the speaker queue is open 10:54:57 markw: ISSUE-35: handling of key wrap/unwrap operations. 10:55:21 for reference, SPKI = PKCS#1 + algorithmIdentifier 10:55:25 markw: ISSUE-35: handling of key wrap/unwrap operations. 10:56:18 markw: (goes over his proposal for ISSUE-35). 10:57:06 q? 10:57:16 ack rbarnes 10:57:18 q+ to respond? 10:57:24 virginie_galindo: format for raw keys, and format for wrapping keys and attributes together. 10:57:26 Trying to understand this issue better -- is there any reason that a legacy encoding method cannot be wrapped in JSON? Reasons for this being 1) providing additional semantic information about the key, and 2) providing a standard-format structure that can be key-wrapped, for instance. I wouldn't think this imposes a great additional burden on end coders... 10:57:36 q- 10:58:29 virginie_galindo: should we add a SubjectPublicKeyInfo format to Section 15: KeyImporter interface? 10:59:30 rsleevi: the proposal is to replace "pkcs1-public" with SubjectPublicKeyInfo because SPKI can also represent non-RSA public keys. 10:59:50 as wtc says. Also, they are typed. 11:00:05 tobie has joined #crypto 11:02:09 selfissued: JOSE is an open group. If anyone would like JOSE to specify the formats for private keys and symmetric keys, send a request to the JOSE working group. 11:03:02 q+ to respond to markw_ 11:03:05 markw: we need a format for wrapping a key with its attributes. We need to ensure a path to success for this issue. 11:03:55 selfissued: this week would be a good time to send the request because JOSE will meet in Atlanta next week. 11:04:12 q? 11:04:17 selfissued: rbarnes, ekr, and I can act as coordinators. 11:04:58 rsleevi: the handling of key attributes is a secondary feature. 11:06:13 hhalpin: that refers to just the attributes that aren't necessary to primary features. 11:07:24 ACTION Ryan to update the formats to remove PKCS#1 and add SPKI 11:07:24 Created ACTION-59 - Update the formats to remove PKCS#1 and add SPKI [on Ryan Sleevi - due 2012-11-08]. 11:07:37 virginie_galindo: Action item: ddahl to update the key format list in the API draft. 11:08:21 virginie_galindo: ISSUE-19: does it make sense to have authorized-origin and specific-origin keys 11:08:56 ISSUE-35? 11:08:56 ISSUE-35 -- Handling of wrap/unwrap operations -- open 11:08:56 http://www.w3.org/2012/webcrypto/track/issues/35 11:09:11 virginie_galindo: ISSUE-35: handling of wrap/unwrap operations. 11:09:34 markw: proposal was emailed on Oct. 30. 11:09:53 http://lists.w3.org/Archives/Public/public-webcrypto/2012Oct/0142.html 11:09:56 markw: make wrap/unwrap a sub-case of export/import. 11:10:17 markw: see http://lists.w3.org/Archives/Public/public-webcrypto/2012Oct/0142.html for the proposal 11:10:44 markw: added boolean attribute 'wrapped'. 11:11:05 markw: added createKeyImporter method. 11:11:21 q 11:11:23 q+ 11:11:37 markw: similarly for createKeyExporter method. 11:11:59 markw: with all the descriptions. 11:12:34 btw, bad idea to use the term "extractor" here. It's a term of art in crypto. 11:13:00 Unfortunately, "exporter" is a term of art in TLS, but that's probably less confusing 11:13:01 marks: rules for resolving conflicts between the attributes and usages inside and outside the wrapped keys are specified. 11:13:35 q- 11:14:51 markw: (goes over specification of RSA PKCS #1 v1.5 and OAEP and AES key wrap for key wrapping. 11:16:10 q? 11:17:36 ekr: can you talk about the JavaScript security model for your proposal? 11:19:25 q+ 11:20:08 ack ekr 11:20:10 q? 11:20:24 markw: a key that is not exportable should not be exported in either raw format or wrapped format. 11:21:51 q+ 11:22:07 q+ 11:22:14 ack rsleevi 11:22:34 q- 11:22:35 q+ 11:22:42 q+ 11:22:48 rsleevi: I'd like to make sure we have enough diversity of use cases for key wrapping so that we design a good key wrapping API that solves the problem space. 11:22:53 q+ 11:23:08 q+ 11:23:33 the only reason this needs to be inside the API boundary is the type enforcement on import 11:23:40 everything else could be implemented outside the API boundary 11:23:47 q+ 11:24:32 @ekr: yes 11:25:55 ack rbarnes 11:26:00 q+ 11:26:05 q+ 11:26:18 rbarnes: without key wrapping, an app would need to export the raw key and encrypt the key as data. 11:26:40 ack ekr 11:26:44 Zakim, close the queue 11:26:44 ok, rsleevi, the speaker queue is closed 11:27:27 ack ddahl 11:27:29 ack markw 11:27:54 I feel that key wrapping is integral to key import-export. Aren't keys (otherwise) being shuffled around unprotected? 11:28:11 mib_3gfypn has joined #crypto 11:28:48 ack hhalpin 11:29:23 hhalpin: I really appreciate the proposal by markw. It is a great contribution to the WG. 11:29:42 q+ 11:30:47 q? 11:32:33 ack pal 11:34:38 ack selfissued 11:35:06 ekr, for non-native English speakers, could you write you not on trust boundaries in in IRC? 11:36:15 virginie_galindo: members should look at markw's proposal and send comments to the mailing list. 11:36:37 FYI, JOSE currently only uses RFC 3394 key wrapping, not RFC 5649 key wrapping, because it didn't have a need for wrapping keys of arbitrary size 11:36:44 i.e. enforcement on wrapped import is making "the assumption" that the JS is itself not trusted here. 11:36:45 virgine_galindo: we will continue the discussion during the Use Cases session later. 11:36:50 Sure. The point i was making is that in general, the key exportable features in this API are designed against some future compromise of the JS. This is a design in which the JS has the key in its hand and yet you're saying you don't trust it. 11:37:05 selfissued: FYI, JOSE currently only uses RFC 3394 key wrapping, not RFC 5649 key wrapping, because it didn't have a need for wrapping keys of arbitrary size 11:37:22 virginie_galindo: we'll reconvene at 2:00 PM. 11:37:27 re: Issue 14, I've started collecting real world examples of public publishing of public keys on web pages: http://microformats.org/wiki/key-examples 11:37:42 hopefully that will provide some useful input for Issue 14 11:37:45 tantek: thanks 11:37:46 http://www.w3.org/2012/webcrypto/track/issues/14 11:37:49 thanks tantek! 11:37:57 RRSAgent, draft minutes 11:37:57 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html rsleevi 11:38:07 tantek: I also have a deep interest in key publishing 11:38:14 We're going through the use-cases at 4:00 PM if you could be there, that could be useful to talk about this more 12:15:07 HadleyBeeman has joined #crypto 12:51:23 tpacbot has joined #crypto 12:52:02 bjkim has joined #crypto 12:53:49 markw has joined #crypto 12:56:22 selfissued has joined #crypto 12:58:40 pal has joined #crypto 12:59:54 ttanaka2 has joined #crypto 13:00:25 JonathanJ1 has joined #crypto 13:01:08 drogersuk has joined #crypto 13:01:37 tantek has joined #crypto 13:02:02 rbarnes has joined #crypto 13:02:10 rbarnes has joined #crypto 13:02:20 yune has joined #crypto 13:04:59 kotakagi has joined #crypto 13:05:40 kotakagi has joined #crypto 13:05:49 Ruinan has joined #crypto 13:08:57 ekr has joined #crypto 13:09:10 jin has joined #crypto 13:12:01 sangrae has joined #crypto 13:12:30 virginie has joined #crypto 13:12:33 hhalpin has joined #crypto 13:12:44 scribenick: hhalpin 13:13:07 rsleevi: ISSUE-17: Scope and API for custom key attributes, lets delay till Mark can be here 13:13:55 ISSUE-17? 13:13:55 ISSUE-17 -- Define the scope and API for custom key attributes -- open 13:13:55 http://www.w3.org/2012/webcrypto/track/issues/17 13:14:34 lets do key storage now 13:15:29 mountie has joined #crypto 13:15:34 rrsagent, draft minutes 13:15:34 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html JonathanJ1 13:15:59 How does the application know where the key is stored ? http://www.w3.org/2012/webcrypto/track/issues/30 13:17:02 rsleevi: Previously, we considered key storage do be done in localStorage 13:17:03 q+ 13:17:24 ... however, there was concern re having yet another mechanism to key storage 13:17:40 ... that could then track users 13:18:01 q+ 13:18:02 ... my proposal is not to store raw key in localstorage 13:18:11 can you reopen the queue pls 13:18:13 Zakim, open the queue 13:18:13 ok, hhalpin, the speaker queue is open 13:18:18 q+ 13:18:18 q+ rbarnes 13:18:40 ... then we remove our notion of key storage 13:18:54 ddahl has joined #crypto 13:19:00 q? 13:19:07 q+ 13:19:13 ... and then web storage should be re-iused 13:19:16 http://lists.w3.org/Archives/Public/public-webcrypto/2012Oct/0133.html 13:19:45 ... and then our key material can then by WebIntents, workers, etc. 13:19:53 wtc has joined #crypto 13:20:48 ekr: thinking re key storage, you have a key in some non-persistant storage 13:20:57 mountie has joined #crypto 13:20:57 .. IndexDB stores the key object 13:21:10 rsleevi: and the app doesn't have to see the key material 13:21:34 ekr: but if key is just a handle to something to a token, then you need alot of special logic to sync up IndexedDB object with key storage 13:21:50 ... worried about this getting out of sync 13:22:00 rsleevi: that problem exists regardless of where we do key storage 13:22:05 q+ 13:22:21 ... it stores the permission set and can know you have the key authorized, how to retrieve the key 13:22:28 ... we return all that data from indexeddb 13:22:38 ... you can try to do that and key may be gone 13:22:49 tlr has joined #crypto 13:22:52 ... but that's just like removing a smartcard, you only discover this if you try to use th ekey 13:22:56 s/ekey/key 13:23:01 s/th/the 13:23:45 ekr: if this is going to have right semantics so that structure of handle guarantees 13:23:52 q? 13:24:03 alexrussell: we're returning opaque handle 13:24:24 q+ 13:24:57 rsleevi: we don't have token storage thought out 13:25:05 ack ekr 13:25:06 ... but we can guarantee for localstorage 13:25:11 s/localstroage/indexedDB 13:25:18 q- 13:25:23 q+ 13:25:44 here's the sequence of events I'm concerned about: I generate a key with a token and get a handle to it. I then store the key in indexdb. Sometime later, the user tells indexb to erase it's local storage. Does this cause the side effect of garbage collecting the key. 13:26:03 q+ 13:26:15 q+ 13:26:19 ack 13:26:20 rbarnes: I'm not sure if this really helps, as we want special handling anyways 13:26:23 ack rbarnes 13:26:24 ack rbarnes 13:26:25 ... for keys 13:26:30 ack mountie 13:26:33 mountie: queston for UI part 13:26:43 ... you are dependent on the browser vendor 13:27:03 ... for the korean users we need to modify the selection, getting user consent 13:27:09 ... we would like to add messages 13:27:17 ... delivered in the UI itself 13:27:32 q? 13:27:41 q- 13:28:27 q+ 13:29:23 ack hhalpin 13:29:23 ack hhalpin 13:29:43 it also seems a little funny that other groups are free to define new storage modalities, but this group can't? 13:29:53 just noting that I did run Ryan's proposal by HTML WG, IndexedDB was seen as the preferable storage modalities 13:30:13 definitely to be preferred over localstorage, which has various speed etc. interests 13:30:55 and webapp frameworks being developed in other WGs are moving to consensus to not define new many storage modalities 13:31:14 rsleevi: while localstorage does only strings, indexeddb can to the same lifetime considerations 13:31:24 ... so the argument is that it makes lifetime management easier 13:32:26 ... as regards UI considerations 13:32:36 ... so we're focussed first on non-token key storage 13:32:45 ack rsleevi 13:32:50 ... but remember that as regards key storage, its after user has already gone through a UI 13:32:59 ... so we're assuming that actually works 13:34:45 ack slightlyoff 13:34:51 q+ 13:35:16 ack 13:35:27 slightlyoff: my general point was to go with structured clone, not go to localstorage or indexeddb 13:35:49 ... as there might be yet another storage mechanism 13:35:53 ... so stay neutral on storage 13:35:59 ... but do not define another keystrorage 13:36:19 alexandremorgaut has joined #crypto 13:36:25 olivier has joined #crypto 13:36:50 ddahl: does the developer have to do it the storage mechanism directly, or does the API handle this? 13:37:15 rsleevi: we are imaginging that what is stored is like a pointer 13:37:19 ... local storage does a GET on this value 13:37:23 s/GET/get 13:37:34 cjkula has joined #crypto 13:37:53 ... what my proposal gets away from is another storage mechanism, we just deal with structured clone 13:38:03 ... whether its FileAPI or IndexedDB or whatever 13:38:19 q? 13:38:40 q+ 13:38:40 ddahl: mozilla would prefer indexeddb 13:38:53 rsleevi: but we as the group don't worry about it 13:38:59 ... we just don't get another storage mechanism 13:39:01 q+ 13:39:02 ack ddahl 13:39:04 ack slightlyoff 13:39:35 slightlyoff: we've backed away from localstorage due to issues with sync 13:39:58 ... but that be a big deal in the future 13:40:19 .. but imagine that we could make localstorage 13:40:26 ... we want to create invariance around card/key 13:40:48 q? 13:41:16 hhalpin: From a process perspective, unless implementor objection, lets get consensus 13:41:43 hhalpin: Proposal: Remain neutral on the nature of storage and do *not* define a key storage mechanism in our API 13:41:59 virginie: objections? 13:42:06 ack hhalpin 13:42:24 plinss has joined #crypto 13:43:30 RESOLUTION: For non-token backed keys, we do not specify any particular Web storage mechanism, but we use a Web storage mechanism rather than an independent key storage object 13:43:44 ACTION: rsleevi to specify text that makes it clear we do not specify any particular Web storage mechanism, but we use a Web storage mechanism rather than an independent key storage object 13:43:44 Created ACTION-60 - Specify text that makes it clear we do not specify any particular Web storage mechanism, but we use a Web storage mechanism rather than an independent key storage object [on Ryan Sleevi - due 2012-11-08]. 13:43:48 ISSUE-3? 13:43:48 ISSUE-3 -- Decide whether algorithm discovery is necessary -- pending review 13:43:48 http://www.w3.org/2012/webcrypto/track/issues/3 13:43:52 ISSUE-38? 13:43:52 ISSUE-38 -- Key initialization and "finalization" -- open 13:43:52 http://www.w3.org/2012/webcrypto/track/issues/38 13:44:38 reminder priority table of issues is here : https://docs.google.com/spreadsheet/ccc?key=0Atia00Ba4s7XdGNtYTJBdTFELXV3eWZfMEVud09RV1E#gid=0 13:45:53 rsleevi: ISSUE-38 13:46:04 ... we imagine that keys can be marked so we can't back-up key 13:46:09 ... or that we actually can 13:46:29 we are managing http://www.w3.org/2012/webcrypto/track/issues/38 13:46:34 q+ 13:47:07 tlr has joined #crypto 13:47:28 ... and once key is intialized, we can change it. 13:47:29 ack hhalpin 13:47:39 q+ 13:47:41 q- 13:47:46 q? 13:47:59 ekr: why can't we just move key to a non-exportable container and just delete it 13:48:11 virginie has joined #crypto 13:48:11 ack hhalpin 13:48:37 q+ 13:48:39 q+ 13:49:20 ack ddahl 13:49:42 I'm thinking that if this work around is used a lot, I could see an ease-of-use issue for including this as a class of keys 13:49:59 ddahl: I want to avoid too many features, so let's keep it low priority 13:50:01 q+ 13:50:18 rsleevi: lets make sure the WG doesn't want it, but I agree with ddahl 13:50:54 q? 13:50:58 ack rsleevi 13:51:02 ack cjkula 13:51:43 cjkula: how about the case where the export gets screwed up? 13:52:43 rsleevi: but we're still OK in terms of crashing 13:52:58 virginie: PROPOSAL: lets cloes ISSUE-38 to reclassify it as a next version 13:53:09 any objections? 13:53:11 ISSUE-3? 13:53:11 ISSUE-3 -- Decide whether algorithm discovery is necessary -- pending review 13:53:11 http://www.w3.org/2012/webcrypto/track/issues/3 13:53:17 RESOLUTION: loes ISSUE-38 to reclassify it as a next version 13:53:30 ack cjkula 13:53:45 ISSUE-3: Decide whether algorithm discovery is necessary 13:53:45 ISSUE-3 Decide whether algorithm discovery is necessary notes added 13:54:26 rsleevi: we have two kinds of keys, browser-generated and maintained keys 13:54:29 ... and storage-backed keys 13:54:38 ... how do we manage discovery? 13:54:51 ... first proposal, can we know if a browser as implemented a particular operation? 13:55:20 ... its hard, since AES-128 may be supported by a browser but not a smartcard 13:55:21 q+ 13:55:39 ... and since the important point that smartcard doesnt give up key material 13:55:48 ... so the intial proposal is we can't do discovery 13:55:58 ... we just try to do the key 13:57:52 q+ 13:57:59 q+ 13:58:18 PROPOSAL: We don't have a generic algorithm discovery procedure 13:59:06 q+ 14:00:01 Re: algo discovery - we need to consider about broken algorithms and people using old (insecure) versions of browsers 14:00:08 mountie: we want to make sure algorithm is available, if browser returns true or false, that helps, we dn't need a true list 14:00:17 this may lead us to the solution to the discovery problem 14:00:35 q+ 14:00:35 ack drogersuk 14:00:46 q- 14:00:49 q+ 14:00:51 ack mountie 14:01:00 ekr: I don't like your solution but lets go with it as it will never work. 14:01:02 ack rsleevie 14:01:13 hhalpin: that's not quite what I was saying. 14:01:30 More "this is distasteful but it's the best we know how to do I suspect" 14:01:41 q? 14:01:49 s/I don't like your solution but lets go with it as it will never work/his is distasteful but it's the best we know how to do I suspect 14:01:52 ack rsleevi 14:01:53 The best we can do is define clear semantics for what "I don't support it" looks like" 14:02:08 rsleevi: we want to discuss the warning itself separately 14:03:05 ... for your point mountie, the problem is in the details, it may only support with all parameters listed 14:03:12 ... or you just initialize the key 14:03:13 rrsagent, draft minutes 14:03:13 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html JonathanJ1 14:04:10 q+ 14:04:21 q+ 14:04:42 drogersuk: if we do have the notion of list of discoverable crypto algs, how do we handle spoofing attack? 14:05:26 q+ to respond to drogersuk 14:05:30 ack drogersuk 14:05:32 ... how do you handle algorithm export issues 14:05:43 Zakim, close the queue 14:05:43 ok, rsleevi, the speaker queue is closed 14:05:57 ack mountie 14:07:30 q+ 14:07:38 mountie: I'm thinking browser environment we may to support in order to run certain apps 14:07:51 ddahl: maybe we can just punt that piece of code to web-developers 14:07:59 q- 14:08:00 ekr has joined #crypto 14:08:22 can't do this via the queue, so let me do this here: it won't work that way. JS libraries are going to try to feature detect 14:08:22 rsleevi: how do you trust algorithm list is authentic, does not change with what we currently do 14:08:31 ... server should never trust client JS 14:08:38 I might add it has no choice 14:08:44 and that means that punting to them is all about "them" having some visibility into what you can do in each situation 14:08:56 rsleevi: its a feature to polyfill new algs in the agent 14:09:00 ... not a bug 14:09:01 q+ 14:09:29 ... markw shows that they have some trustworthy operation 14:09:34 ... that only they can perform 14:10:12 ... algs do get turned off in regulatory environments by user as well, not just browser 14:10:19 ... less than ideal discivery, but new proposals welcome 14:10:28 I am going to assume developers will do this regardless - especially since we will probably not be able to produce a comprehensive, pre-init() algorithm discovery api 14:11:22 sorry, that's just not the world that library authors will get behind...you can't keep the libraries up to date, so they try to make what they know about the world conditional based on what they can observe 14:11:22 ... if you don't have a seed key and not sure if its' available, lets try is a good way to do 14:11:34 ... versioning APIs is terrible on the Web, feature discovery is better way 14:11:41 .... browser capabilities etc. 14:12:07 q? 14:12:15 ack rsleevi 14:12:15 rsleevi, you wanted to respond to drogersuk 14:13:43 kotakagi has joined #crypto 14:14:00 drogersuk: the polyfill is a threat, is it not? 14:14:15 ... can not attacker go after it? 14:15:19 rsleevi: we need to discuss this more, but during break 14:16:25 PROPOSAL: Do not have a generic algorithm discovery procedure 14:16:42 ACTION: mountie to determine if a generic algorithm procedure is necessary for his use-case 14:16:42 Created ACTION-61 - Determine if a generic algorithm procedure is necessary for his use-case [on Mountie Lee - due 2012-11-08]. 14:19:37 Break 15 minutes reconvening @ 15:30 14:28:45 kevin has joined #crypto 14:36:10 ttanaka2 has joined #crypto 14:37:01 scribenick: rsleevi 14:37:04 scribe: Ryan_Sleevi 14:37:19 Alexandre_Morgaut has joined #crypto 14:37:39 topic: Presentation by Richard Barnes regarding implementation experience 14:38:25 Yune has joined #crypto 14:38:33 bjkim has joined #crypto 14:38:34 rbarnes: BBN is working on a pure polyfill implementation of the API 14:38:46 ... Start prototyping the API, keeping up with it as it evolves 14:38:57 ... allows developers to start experimenting with the API and getting used to the concepts 14:39:05 ... attempts to provide an abstraction that prevents access to the raw API 14:39:12 ... get feedback as to how usable the API is 14:39:21 ... provides a space for experimentation of new features 14:39:28 ... plan is to be open source and collaborative 14:39:36 ... implemented in JS, has all the existing caveats 14:39:44 ... *not* intended for real applications 14:40:05 ... perhaps in the future, after security analysis, but not recommended nor a goal for now 14:40:26 ... trying to emulate the web crypto API separation in JS 14:40:51 ... Current Web Crypto: Keys stored (raw) in localStorage or IDB 14:40:58 ... All key material is accessible to content 14:41:17 ... Implementation/Experimental API: Provide an API separation from content for key storage 14:41:23 ... Does so via origin separation 14:42:01 ... Get people used to not having access to the raw key bytes 14:42:47 ... maybe some security benefits 14:42:52 ... eg: encrypting key store, forced key expiration 14:43:17 drogersuk: Q regarding last pass. There's a hardware token you can get with lastpass, how does that relate? 14:44:01 rbarnes: Not quite familiar with the LastPass implementation 14:44:16 rsleevi: re: LastPass - authentication security, not a key storage security 14:44:27 rbarnes: Just getting started. Basic framework for cross-origin operations 14:44:32 q+ 14:44:37 zakim, open the queue 14:44:37 ok, rsleevi, the speaker queue is open 14:44:38 q+ 14:45:13 rbarnes: Funded by US DHS STD 14:45:30 q+ 14:45:37 q? 14:45:41 http://code.google.com/p/html5-crypto-api/ 14:46:44 q+ 14:46:48 ack rsleevi 14:46:50 q+ 14:46:52 ack hhalpin 14:47:01 wtc has joined #crypto 14:47:18 ack rsleevi 14:47:37 q? 14:47:58 note that W3C/MIT is getting a grant from NGRC for continuing this work. 14:48:12 So if people are looking for funding in this area, I think now is a good time to strike 14:48:16 ack hhalpin 14:48:40 rsleevi: Hooray for the implementation. Demonstrates that this API is polyfillable today 14:49:03 virginie: Question for Mozilla and Microsoft as to when they'll be implementing 14:49:17 selfissued: Not aware of any committment to implement. Not to say there is no committment, just not sure 14:49:52 ddahl: Been focused on Firefox OS. Needs to finish Mozilla's implementation of getRandomValues 14:50:20 ddahl: Next step to consider extension implementations as an experimental API 14:50:37 ddahl: Working to get excitement and feedback from other Mozilla engineers. Difficult at present with focus on Firefox OS 14:50:46 q? 14:50:54 drogersuk: Just ask them about what security do they want in FirefoxOS 14:53:26 rsleevi: Agenda item for this quarter to begin working and looking at the implementation, need to work out some very obvious usability issues before exposing to developers 14:53:39 ???: Working on server implementation, in particular in node.js 14:54:00 virginie: Not yet formal WG member. Do you know when you will join? 14:54:03 ???: Not yet, working on it 14:54:15 s/???/Alexandre Mogel/ 14:54:51 JonathanJ1 has joined #crypto 14:55:08 [ working out details and waiting for Arun to call and join ] 14:55:27 [ small break ] 14:56:21 [discussion about crypto node.js] 14:59:11 rrsagent, draft minutes 14:59:11 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html JonathanJ1 14:59:58 arunranga has joined #crypto 15:00:17 kevin_ has joined #crypto 15:00:46 Zakim, what is the phone number? 15:00:46 I don't understand your question, rsleevi. 15:00:55 ke has joined #crypto 15:01:22 Zakim, what is the number? 15:01:22 I don't understand your question, arunranga. 15:01:41 arunranga: you are our only hope 15:01:51 Arun, can you dial in? 15:01:55 zakim is a name not a number... 15:01:57 6 15:02:02 rrsagent, draft minutes 15:02:02 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html ke 15:02:05 arunranga: i was joking about you appearing like a tupac hologram to discuss use cases 15:02:08 Zakim, what's the code? 15:02:08 the conference code is 1932 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), hhalpin 15:02:15 Zakim, what is the code? 15:02:15 the conference code is 1932 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), rsleevi 15:02:17 OK, its always the same 15:02:37 1.617.761.6200 code 1932 15:03:09 Team_(admin)08:00Z has now started 15:03:16 +arunranga 15:03:54 I am the first participant in the new conference. The old conference id, namely 27978# is not working. 15:04:09 @arunranga: We're having technical difficulties 15:04:15 @arunranga: Phones are hard. We're going shopping. 15:04:24 Heh :) 15:04:33 Comparisons to Tupac are always welcome, BTW 15:06:17 oups...legal working on it (legal team :)) 15:06:56 present+ Tobie_Langel 15:08:01 + +33.4.72.82.aaaa 15:08:01 a bit of reading about use cases http://dev.w3.org/2006/webapi/FileAPI/OverviewUseCases.html 15:08:06 wtc has joined #crypto 15:08:17 HI ARUN 15:08:24 virginie: notes 150 people present in the room 15:08:28 [ laughter ] 15:08:33 ...: 20 people 15:09:06 pal has joined #crypto 15:09:06 virginie: Objective is to discuss use cases and get your (arun) view on use cases we have and in the wiki 15:09:20 arunranga: Don't be thrown off by the fact that the document shared in IRC is from FileAPI 15:09:41 ...: Had the repository as easy access to hg on a w3c server 15:09:49 ...: Goal is to find a way to publish a use cases document 15:09:50 christine has joined #crypto 15:10:03 ... likes the role model document we have - the scenarios document for the media api 15:10:10 q+ 15:10:10 ... good template for how we can model our use cases 15:10:32 ... most of the use cases that are in the wiki are good, but wanted to focus on the use cases that were declared as pressing problems 15:10:38 ... wanted to make sure that the API could address them 15:11:07 ... no real apple-apples comparison between what we've got (as an API) and what they (media api) do 15:11:13 ... but we can use the model as a point of discussion 15:11:27 OH HAI arunranga 15:11:30 q? 15:11:33 :) 15:11:37 tobie: introductions 15:12:11 tobie: here to talk about their (Facebook) use cases if it's valuable 15:12:14 markw has joined #crypto 15:12:22 arunranga: Good to talk about those use cases at some point 15:12:49 ... Try to break use cases in terms of rich scenarios and break them up into required components 15:12:58 ... broke spec into cluster of requirements 15:13:12 [ reviewing operation types from the draft ] 15:13:51 arunranga: Break any rich scenario type into these sets of operation types 15:14:18 arunranga: When you consider the S. Korea use case, it may not actually be possible with the API to meet those needs 15:14:40 ... assuming everyone reviewed the document that was sent 15:14:48 virginie: Any questions about this document or to the editor 15:15:00 bblfish has joined #crypto 15:15:07 mountie: For the use case for the korean banking, many things are missing 15:15:33 arunranga: Yeah. Are many things missing from the actual API, or simply details from the use case? 15:15:45 q? 15:15:52 mountie: certificate enrollment is an important part of the process, but just described simply, without trusted key generation or cert enrollment process 15:15:54 ack tobie 15:15:59 ke has left #crypto 15:16:01 mountie: Without those types, this scenario cannot be implemented 15:16:30 arunranga: Acknowledged. We have origin scoped keys, but over there, no one can see it's an origin scoped certificate, it comes from a central source, correct? 15:16:53 arunranga: When we impose the technology requirement of an origin scoped set of keys, we can't really do the central authority scenario 15:16:54 q+ 15:16:58 q+ 15:17:07 Ruinan has joined #crypto 15:17:37 ISSUE-19 is still open http://www.w3.org/2012/webcrypto/track/issues/19 15:17:42 virginie: Not sure if we want to have online discussion of the use cases, or if it would be more useful to have the right people to interview 15:17:51 i.e. whether or not we should allow "specific" origin keys 15:17:52 you can interview me :-) 15:18:02 arunranga: I like the idea of interviewing. It would have been nice to do it in person, but there were hurricanes and things 15:18:25 present+ Henry_Story 15:18:45 bblfish: Has a use case, is this the right time to give a quick use case? 15:19:01 arunranga: have you had a chance to read the API? 15:19:04 q? 15:19:15 bblfish: I have a general use case, but I haven't followed the API closely 15:19:33 bblfish: Wants an API to log out the TLS layer 15:20:00 ... has a use case similar to browser ID, working with Web ID 15:20:08 ... Is that something someone can do with this API? 15:20:14 ... Do a browser ID sign on with the cryptographic material 15:20:26 virginie: Question for clarification regarding browser id 15:20:41 ddahl: I would not want to conflate what we're doing here with browser ID 15:20:53 ddahl: browser ID has polyfills for other browsers regarding APIs 15:21:03 ddahl: Mozilla is building into natively for Firefox, but that's completely separate 15:21:18 bblfish: So you're not going to use this API to do things like signing? 15:21:30 ddahl: Already implemented via polyfills 15:21:37 q- 15:21:40 ack hhalpin 15:21:44 q+ 15:21:55 hhalpin: One thing to do is to order the use cases, perhaps by the most urgent 15:22:02 q+ 15:22:06 hhalpin: Then ask about other use cases people want to go through 15:22:48 arun: I like the Gangman Bank's name "-) 15:22:55 What does "TLS log out" mean? 15:23:14 ack rsleevi 15:23:29 q+ 15:23:56 Seriosuly, I have no idea what it's supposed to mean 15:24:04 ekr: if the TLS session uses a client certificate, invalidate that TLS session. 15:24:05 rsleevi: Is the document meant to describe what our API (version 1) did, or what the API (product of the WG over iterations) will do? 15:25:18 our reference for use cases used to be here : http://www.w3.org/2012/webcrypto/wiki/Use_Cases 15:25:31 q+ 15:25:58 ack hhalpin 15:26:05 wtc. thanks 15:26:06 use-cases were in a wiki but not maintained 15:26:14 That seems like a bit of a niche feature. 15:27:08 arunranga: It sounds like what Henry is asking for is not really quite in scope 15:27:17 ... goal would be to construct use cases and scenario as fully in scope of doing 15:27:22 ... that should be the test that we hold to our API 15:27:44 ... definitely want to hear more from those present and be able to maybe follow up with them online 15:27:56 hhalpin: Just know that TLS logout is within secondary scope 15:28:02 arunranga: Kind of want to get all the primary ducks lined up 15:28:18 [ virginie loads document for presentation ] 15:28:40 virginie: Would like to know for which use cases do you have someone to talk to, to complete the description, or do you want to look for someone now? 15:28:48 arunranga: All of the use cases are based on what we've seen go around 15:28:59 ... wants to follow up with tobie to discuss the caching scenario 15:29:44 arunranga: What Netflix currently has on the wiki is very technical, doesn't quite disclose a scenario or workflow. Want to work out more high-level details 15:30:06 virginie: 3.1 - Mountie will comment. 3.2 - Netflix will comment. 3.3 - Tobie for comment 15:30:40 arunranga: 3.4/3.5 for discussion with nadim 15:31:11 mountie: Who is the use cases target audience? Non-developers or for developers? 15:31:30 mountie: This document seems like for normal process showing some examples / sharing some stories, not for help for developers 15:31:35 q+ 15:31:35 ... We should focus more for developers 15:31:59 ... Banking has a sequence of very complex operations 15:32:10 http://dev.w3.org/2006/webapi/FileAPI/OverviewUseCases.html 15:32:10 ... If we split out what operations and what functionalities, that would be helpful for more developers 15:32:12 use-case docu 15:32:17 q? 15:32:29 virginie: The objective is to have very story-driven scenario first, then functional requirements, then technical requirements 15:32:46 ack virginie 15:32:50 ack mountie 15:32:57 ack hhalpin 15:32:58 hhalpin: The document is not for ordinary users (developers). It's to drive the discussion about what features are in and are not the API, to help the WG drive work 15:33:15 hhalpin: To make sure it's clear to the editor what features should or should not be introduced to the api 15:33:27 ... in the process of describing the banking use case, we'll describe the use case in the most accurate possible manner 15:33:35 ... and then the WG will discuss how the use case affects the design of the API 15:33:46 ... if the WG decides it's important, then the use case could drive change to the API 15:34:16 mountie: For smaller topics, like implementing non-repudiation, implementing secure channels, identifying users 15:34:43 ... for non-repudiation, there are so many use cases that can be involved 15:34:51 ... for online banking, there's too many operations, it's too wide 15:35:13 ... suggestion: Split into things like non-repudiation for online banking, and just discuss the non-repudiation aspect 15:35:32 hhalpin: We're not clear what the needs are. Can you discuss the use case? 15:35:48 arunranga: Agreed. It would be pretty invaluable to see if we can pit our API against the existing technology stack 15:35:59 q+ 15:36:07 arunranga: Thinks the origin policy is at odds with the korean use case 15:36:09 so we need more info re the banking use-case and the use-case doc is the place to do it. 15:36:54 q- 15:37:33 tantek has joined #crypto 15:37:51 virginie: Looking for name of motivated people to drive the story 15:38:13 [ harry volunteers to help arun work on documents in the cloud ] 15:38:36 q? 15:38:53 q+ 15:39:16 tobie: Do you have specific questions on the use case? 15:39:33 arunranga: Where we left off, you guys are using local storage and wanting to make sure any code or local resources you cache/store don't get tampered with by third parties 15:39:36 rsleevi - no, I am wondering if any of these use cases touch on public key discovery on the web. 15:39:50 ... one way to do that would be to send across some sort of trusted / private-key signed hash to verify the resources 15:39:59 ... is there more detail that you want fleshed out 15:40:30 q+ 15:41:09 q? 15:41:19 q+ to respond to arun 15:41:20 q+ 15:41:40 tantek: Tried to look through use cases quickly - do any touch on public key discovery on the web? 15:41:50 q+ 15:41:51 tantek: If not, would that be a reasonable case to add? 15:42:10 !+ for tantek 15:42:14 +1 for tanktek 15:42:40 rsleevi: Nothing in the current doc about it. If you're volunteering to write one, that'd be good 15:43:10 here's some research I've done of pages on the web that currently *do* publish public keys in visible text: http://microformats.org/wiki/key-examples 15:43:13 tantek: no, but it sounds a lot like my AddressbookAPI from DOMCrypt: https://github.com/daviddahl/domcrypt/blob/master/extension/domcrypt/content/addressbookManager.js#L103 15:43:32 arunranga: So far, it doesn't 15:43:58 rsleevi: suggests its something tantek should write one 15:44:07 [ wtc volunteers for documents int he cloud use case ] 15:44:46 q? 15:44:51 q- 15:44:52 arunranga: Another area for feedback is the MO that we're using (breaking things into requirements and then using requirements to describe use cases/scenario) is the right way to go 15:44:58 ack wtc 15:45:10 arunranga: There's more than one way to look at the API, is breaking it up the way it's done the right way? 15:45:16 tlr has joined #crypto 15:45:54 arunranga: the "nigori" protocol used in Chrome is specified in http://www.links.org/files/nigori-protocol.html . I think Firefox Sync would be another good use case. 15:46:33 rsleevi: does the signed code use case actually require signatures and keys? 15:46:40 tobie: No, it's just a hash 15:46:49 arunranga: That's actually a good clarification 15:46:59 adding alex morgaut on the speaker queue 15:47:02 ... assumed what was happening was that it was not just a hash, but a hash signed by a private key 15:47:10 q? 15:47:13 ... and on the client side we'd have to duplicate the hash and verify the signature 15:47:20 ack rsleevi 15:47:20 rsleevi, you wanted to respond to arun 15:47:22 tobie: That's... much safer... than we were looking for 15:47:37 tobie: Just wanted to make sure that the code has not been tampered with. Really does not require more than a checksum 15:47:57 q+ 15:47:59 ... getting a hash from the network and just comparing it with the data 15:48:06 My use case was mostly about enabling to do what BrowserId does currently ( or at least what I read up on it 5-6 moths ago) 15:48:17 tobie: We're using HTTPS, so we assume the network is safe/secure, and we trust the browser 15:48:23 but it looks like the right people are here anyway.... 15:48:31 arunranga: I think we can actually give you your use case and raise you one 15:48:33 [ laughter ] 15:48:35 rrsagent, draft minutes 15:48:35 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html JonathanJ1 15:48:41 arunranga: I think the hash part is easy and that our API can do 15:48:48 ... and I think we can give you cryptographic validity for the hash 15:49:00 ... we can probably do your use case and better 15:49:18 cjkula: Arun's story is storing javascript *and other resources* 15:49:30 tobie: That wasn't the initial use case. It was just javascript, which is code we need to run 15:49:39 ... it might extend to CSS, due to the fact that CSS may be executable in IE 15:49:44 ... but not needed for other resources 15:49:51 cjkula: Kinda said, I liked the idea of other resources 15:49:56 tobie: Yeah, but we don't need it 15:50:07 arunranga: I assumed what we could do for script we could use for other things 15:50:19 tobie: I actually don't need more than that 15:50:23 q+ 15:50:32 trackbot has joined #crypto 15:50:54 ack cjkula 15:50:57 ack bblfish 15:51:25 ??1: When we implemented localStorage, we also implemented userStorage 15:51:30 alexandre morgaut 15:51:36 note that re the "code-signing" in storage use-case is also necessary for a number of other projects from OITP (Open Internet Tools Project). 15:51:40 from 4D company, a new W3C member 15:51:41 ... I wonder if implementing userStorage, which would be encrypted with some user authentication, if that would be useful for you 15:51:42 q- hhalpin 15:51:53 tobie: If user meant web user, and not OS user, that might be useful, yes 15:52:13 ... worried about two (logical) users using the same desktop or mobile device (with same OS user / mobile user) 15:52:25 ... it's not uncommon to have four to five different sessions/users back to back on the same device 15:52:39 s/??1/alexandre morgaut/ 15:52:57 alexandre: just wondering if userStorage would be useful 15:53:10 tobie: I don't think turning forms based auth into http auth would be useful for us 15:53:21 q+ 15:53:53 mountie: similar concerns with protecting JS source and verifying integrity of JS source 15:54:10 ... want signed JS to verify that the JS code is correct 15:54:20 ... not sure how we can verify the JS code 15:54:20 q+ to ask mountie a question 15:54:59 mountie: If we had enough confidence that JS confidence is the same as from the server, that'd be very helpful 15:55:05 virginie: New person for arun to interview 15:55:15 ack mountie 15:55:20 ack arunranga 15:55:21 arunranga, you wanted to ask mountie a question 15:55:46 arunranga: There's a slight difference from mountie's description (JS code verification vs activeX) and tobies, which is merely to make sure that sources that have been cached that haven't been tampered with 15:56:06 ... with activex, there is a digitally signed cab file where running code must be signed 15:56:14 ... not sure if that case is met 15:56:23 ... if simply verifying something that is cached, that may be an apples-apples comparison 15:56:25 q+ 15:56:27 ... but not sure if that's the case 15:56:37 ... lots of stuff that is arguably out of scope in the existing market 15:56:58 mountie: thinks the cases are the same 15:57:09 I've written up a step-by-step use case scenario - is this approximately the format that is appropriate for the Use Cases document for the Crypto API? http://microformats.org/wiki/key-examples#meeting_someone_and_sending_private_messages 15:57:19 Yune has joined #crypto 15:58:31 rsleevi: Describes proposal for encrypted indexedDB, does that fit into facebook's threat model 15:58:51 ack hhalpin 15:58:59 rsleevi: "key" would actually come from Facebook server, given to user, user can use the key, key is removed when user logs out. Just couples localStorage to HTTP session auth 15:59:01 ack rsleevi 15:59:31 tobie: Seems reasonable. Users do log out of the page before giving phone away, so this would likely prevent tampering / address the threat model 15:59:41 hhalpin: Question regarding what makes Korean use case out of scope 15:59:50 if the use case I wrote up seems in scope, sufficiently relevant, and in a good enough format, please feel free to incorporate it copy/paste etc. as you see fit - I shared it per CC0 (PD). a citation back to the URL http://microformats.org/wiki/key-examples#meeting_someone_and_sending_private_messages would be appreciated but is not required. 15:59:57 arunranga: It seems that when we look at how we're doing key generation, etc, we subject it to SoP 16:00:19 ... in the korean case, keys come from a central cert authority, which is a different origin from the sites that wish to use the credentials 16:00:29 ... so not sure how other origins would have access to the key material 16:00:49 ... existing certificates are a lot like multi-origin cert, which differs fundamentally from what we're discussing 16:00:52 q+ to respond to arun 16:00:57 http://www.w3.org/2012/webcrypto/track/issues/19 16:01:16 hhalpin: Wonders if allowing slight variations to SoP would address the korean use case 16:01:24 kotakagi has joined #crypto 16:01:25 ... also about code signing 16:01:42 arunranga: Yeah, current spec definitely seems like a show-stopper 16:01:54 ... was wondering if we could mold some of those use cases into what we're trying to do here 16:01:56 ... not sure 16:02:20 rrsagent, draft minutes 16:02:20 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html JonathanJ1 16:02:38 FYI for everyone in WebCrypto - HTML WG would like to use JWK with symmetric keys to pass keys to the "clearkey" keysystem 16:03:12 q+ 16:03:13 q? 16:03:31 tantek: is there any effort in W3 to standardize a Contacts WebAPI (like the Firefox OS API)? 16:03:39 ack rsleevi 16:03:39 rsleevi, you wanted to respond to arun 16:03:40 rsleevi: thinks that the current API can actually be suitable to meet the korean use cases without changing the security guarantees 16:03:44 ack mountie 16:03:54 tlr has joined #crypto 16:03:55 ddahl: yes I'm writing up our contacts API for submission to SysApps WG. 16:04:05 mountie: One of the issues includes verifying certificates, accessing certificate extensions, OCSP 16:04:21 mountie: For secondary features, can discuss more about the needs 16:04:32 virginie: OCSP? 16:04:34 tantek: awesome 16:04:48 mountie: OCSP is for revocation checking when verifying certificates. 16:05:01 OCSP - Online Certificate Status Protol 16:05:02 virginie: Understands the technology - but not sure how this is in scope for the API 16:05:17 s/Protol/Protocol 16:05:26 mountie: Wants an API to verify the certificate 16:05:36 q? 16:05:44 virginie: Definitely a secondary feature 16:06:04 q? 16:06:07 drogersuk: Not a fan of OCSP, esp for mobile 16:06:17 virginie: Any more questions for Special Guest Tobie? 16:07:01 arunranga: will be following up with additional people 16:07:15 arunranga: Is this the right approach for this document? This approach of the draft 16:07:40 virginie: What has been suggested to the WG is that the use cases are part of the next WG deliverable 16:07:49 ... what you have described is the right way to progress 16:07:51 q+ 16:08:07 q+ 16:08:45 Strong +1 to rsleevi 16:09:03 q+ 16:09:16 Namely we should describe what we *can* do (and are doing). 16:09:39 ack rsleevi 16:09:57 rsleevi: Would like to see sort of two parallel efforts - which is use cases document (to be published) shows what *is* possible with draft API 16:10:07 rsleevi: and wiki or some sort of separate tracking for what we'd *like* to do 16:10:17 q? 16:10:24 arunranga: Thinks it's important the use cases document exposes what we can do with the API 16:10:38 arunranga: Secondary place for what we'd like to do and scope future work 16:10:50 ... helps focus security discussion of primary features 16:10:58 ttanaka2 has joined #crypto 16:11:00 ... and can categorically show if something is possible or not possible 16:11:10 ... secondary document to serve as roadmap 16:11:35 virginie: reports previous discussion of key wrapping / unwrapping 16:11:49 virginie: it wasn't clear if it was an urgent use case for others beyond Netflix 16:12:01 ... Question for arun while going through use cases is where key wrap/unwrap fit in 16:12:22 arunranga: short answer is yes, it seems possible to cobble together with existing API 16:12:29 [I just wanted to suggest that we not spend too much energy on editorial selection among use cases at this point. Better to get the wishlist well-documented, and then see what we can accomplish in-scope.] 16:12:33 q- 16:12:40 ack virginie 16:13:19 [ tobie volunteers himself for discussion with arun ] 16:13:46 virginie: Thanks for calling in arun 16:13:49 thanks arunranga ! 16:13:54 :) 16:14:38 virginie: Last issue that we have to solve that is high level is the one that is related to origin 16:14:41 ISSUE-19? 16:14:41 ISSUE-19 -- Does it make sense to have authorized-origin and specific-origin keys -- open 16:14:41 http://www.w3.org/2012/webcrypto/track/issues/19 16:15:25 virginie: Good progress on today's issues 16:15:34 virginie: Reminder: Tomorrow is 8:*30* 16:15:47 Topic: Agenda review for Friday 16:16:00 [ virginie is presenting proposed agenda again ] 16:16:22 virginie: Big question: What is a "high-level" API 16:16:29 arunranga: the secure messaging use case also needs "SIGN" 16:16:30 virginie: What we think it is, what can the group deliver 16:16:48 Zakim, mute me 16:16:48 arunranga should now be muted 16:17:48 ddahl, good point. i'll probably follow up with you and nadir. 16:17:58 arunranga: anytime:) 16:17:58 s/nadir/nadim 16:18:03 virginie: PROPOSAL: Stop the meeting 16:18:14 virginie: RESOLUTION: The meeting is stopped. 16:18:29 Ruinan has left #crypto 16:18:36 Zakim, draft the minutes 16:18:36 I don't understand 'draft the minutes', rsleevi 16:19:00 -arunranga 16:19:08 RRSAgent, please draft the minutes 16:19:08 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html rsleevi 16:20:01 trackbot, end meeting 16:20:01 Zakim, list attendees 16:20:01 As of this point the attendees have been arunranga, +33.4.72.82.aaaa 16:20:09 RRSAgent, please draft minutes 16:20:09 I have made the request to generate http://www.w3.org/2012/11/01-crypto-minutes.html trackbot 16:20:10 RRSAgent, bye 16:20:10 I see 2 open action items saved in http://www.w3.org/2012/11/01-crypto-actions.rdf : 16:20:10 ACTION: rsleevi to specify text that makes it clear we do not specify any particular Web storage mechanism, but we use a Web storage mechanism rather than an independent key storage object [1] 16:20:10 recorded in http://www.w3.org/2012/11/01-crypto-irc#T13-43-44 16:20:10 ACTION: mountie to determine if a generic algorithm procedure is necessary for his use-case [2] 16:20:10 recorded in http://www.w3.org/2012/11/01-crypto-irc#T14-16-42