14:56:52 RRSAgent has joined #crypto 14:56:52 logging to http://www.w3.org/2012/12/10-crypto-irc 14:56:54 RRSAgent, make logs public 14:56:54 Zakim has joined #crypto 14:56:56 Zakim, this will be SEC_WebCryp 14:56:57 Meeting: Web Cryptography Working Group Teleconference 14:56:57 Date: 10 December 2012 14:56:58 ok, trackbot; I see SEC_WebCryp()10:00AM scheduled to start in 4 minutes 14:56:58 hi virginie 14:57:07 Chair: Virginie 14:57:09 hi 14:57:17 SEC_WebCryp()10:00AM has now started 14:57:24 + +1.571.335.aaaa 14:57:26 agenda ? 14:57:33 agenda+ welcome 14:57:39 +Wendy 14:57:58 agenda+ Web Crypto API editor's draft recent version 14:58:06 zakim, aaaa is Nat_Sakimura 14:58:06 +Nat_Sakimura; got it 14:58:12 agenda+ use cases editor's draft recent version 14:58:37 agenda+ new specification key discovery draft 14:58:55 agenda+ next steps (WD, call, F2F) 14:59:45 agenda ? 15:00:05 + +1.408.458.aabb 15:00:42 markw has joined #crypto 15:00:43 zakim, aabb is Scott_Kelly 15:00:43 +Scott_Kelly; got it 15:00:45 ddahl has joined #crypto 15:00:58 + +1.303.543.aacc 15:01:03 zooko has joined #crypto 15:01:06 hello! 15:01:18 zakim, aacc is zooko 15:01:19 +zooko; got it 15:01:23 +ddahl 15:01:34 agenda? 15:01:35 hi zooko 15:01:36 + +1.512.257.aadd 15:01:37 + +1.415.867.aaee 15:01:48 Zakim, aaee is markw 15:01:48 +markw; got it 15:02:00 zakim, who is on the phone ? 15:02:00 On the phone I see Nat_Sakimura, Wendy, Scott_Kelly, zooko, ddahl, +1.512.257.aadd, markw 15:02:19 zakim, aadd is virginie 15:02:19 +virginie; got it 15:02:25 +arunranga 15:02:36 zakim, who is on the phone ? 15:02:37 On the phone I see Nat_Sakimura, Wendy, Scott_Kelly, zooko, ddahl, virginie, markw, arunranga 15:02:44 arunranga has joined #crypto 15:02:58 Zakim, who is on the call? 15:02:58 On the phone I see Nat_Sakimura, Wendy, Scott_Kelly, zooko, ddahl, virginie, markw, arunranga 15:03:04 Hi ddahl 15:03:27 -Nat_Sakimura 15:03:37 + +47.40.22.aaff 15:03:48 Use Cases document in HG: http://dvcs.w3.org/hg/webcrypto-usecases/raw-file/536a63a3f94c/Overview.html 15:04:10 pal has joined #crypto 15:04:21 + +1.650.525.aagg 15:04:23 +Nat_Sakimura 15:04:31 zakim, i am aagg 15:04:31 +pal; got it 15:04:39 zakim, aaff is Havard_Molland 15:04:39 +Havard_Molland; got it 15:04:55 zakim, mute me 15:04:55 arunranga should now be muted 15:06:14 I'm at home. not available to use voice 15:07:26 + +82.22.14.0.aahh 15:07:27 virginie: Thanks to people for making the effort to join this call, especially US folks for whom it's early, Asia for whom it's late 15:07:44 agenda? 15:07:53 zakim, i am mountie 15:07:53 sorry, mountie, I do not see a party named 'mountie' 15:08:05 zakim, aahh is mountie 15:08:05 +mountie; got it 15:08:18 zakim, i am aahh 15:08:18 sorry, mountie, I do not see a party named 'aahh' 15:08:28 [agenda: http://lists.w3.org/Archives/Public/public-webcrypto/2012Dec/0005.html] 15:08:57 +??P45 15:09:10 zakim, ??P45 is Alex_Russell 15:09:10 +Alex_Russell; got it 15:09:22 + +1.512.343.aaii 15:09:37 scribenick: wseltzer 15:09:41 zakim, aaii is karen 15:09:41 +karen; got it 15:10:06 http://www.w3.org/2012/11/26-crypto-minutes.html 15:10:21 virginie: any objection to previous minutes? Approved. 15:10:40 Topic: Use Cases 15:10:42 zakim unmute me 15:10:48 Karen_ has joined #crypto 15:10:50 virginie: Arun, can you introduce the use cases? 15:10:54 zakim, unmute me 15:10:54 arunranga should no longer be muted 15:11:08 hhalpin has joined #crypto 15:11:17 arunranga: http://dvcs.w3.org/hg/webcrypto-usecases/raw-file/536a63a3f94c/Overview.html 15:11:20 I know, sorry! 15:11:28 Zakim, what's the code? 15:11:28 the conference code is 27978 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), hhalpin 15:11:36 arunranga: Still chasing down a few people, including Mark, to give a bit more from a Netflix perspective. 15:11:45 ... Goal is to give use cases, show sample code. 15:11:58 ... Got lots of good feedback from Facebook, a real-world use-case. 15:12:08 +[IPcaller] 15:12:14 ... Questions still remain, such as whether we can do better with HMAC. 15:12:15 Zakim, [IPcaller] is hhalpin 15:12:15 +hhalpin; got it 15:12:25 ... Good feedback from Tantek, who wants to use public keys. 15:12:44 ... If all follow up with me, we can have a draft by mid-week for heartbeat. 15:12:57 virginie: questions for Arun? 15:13:19 ... as you can see: banking transactions, video services, code sanctity, encrypted communications 15:14:02 arunranga: nobody should be misled by the fact that I may have used Korean names, not a one-to-one match with S. Korea 15:14:14 ... tried to construct the use-case around mountie's email 15:14:35 did we test to get consent to publish? 15:14:51 virginie: people who need to provide arun with additional details, please have a close look 15:15:21 ... we are trying to get this published at next heartbeat, WG consensus to go forward for publication on 17 Dec. 15:15:32 So everyone has a deadline to read it by the 17th :) 15:15:36 +1 15:15:37 ... Any objection to having the spec go for publication 17 Dec? 15:15:38 +1 15:15:46 +1 15:15:54 +1 15:15:55 [+1 = no objection] 15:16:20 Zakim, who's on the phone? 15:16:20 On the phone I see Wendy, Scott_Kelly, zooko, ddahl, virginie, markw, arunranga, Havard_Molland, pal, Nat_Sakimura, mountie, Alex_Russell, karen, hhalpin 15:16:23 +1 15:16:28 q+ 15:16:56 Just this one for now 15:16:57 pal: is this publication of this spec alone, or others? 15:17:09 although we hope to publish all three (API, Mark's document, use-cases) in the next heartbeat 15:17:13 virginie: To start, I asked just about the Use Cases. 15:17:31 ... I'd like to get consensus for publication of each separately. 15:17:46 pal: Recommend asking the question specifically so people know what they're approving. 15:18:02 virginie: Any objection to having Use Cases doc published 17 Dec? 15:18:08 pal: no objection 15:18:14 ack pal 15:18:29 virginie: great, we'll go forward with the use cases on 17 Dec 15:18:52 arunranga: Main goal is to produce primary, achievable use cases, that the API as it's emerging in draft can accomplish 15:18:59 q+ 15:19:00 ... not secondary use cases 15:19:05 Its OK to list secondary use-cases as long as they are clearly marked as "secondary" and without consensus. 15:19:18 virginie: Did you make any statement re relation between WebCryptoAPI and use cases? 15:19:50 arunranga: I'd be happy to take feedback and add a note to that effect. 15:20:10 ACTION: virginie to propose language on relation between WebCryptoAPI and use cases 15:20:11 Created ACTION-70 - Propose language on relation between WebCryptoAPI and use cases [on Virginie GALINDO - due 2012-12-17]. 15:20:32 virginie: The way you're writing this, we could later add new secondary features 15:20:45 arunranga: yes 15:20:59 q? 15:21:03 ack markw 15:21:05 ack markw 15:21:19 q- 15:21:24 markw: Clarify that use cases should be able to include pre-provisioned keys? 15:21:46 arunranga: yes, we can include pre-provisioned keys. Looking to you (markw) for detail 15:22:10 ... we can include a caveat that this particular feature may not be included in the WebCryptoAPI yet, but members of the WG are actively discussing 15:22:39 markw: I don't consider it a secondary use case. It should either be published in the main draft or in the additional doc we're working on. 15:22:48 q? 15:23:11 zakim, mute me 15:23:11 arunranga should now be muted 15:23:25 virginie: I'm sure you're all aware of how Mark came to prepare new specification on key discovery 15:23:54 Nat has joined #crypto 15:23:58 ... how to identify keys that may be pre-provisioned, so separate document. 15:24:08 q+ 15:24:17 -Havard_Molland 15:24:21 ... is there any problem or objection, or anyone who'd like to help Mark? 15:24:28 ack markw 15:24:48 markw: The intent is that this spec will have the same timeframe and Rec status as the main API 15:24:48 +Havard_Molland 15:25:15 +[Google] 15:25:18 q+ 15:25:23 ... either we should publish this at the same time as the main API loses support for pre-provisioned keys, so it's an atomic change 15:25:39 ... when writing the new draft, only included suppor tfor origin named pre-provisioned keys. 15:25:50 <_nat> _nat has joined #crypto 15:25:53 ... no reason it couldn't include others, so the timeframe is not impacted 15:25:55 Link to draft? 15:25:58 rsleevi_ has joined #crypto 15:26:01 q+ 15:26:03 ... added some material on privacy, based on indexdb document 15:26:14 Key discovery specification proposal http://lists.w3.org/Archives/Public/public-webcrypto/2012Dec/0001.html 15:26:24 I'll work on this after the phone call 15:26:25 ... Attached document to email because couldn't yet get it into hg tree 15:26:30 its possible there's an issue re permissions 15:26:54 virginie: when you say we're publishing at the same time, do you mean heartbeat or more formal steps? 15:27:00 markw: I mean for the heartbeat. 15:27:07 i.e. by Dec 17th 15:27:10 ... can we do it this time? 15:27:26 virginie: I have no problem putting them on the same track. Will we be ready for 17 Dec? 15:27:48 notes rsleevi is on the q 15:27:49 virginie: question for the group, who has something to say about new spec? any objection to publishing? 15:27:57 ack hhalpin 15:27:57 q+ 15:28:06 +1 15:28:07 +1 15:28:16 ack rsleevi_ 15:28:23 i/virginie: I'm sure you're all/Topic: New Spec Key Discovery/ 15:28:49 rsleevi_: My suggestion would be to keep different forms of key discovery in different specs, for what implementers need. 15:29:05 ... Mark's approach is good, useful to implementers interested in that functionality. 15:29:18 q+ 15:29:20 ... There are technical concerns, but no reason not to publish the draft. 15:29:28 virginie: thanks 15:29:31 ack hhalpin 15:29:51 hhalpin: We can release multiple docs in the heartbeat. 15:30:02 ... We need to specify when we release whether we expect them to be normative. 15:30:14 ... And we'll say with Mark's doc that we expect it will be normative. 15:30:31 ... Both API and Key Discovery will have to go through the same process. 15:30:44 ... To become W3C recs, they need implementation, testing, vote from W3C AC 15:31:07 ... let's send both docs down the normative track. Try to keep them to the same schedule 15:31:18 virginie: +1 to what harry said. 15:31:20 Just to make sure W3C process is clear here 15:31:39 ... Mark, anything more we need before publication? 15:31:44 its OK to publish drafty things 15:31:59 markw: I expect comments over the week, but don't see any problem with going ahead. 15:32:32 virginie: Any further comments? We'll go through formal process to approve pub next week. 15:32:41 ... Thanks Mark for doing this quickly. 15:33:03 ... Thanks both Ryan and Mark for working on docs. 15:33:11 Topic: Web Crypto API 15:33:28 https://dvcs.w3.org/hg/webcrypto-api/log 15:33:32 rsleevi_: obviously lots of changes. 15:33:52 ... most of the focus is trying to resolve usability issues, tighten up API 15:34:01 ... total 22 changes, some more significant than others. 15:34:12 ... Highlighting: removal of key storage and key attributes. 15:34:21 ... keystorage has been discussed at length on ml. 15:34:34 ... intent to add text highlighting key discovery elsewhere. 15:35:13 ... Key attributes, tightly coupled with notion of key storage 15:35:26 ... e.g. if something is stored on a smartcard, attributes might change without the user agent 15:35:42 ... exposing attribs as persistent not a good fit. 15:35:51 +[Microsoft] 15:36:08 ... so instead, make just the core functions of the key are attribs; others are stored where you store the key. 15:36:35 ... application-specific or advisory attribs should be defined along with how you get the key from storage. 15:36:42 ... e.g. synchronous, handles, etc. 15:36:55 ... Concat added as an algorithm. 15:37:11 ... Another change, overall workflow. 15:37:32 ... earlier draft closer to PKCS11. init, process... , complete 15:37:45 ... intent to share the objects, but implementers had concern it was too specific. 15:38:12 ... explicit initialization step removed. 15:38:25 ... that also removes the recyclability of crypto ops. 15:38:54 ... added ability to supply data to be processed in call, e.g. hashing 15:39:12 ... those are some of the major changes. 15:39:25 ... easiest way to see them in practice is to look at examples doc. 15:39:41 ... process data flow and state machine transition simplified for both developer and implementer. 15:39:49 virginie: Any questions for Ryan? 15:39:50 q+ 15:39:50 q+ 15:39:58 q+ 15:40:33 hhalpin: sounds sensible. 2 Qs: what did we do re zooko's questions on taxonomy of labeling? 15:40:41 ... did we have any usability feedback? 15:41:20 rsleevi_: taxonomy label distinct from security considerations. 15:41:20 I have provided some feedback to rsleevi_ in private mail 15:41:31 ... didn't think the taxonomy was a good fit. 15:41:36 The taxonomy wasn't accepted I remember, but checking on security considerations 15:41:40 +q 15:41:44 ... Security considerations have not yet been incorporated. 15:41:54 ... focus this time was usability. 15:42:07 hhalpin: we might want to have security considerations in this round. 15:42:12 Security considerations will not happen in next ED 15:42:17 in particular, I continue to think that the CryptoOperation class needs to be a form of Promise 15:42:19 (at least, I don't have time, ddahl?) 15:42:20 ... to address earlier comments, if we can. 15:42:21 and it's not today 15:42:56 rsleevi_: I disagree it's necessary for the next WD. Don't see that I can add it. 15:43:04 ... don't need to duplicate IRTF doc. 15:43:21 q? 15:43:21 virginie: we might have more developments re security review when David Rogers takes it up. 15:43:25 ack hhalpin 15:43:26 ack markw 15:43:27 slightlyoff: A non-multi-part CryptoOperation yes, but I don't think a multi-part operation fits in the promise model 15:43:32 for security consideration, we need to reference WebAppSec WG CSP 15:43:36 its generally good to be able to point to our response from a previous heartbeat in a new hearbeat, but we do of course only have so much time. 15:43:39 markw: We haven't discussed removal of key attribs before 15:43:48 ... is the intent that other specs might add attribs? 15:43:59 rsleevi: Perhaps, I thought we had some new language for that section? 15:44:02 ... re pre-provisioned keys, we discussed ID attrib. 15:44:04 zakim, unmute me 15:44:04 arunranga should no longer be muted 15:44:18 ... re unwrapping, there might be attributes inside the wrapper, exposed on unwrapping. 15:44:31 ... that wouls resurrect the requirement for attribs on the key. 15:44:34 q+ to respond to mark 15:44:37 s/wouls/would/ 15:44:53 rsleevi_: key attribs relies on things not yet specified by JOSE 15:45:09 ... would prefer not to include something on which there's no proposal for how it's going to work. 15:45:18 rsleevi_: if there's a single answer to the operation (a single result), then it fits. 15:45:26 ... once there's more work from JOSE re key wrapping, we may reconsider. 15:45:39 slightlyoff: Agreed 15:45:50 ack next 15:45:52 rsleevi_, you wanted to respond to mark 15:46:13 markw: can other specs add attributes? 15:46:35 In W3C process terms, there's no problem with specifying certain key attributes in a different document 15:46:43 arunranga: also my Q. if a web developer wants to determine validity, they need to engage with the app? 15:46:54 it just makes things more confusing for readers. 15:47:02 rsleevi_: start-date and end-date removed at our first face-to-face. too much variation. 15:47:19 ... all these notions of validity are more closely related to application than to key storage. 15:47:27 ... they're not universal concepts. 15:47:50 ... very few APIs, except PKCS11, allow you to add attribs 15:48:03 rsleevi_: 12.1's multi-part steps suggest to me that there's a single return value 15:48:12 ... Problem: exposing attrib directly leaves it undefined for all keys that don't have the attrib 15:48:26 ... either you're defining default values or saying it may be present. 15:49:04 ... Problematic if the underlying external storage system changes attribs, how do I reflect that to the caller? what's the UA to do? 15:49:39 ... so for key object, if you want to talk about validity, stick it in indexdb, leave it to application to both store and enforce. 15:49:43 q- 15:49:47 ack 15:49:48 ... having a key-value store doesn't really fit 15:50:00 virginie: does that make sense? 15:50:03 q+ 15:50:30 virginie: does that mean we'll never have to use attributes in main API? 15:50:35 zakim, mute me 15:50:35 arunranga should now be muted 15:50:47 zooko: I like Ryan's latest rev of the API. 15:50:58 it's not using promises yet 15:51:00 ... Consistently asynchronous using promises; a few one-shot. 15:51:24 ... still think it would be good for usability and security as to whether they provide encryption, hashing, or something else 15:51:36 s/as to/to label algorithms as to/ 15:51:42 I'm partial to attributes personally, but I'm not going to object. 15:51:56 rsleevi_: considering adding a table of contents, listing algorithms and supporting ops. 15:52:02 s/supporting/supported/ 15:52:37 q? 15:52:37 zooko: Sounds like a way to express what algorithms do, will look. 15:52:44 ack zooko 15:52:46 ack next 15:53:30 markw: pre-provisioned keys creates a sub-class with attribs 15:53:45 virginie: any comments, send them and proposed resolution to Ryan 15:54:15 virginie: so prepare for WG decision on publication 17 Dec. 15:54:32 US-friendly time. 15:54:37 20:00 UTC 15:54:41 virginie: Additional call next week, 17 Dec. 20 UTC (3pm Boston, Noon Pacific) 15:55:02 ... Quick question to David Dahl, progress on high-level API? 15:55:21 ddahl: Drafts on github, getting comments from Richard Barnes, Mike Jones. Will ping them again. 15:55:35 20:00 UTC ==> 05:00 AM KST 15:55:35 virginie: please share on public list when in shape. 15:55:40 -Havard_Molland 15:55:49 Topic: Group Life 15:55:54 @slightlyoff: Both single and multi-part operations may result in multiple outputs (via progress events), along with a final event (oncomplete) indicating that the operation is completed / final values are calculated (or validated). Example of multiple onprogress events would be an encrypt (single part or multi-part), example of intermediate onprogress events but a single oncomplete would be a decrypt/MAC verify 15:56:12 virginie: We'll have to decide when to hold our next meeting. 15:56:21 ... We have offers from Korea and Boston for hosting. 15:56:33 ... but first I'd like to find a date. Please fill out the doodle. 15:57:02 ... We'll continue alternating phone call timing. 15:57:12 +Havard_Molland 15:57:20 ... In January, one call every two weeks, alternating times. 15:57:22 @zooko: Consider something like Table 34 of http://www.cryptsoft.com/pkcs11doc/STANDARD/pkcs-11v2-20.pdf or http://www.w3.org/TR/xmlenc-core1/#sec-Table-of-Algorithms 15:57:27 rsleevi_: so in the multiple progress for multi-part encrypt, are the chunks handed to the progress events also part of the final result? 15:57:29 ... Next week, 17 Dec call to prepare publication. 15:57:41 virginie: thanks to all the editors for their hard work 15:57:44 @slightlyoff: That's what I think we're trying to figure out and nail down ;) 15:57:53 ... Ryan, Arun, Mark, thank you! 15:58:06 @slightlyoff: Whether to follow the File API model (which is "Yes"), or to follow the "save memory model" (which is "no") 15:58:12 ... next week, focus on getting consensus to go for publication. 15:58:17 -Scott_Kelly 15:58:20 virginie: talk to you in a week and on ml. 15:58:20 -pal 15:58:21 -[Google] 15:58:21 -hhalpin 15:58:23 -ddahl 15:58:23 -Havard_Molland 15:58:24 -[Microsoft] 15:58:24 -markw 15:58:26 -karen 15:58:27 -zooko 15:58:28 RRSAgent: make minutes 15:58:28 I have made the request to generate http://www.w3.org/2012/12/10-crypto-minutes.html wseltzer 15:58:29 -virginie 15:58:30 -mountie 15:58:30 rsleevi_: if we want a streaming crypto operation, we should do that orthoginally 15:58:31 -Nat_Sakimura 15:58:34 -Wendy 15:58:59 -Alex_Russell 15:59:07 SEC_WebCryp()10:00AM has ended 15:59:07 Attendees were +1.571.335.aaaa, Wendy, Nat_Sakimura, +1.408.458.aabb, Scott_Kelly, +1.303.543.aacc, zooko, ddahl, +1.512.257.aadd, +1.415.867.aaee, markw, virginie, arunranga, 15:59:07 ... +47.40.22.aaff, +1.650.525.aagg, pal, Havard_Molland, +82.22.14.0.aahh, mountie, Alex_Russell, +1.512.343.aaii, karen, hhalpin, [Google], [Microsoft] 15:59:13 trackbot, end teleconf 15:59:13 Zakim, list attendees 15:59:13 sorry, trackbot, I don't know what conference this is 15:59:16 rsleevi_: this comment confused me: 15:59:16 // Unlike the signing example, which showed multi-part encryption, here we 15:59:16 // will perform the entire AES operation in a single call. 15:59:21 RRSAgent, please draft minutes 15:59:21 I have made the request to generate http://www.w3.org/2012/12/10-crypto-minutes.html trackbot 15:59:22 RRSAgent, bye 15:59:22 I see 1 open action item saved in http://www.w3.org/2012/12/10-crypto-actions.rdf : 15:59:22 ACTION: virginie to propose language on relation between WebCryptoAPI and use cases [1] 15:59:22 recorded in http://www.w3.org/2012/12/10-crypto-irc#T15-20-10 15:59:29 <_nat> _nat has left #crypto