W3C

- DRAFT -

Web Cryptography Working Group Teleconference

07 Jan 2013

See also: IRC log

Attendees

Present
+1.720.357.aaaa, +82.22.14.0.aabb, +1.410.290.aacc, +1.512.257.aadd, +1.408.540.aaee, markw, rbarnes, asad, +1.512.257.aaff, +1.512.257.aagg, virginie, ddahl, +1.408.458.aahh, Wendy, hhalpin, rsleevi, mountie, Zooko, Karen, Mike_Jones, +1.303.661.aaii, sdurbha, +1.303.543.aajj
Regrets
Chair
SV_MEETING_CHAIR
Scribe
rsleevi

Contents

<wseltzer> trackbot, prepare teleconf

<trackbot> Date: 07 January 2013

<rbarnes> hello world!

<rbarnes> asad: zakim almost got your name right!

<virginie> agenda F2F meeting date and location

<karen> aagg is Karen

I can scribe

<scribe> scribenick: rsleevi

<virginie> minutes http://www.w3.org/2012/12/17-crypto-minutes.html

Welcome

RESOLUTION: Minutes from previous call are accepted

virginie: Status of documents in publication
...: Our decision was reached on Dec 17. However, that was when publication of specifications were frozen.

<hhalpin> Everything is fine except the use-cases
...: current drafts are working through publication. WebCrypto & Key Discovery were PubRules clean, so will be published tomorrow

<hhalpin> Worse case, use-cases can come out a bit later...
...: use cases still needs a few editorial tweaks for pubrules

mountie Question about origin and why definition was removed

rsleevi: Not sure I understand the question

mountie: Differences make note about multi-origin support

rsleevi: There was some discussion about multi-origin related to key discovery, that was removed during the key discovery separation. Not fully sure I understand the question, but that may have been the reason for removal

hhalpin: Multi-origin may have a use case. Should send the use case. It may be possible to do things for the Korean banking use case while respecting the same-origin policy

<hhalpin> i.e. by using digital signatures

<hhalpin> i.e. a certificate (token) can be given and have its signature verified

<hhalpin> even if the user is not currently "visiting" the site with a key from the same-origin as the origin that signed the token.

<zooko> Zakim: aajj is zooko

virginie: Status of high level API - ddahl, markw, et al need more time to work on it

implementations plan for our APIs

virginie: Question is "When are we going to have implementations" and "When are we going to get feedback about the API and the issues highlighted"
... Question impacts timing of LC and schedule of WG

<hhalpin> Yes, I was just going to note we need to tell W3C when we hope to go to Last Call.

<hhalpin> +1 rbarnes!!!

rbarnes: Has just this afternoon pushed a polyfill out to github

<rbarnes> http://polycrypt.net

rbarnes: This version implements several different algorithms, most of the API.
... missing some of export key
... Test cases driven by test vectors
... Grep through the source for XXX spec for spec issues

<rbarnes> grep -R "XXX-SPEC" *

rbarnes: While implementing, came across a few inconsistencies (eg: key usage vs key usageS )
... will be providing feedback on the spec, and looking for feedback on the implementation

ddahl: Ongoing work, mostly infrastructural. Still trying to work out resources and timelines, not sure when he'll have details

<hhalpin> we'll need info on updating the charter within 2 weeks, BTW

selfissued: No implementation to report at this time

<hhalpin> we want to make the roadmap realistic for all parties!

virginie: Any information we should request of Microsoft before we establish our roadmap?

selfissued: Ask that question again in two weeks

rsleevi: Not sure I can comment on timing. Have portions of the API (such as random) implemented in WK already, still working on resources and timing

markw: We have an implementation of a subset of the API, in the form of a plugin at the moment. Question about when we plan to have this aligned with the API, will get back

hhalpin: Not asking for anyone to reveal anything confidential.
... Mostly trying to get an idea of the WG and when we as a WG expect to enter LC with all of our issues closed
... when we chartered, we set a timeframe. We can realistically ask for one extension of timing
... we have ourselves entering LC in February

<selfissued> I can respond if I do it now, but I have to go in about 2 minutes

rsleevi: An area of concern is key import/export and key wrap/unwrap and the timing and deliverables of those
... Options include 1) Drop the feature 2) Do our own thing 3) Do the JOSE thing if it's ready

selfissued: JOSE has taken it up, and has progressed on something based on JWE, and is being responsive

markw: Sense was use JOSE as the base, but if for any reason it wasn't ready, we cut & paste into our own
... What are the next steps for key wrapping / unwrapping?

virginie: We will need to make a decision and better understand the timing of decision. We can't delay it past LC
... Regarding key wrapping / unwrapping, have it as an item for the next call

markw: Ideally we could have some progress before then

<hhalpin> I'm trying to remember what open issues were with MarkW's key wrapping proposal.

virginie: We can't force people to work on that part of the spec. By adding it to the agenda we can discuss it

<hhalpin> I think we still wanted the feature...

markw: Will update the proposal based on the new API, will go from there

<virginie> acl rsleevi

<markw> @hhalpin: yes ... I can't remember what the issues were either ;-) But at least the proposal needs to be updated for the API changes. There were also two versions: overloading import/export vs explicit wrap/unwrap & I think the group feeling was towards the latter

rsleevi: Reminder to think about cloning cryptographic operations and whether we accept or drop the feature

F2F meeting date and location

<virginie> March 26/27/28

Most favourable dates were the end of March - 26/27/28

virginie: Question raised was "End of March - will we have enough feedback to sustain a F2F"
... As a chair, feeling is meeting is always good, but people have budgets and timing concerns
... Was thinking two F2F - one in march and one some time in summer

<virginie> http://doodle.com/x958bvheya5rvi8q

hhalpin: Some feeling from the editors was that delaying it may help
... delaying a month or a little more won't hurt
... options for a meeting in Korea was raised. W3C meeting is having a fall meeting in China. Spec may still be in LC or CR phase
... not sure if the China location would be suitably proximate

<hhalpin> TPAC 2013 is in china

virginie: For me, because we only have a few members in the WG in Korea, but we have many in the US, it may make more sense to have this meeting in the US

<hhalpin> and in the fall we could arrange a visit to Korea as well after or before TPAC

virginie: Very likely that the next meeting is in the US

mountie: Want to have the next meeting in Korea in order to show why there is interest in this API

hhalpin: Mentioning of China was to explore the possibility to have meeting in Korea before/after.
... We may still have time for flexibility in the API at that time
... we may be better served by waiting for the spec to be more mature

<hhalpin> but would that be too late to influence stuff in Korea?

<hhalpin> That's why I'm thinking the overlap will be clearer by the fall in 2013

rsleevi: As an implementor, while we value the problem, it's not a high point for us or our users. We've studied this problem for quite a bit of time, and with quite a bit of depth, and think this problem is much larger
... as an editor, fully happy to reflect the consensus from the WG, but it's not likely something we'd rush to implement
... would recommend this problem be postponed until we've furthered the current work

hhalpin: If we do it at TPAC, we'll have more contributors available

virginie: Other possibilities include a "roadshow" to demonstrate the API and how it fits in with the use case
... back to the topic of dates

<hhalpin> There is a distinct lack of proposals (except from Netflix!!)

rsleevi: Main concern is making we have enough issues and agenda for discussion

virginie: We have lots of specs at the moment - we have use cases, key discovery, and (hopefully soon) high level API

<hhalpin> I'd say we could also aim for April 2nd.

<hhalpin> That would give us more time.

<hhalpin> That is in the Doodle.

virginie: goal is to make sure we have people willing to travel and discuss the issues for these related specs

mountie: My expectation of the next F2F meeting was that we could begin setting priorities for the list of secondary features
... our preferences are for secondary features. We should set priorities for secondary features

<hhalpin> I agree with Mountie re prioritizing secondary features

virginie: Some of the secondary features may have dependencies on the primary dependency
... we really have to balance on making sure we don't focus on our secondary features before focusing on our primary features

<rbarnes> i am willing to travel, especially in US

<ddahl> +1

<virginie> +1

<hhalpin> +1

<asad> +1

<markw> +1

<karen> +1 in US

virginie: Question is who is willing and has the budget to travel
... Reminder: Another F2F possibly in the summer

<wseltzer> +1

virginie: Within the next two weeks, proposals for WHERE and WHEN the next F2F will be. As mentioned, will be US based
... Possibility of Boston or DC as one options

ddahl: Possibility of Mountain View/Vancouver/Toronto

AOB

<zooko> Thanks folks!

<hhalpin> zooko - I'll look into the disposition of comments point I brought up.

<zooko> I'm going to the Stanford Real World Crypto workshop!

<hhalpin> If folks can go and present the API at that workshop, that would be great!!

<zooko> Can we have a WebCrypto dinner/lunch/beer ?

<zooko> Who is it that *might* be presenting something related to WebCrypto there?

@hhalpin: No presentation

@zooko: ben adida. ddahl was supposed to figure out the details ;)

<zooko> I see: https://crypto.stanford.edu/RealWorldCrypto/program.php

rsleevi: Mentioned the Stanford Real World Crypto Workshop, opportunity to get feedback and discuss with crypto community

virginie: Next call topic will include getting feedback from more companies and communities

<ddahl> rsleevi: you should just ping ben, he will let you know what is going on

<zooko> Okay! Let's discuss it on this IRC channel after the call?

<hhalpin> Get Terrence to look at it.

Summary of Action Items

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.137 (CVS log)
$Date: 2013/01/07 21:00:57 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.137  of Date: 2012/09/20 20:19:01  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/??/mountie/
Found ScribeNick: rsleevi
Inferring Scribes: rsleevi
Default Present: +1.720.357.aaaa, +82.22.14.0.aabb, +1.410.290.aacc, +1.512.257.aadd, +1.408.540.aaee, markw, rbarnes, asad, +1.512.257.aaff, +1.512.257.aagg, virginie, ddahl, +1.408.458.aahh, Wendy, hhalpin, rsleevi, mountie, Zooko, Karen, Mike_Jones, +1.303.661.aaii, sdurbha, +1.303.543.aajj
Present: +1.720.357.aaaa +82.22.14.0.aabb +1.410.290.aacc +1.512.257.aadd +1.408.540.aaee markw rbarnes asad +1.512.257.aaff +1.512.257.aagg virginie ddahl +1.408.458.aahh Wendy hhalpin rsleevi mountie Zooko Karen Mike_Jones +1.303.661.aaii sdurbha +1.303.543.aajj

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 07 Jan 2013
Guessing minutes URL: http://www.w3.org/2013/01/07-crypto-minutes.html
People with action items:
[End of scribe.perl diagnostic output]