IRC log of crypto on 2013-02-04

Timestamps are in UTC.

19:57:07 [RRSAgent]
RRSAgent has joined #crypto
19:57:07 [RRSAgent]
logging to
19:57:09 [trackbot]
RRSAgent, make logs public
19:57:11 [trackbot]
Zakim, this will be SEC_WebCryp
19:57:11 [Zakim]
ok, trackbot, I see SEC_WebCryp()3:00PM already started
19:57:12 [trackbot]
Meeting: Web Cryptography Working Group Teleconference
19:57:12 [trackbot]
Date: 04 February 2013
19:57:39 [wseltzer]
Chair: Virginie_Galindo
19:57:49 [Zakim]
19:58:26 [rsleevi]
Zakim, whats the number?
19:58:26 [Zakim]
I don't understand your question, rsleevi.
19:58:27 [virginie]
agenda ?
19:58:30 [wseltzer]
zakim, code?
19:58:30 [Zakim]
the conference code is 27978 (tel:+1.617.761.6200, wseltzer
19:58:48 [Zakim]
19:58:59 [Zakim]
19:59:03 [nvdbleek]
zakim, i am ??P2
19:59:03 [Zakim]
+nvdbleek; got it
19:59:05 [Zakim]
+ +1.408.540.aaaa
19:59:29 [wseltzer]
zakim, aaaa is Scott_Kelly
19:59:29 [Zakim]
+Scott_Kelly; got it
19:59:35 [Zakim]
19:59:57 [virginie]
who is on the call ?
19:59:59 [nvdbleek]
zakim, who is here?
19:59:59 [Zakim]
On the phone I see Wendy, jyates, nvdbleek, Google, Scott_Kelly, virginie
20:00:01 [Zakim]
Google has rsleevi
20:00:01 [Zakim]
On IRC I see RRSAgent, emily, virginie, tantek, nvdbleek, jyates, ddahl, rsleevi, trackbot, tobie, timeless, slightlyoff, Zakim, wseltzer
20:00:13 [selfissued]
selfissued has joined #crypto
20:00:18 [tantek]
20:00:21 [Zakim]
20:00:22 [Zakim]
20:00:28 [tantek]
(from AZ CSSWG mtg)
20:00:37 [ddahl]
hi tantek
20:00:46 [rbarnes]
rbarnes has joined #crypto
20:00:53 [Zakim]
+ +1.617.873.aabb
20:01:07 [rbarnes]
zakim, i am aabb
20:01:07 [Zakim]
+rbarnes; got it
20:01:16 [nvdbleek]
zakim, mute me
20:01:16 [Zakim]
nvdbleek should now be muted
20:01:35 [virginie]
20:02:05 [wseltzer]
agenda+ welcome
20:02:10 [wseltzer]
agenda+ Web Crypto API - 30'
20:02:24 [wseltzer]
agenda+ High Level API - 10'
20:02:39 [hhalpin]
hhalpin has joined #crypto
20:02:49 [hhalpin]
Zakim, what's the code?
20:02:49 [Zakim]
the conference code is 27978 (tel:+1.617.761.6200, hhalpin
20:02:53 [Zakim]
20:03:03 [wseltzer]
agenda+ secondary feature discussion – 5’
20:03:17 [wseltzer]
agenda+ group life
20:03:21 [wseltzer]
agenda+ AOB
20:03:36 [virginie]
who is on the call ?
20:03:56 [wseltzer]
[agenda: ]
20:03:59 [Zakim]
20:04:08 [karen_]
karen_ has joined #crypto
20:04:36 [hhalpin]
its a very exciting telecon today, closing issues and a new draft document!
20:05:06 [hhalpin]
Zakim, pick a scribe
20:05:06 [Zakim]
Not knowing who is chairing or who scribed recently, I propose emily
20:05:09 [hhalpin]
20:05:11 [wseltzer]
zakim, mute hhalpin
20:05:11 [Zakim]
hhalpin should now be muted
20:05:13 [emily]
20:05:21 [hhalpin]
Zakim, unmute hhalpin
20:05:21 [Zakim]
hhalpin should no longer be muted
20:05:25 [arunranga]
arunranga has joined #crypto
20:05:29 [hhalpin]
Zakim, who's making noise?
20:05:36 [virginie]
20:05:40 [Zakim]
hhalpin, listening for 10 seconds I heard sound from the following: Wendy (8%), [Microsoft] (5%)
20:06:16 [emily]
virginie: progress on low-level API thanks to ryan...
20:06:33 [emily]
... closing a bunch of issues, also some discussion about high-level presented by David
20:07:02 [emily]
... any objection to approving minutes?
20:07:07 [Zakim]
20:07:18 [Zakim]
20:07:23 [hhalpin]
RESOLUTION: approve minutes of last meeting
20:07:56 [emily]
virginie: now we go through different proposals made by ryan
20:08:10 [selfissued]
20:08:26 [wseltzer]
[Issues are collected at ]
20:09:11 [hhalpin]
20:09:17 [emily]
virginie: can mark issues to be addressed in next version or different revision
20:09:26 [hhalpin]
there's also the "product" way of closing issues.
20:09:47 [emily]
mike: request from 3 different people at microsoft to defer decisions on closing issues until adequate time to review them
20:09:54 [emily]
... proposal made only 2 business days ago
20:11:00 [emily]
harry: want some time limit to how long reviews go on for but it should be reasonable
20:11:10 [emily]
... can still go through ryan's suggestions today
20:11:24 [cjkula]
cjkula has joined #crypto
20:11:33 [emily]
... can associate issues with specs in bugzilla
20:11:43 [selfissued]
Thanks. I think that giving people until the next call to review the issues being proposed for closure is reasonable.
20:12:08 [Zakim]
+ +1.510.387.aacc
20:12:30 [emily]
ryan: was not intending for this to be agenda of call
20:12:59 [hhalpin]
Features that are unimplemented won't go to Rec status :)
20:13:12 [ddahl]
ddahl has joined #crypto
20:13:12 [emily]
... intending to get us focused on making forward progress
20:13:21 [emily]
... identify serious gaps that need to be resolved in this version
20:13:43 [emily]
... as opposed to "I want a pony" issues
20:14:10 [virginie]
20:14:21 [hhalpin]
ack hhalpin
20:14:23 [hhalpin]
ack selfissued
20:14:51 [cjkula]
Zakim, aacc is cjkula
20:14:51 [Zakim]
+cjkula; got it
20:14:53 [hhalpin]
I think a quick walk-through would be great
20:16:32 [wseltzer]
20:16:45 [emily]
rsleevi: open issues with no progress for 6+ months is no good
20:17:09 [emily]
wseltzer: tracker has "postponed" status as well as closed
20:17:29 [mountie]
mountie has joined #crypto
20:17:32 [wseltzer]
ack ws
20:17:56 [emily]
virginie: can postpone or allocate issues to another product
20:18:09 [karen1]
karen1 has joined #crypto
20:18:10 [cjkula_]
cjkula_ has joined #crypto
20:18:25 [emily]
... discuss proposals on next call in 2 weeks
20:18:35 [rsleevi]
Right: I want to make a distinction between "What we are working on", "what we need to work on", "what we plan to work on", and "what we want to work on" (since they may all be different)
20:18:37 [hhalpin]
The difference is a CLOSED issue is generally not talked about any more, and attempts to revisit it can be replied with "we already closed that" while POSTPONED is less strong and allows re-visiting.
20:19:07 [hhalpin]
20:19:14 [hhalpin]
Zakim, mute Microsoft
20:19:14 [Zakim]
[Microsoft] should now be muted
20:20:14 [emily]
hhalpin: w3c typically doesn't run registries, it might be better to have IANA run the registry
20:20:44 [emily]
... WG runs registry during lifetime, but don't want it left hanging after close of WG
20:20:53 [emily]
... IANA ok with running it
20:21:08 [Zakim]
20:21:41 [emily]
... separate discussion about modifying registration process to make it harder or easier
20:21:51 [rbarnes]
20:22:00 [virginie]
20:22:17 [emily]
rsleevi: registry is bad for web
20:22:37 [emily]
... registry notion only comes up b/c of string identifiers
20:23:20 [hhalpin]
Which requires re-opening the Working Group :)
20:23:24 [emily]
... requires active collaboration of multiple user agents
20:23:48 [emily]
... need specs that require consensus to have interoperable web
20:25:51 [emily]
rbarnes: not going to have universally implemented set of algorithms
20:26:00 [emily]
... devs are going to have to deal with algorithms being absent
20:26:17 [emily]
... can separate availability/implementation from naming
20:26:38 [emily]
... useful to have a common set of names
20:27:11 [rsleevi]
20:27:19 [hhalpin]
20:27:21 [rsleevi]
20:27:23 [rbarnes]
20:27:30 [wseltzer]
ack next
20:27:34 [emily]
virginie: we'll have to make our own list of identifiers anyway
20:27:42 [emily]
... might reuse other identifiers that are used elsewhere
20:28:41 [emily]
... can defer the decision
20:29:00 [emily]
... richard had volunteered to maintain document of different identifiers
20:29:23 [emily]
rbarnes: can pull out names from current spec into separate document
20:29:33 [hhalpin]
I'd like to clarify the registry concept :)
20:29:39 [emily]
rsleevi: concern is about process associated with document
20:29:57 [hhalpin]
No, the algorithms remain in the current spec.
20:30:17 [rbarnes]
hhalpin: oh, maybe i misunderstood the concept
20:30:47 [emily]
hhalpin: not as concerned about registry maintenance, because algorithms dont change very often, more concerned about process of defining algorithms than exact ownership
20:31:00 [rbarnes]
20:31:24 [rbarnes]
rsleevi: any IANA registry comes with an admission policy
20:31:25 [emily]
hhalpin: wasnt suggesting that current algorithms get removed from spec
20:31:39 [emily]
... have to demonstrate interoperability to go through w3c process
20:32:16 [emily]
... keep algorithms that we have and do test cases for them
20:33:10 [emily]
... difficult once spec has gone through process to change it without reopening WG
20:35:15 [emily]
... algorithms in registry would not go through rigorous review process, but wouldn't have to reopen WG for minor changes
20:35:45 [wseltzer]
ack hh
20:35:50 [wseltzer]
ack rs
20:36:15 [emily]
rsleevi: doesn't require review or IPR agreement, dangerous to open web
20:36:34 [tantek]
(delayed) hi ddahl and wseltzer!
20:36:44 [emily]
... different user agents might define algorithms differently
20:36:52 [emily]
... patent and IPR concerns associated with algorithms
20:37:16 [emily]
... don't want to see crypto enforcing vendor lock-in
20:37:53 [hhalpin]
20:38:34 [virginie]
zakim, close the queue
20:38:34 [Zakim]
ok, virginie, the speaker queue is closed
20:38:50 [hhalpin]
Yes, but we need to make progress on this issue Virginie.
20:38:57 [wseltzer]
ack rbarnes
20:39:05 [hhalpin]
So I request I make a quick modification based on rsleevi's point.
20:39:13 [hhalpin]
which I generally agree with.
20:39:14 [emily]
rbarnes: strong consensus at f2f that no mandatory-to-implement algorithms
20:39:24 [hhalpin]
Well, IANA takes a while :)
20:39:56 [hhalpin]
I think my point would be
20:40:04 [emily]
... can address IPR concerns within IANA
20:40:07 [hhalpin]
that we *can* update test-suites continually
20:40:11 [hhalpin]
after lifetime
20:40:19 [emily]
... can set policy at registry creation
20:40:28 [emily]
... policies can require levels of consensus
20:40:35 [hhalpin]
of Working Group, so thus we could do require test-cases to be maintained for new algorithms.
20:40:49 [rsleevi]
@rbarnes: There's a distinction between the UA (correctly) gluing up with the OS/crypto lib and between having multiple definitions ("aes-gcm", "aes-gcm1", "aes-gcm-like-the-others-but-different")
20:41:12 [rsleevi]
@rbarnes: I view it as a separate issue from MTI
20:41:50 [emily]
hhalpin: with no IANA registry, would have to keep WG open forever or reopen for every change
20:42:05 [hhalpin]
That's a fairly important point.
20:43:16 [hhalpin]
We also do need to take a decision as regards extension to the charter
20:43:32 [ddahl]
20:43:33 [virginie]
20:44:00 [emily]
ddahl: still feel pretty strongly about having a high-level API
20:44:19 [emily]
... want it to be very simple, allows for public-key and symmetric encryption
20:45:28 [hhalpin]
We need to discuss the extension to charter issue today.
20:45:29 [emily]
What's the rationale for removing sign/verify?
20:46:09 [emily]
ddahl: redundant with encryptAndSign
20:46:48 [rsleevi]
@ddahl: It seems like the primitives are (secret key) encrypt/decrypt, (private key) sign/verify and (private key) encrypt/decrypt [which implies sign/verify]
20:46:58 [rsleevi]
@emily: ^ sound right?
20:47:19 [emily]
@rsleevi, @ddahl: but there's no way to sign using the high-level API without also encrypting?
20:47:57 [hhalpin]
@everyoneabove, it seems useful to have the ability to sign without encrypting
20:47:59 [emily]
virginie: proposal to switch milestone for finishing low-level api by 6 months
20:48:01 [rbarnes]
@emily: as i understand it, all high-level API calls effectively send a message from a key pair to a public key
20:48:04 [ddahl]
emily: that is a possible drawback as it may be confsuing
20:48:26 [hhalpin]
The suggestions were 6 month, 8 month, or 12 month extension
20:48:30 [hhalpin]
but we have to file before end of Feb.
20:48:33 [wseltzer]
Any objection to a 6-month extension of charter and dates?
20:48:35 [arunranga]
+1 ddahl, I was muddled up by that.
20:48:47 [rbarnes]
i would be fine with 6, 8, or 12
20:49:50 [ddahl]
arunranga: yeah, i removed sign/verify based on some feedback from Adam Langley
20:49:52 [rbarnes]
rsleevi: yeah, either way
20:50:30 [emily]
rsleevi: want small extension and a burndown of current issues with spec
20:50:39 [hhalpin]
+1 6 months, I'd live with 8 months, 12 months makes me worried.
20:52:03 [selfissued]
+1 for 8
20:52:14 [emily]
rsleevi: don't understand motivation for 8
20:52:21 [virginie]
20:52:28 [emily]
... advancing to candidate rec is where netflix feels comfortable implementing
20:52:31 [hhalpin]
q- hhalpin
20:53:07 [hhalpin]
We can always go to CR *before* schedule.
20:53:25 [hhalpin]
i.e. if we close all our issues ahead of schedule, we're fine.
20:53:31 [rsleevi]
If we can't advance within 6 months, I think we'll have failed as a WG :)
20:53:58 [rbarnes]
no objection here
20:54:00 [emily]
virginie: any objection to 6 month extension?
20:54:07 [virginie]
20:54:08 [rsleevi]
PROPOSAL: 6 month extension
20:54:09 [rbarnes]
20:54:09 [rsleevi]
20:54:10 [ddahl]
20:54:12 [emily]
20:54:12 [cjkula]
20:54:12 [hhalpin]
PROPOSAL: 6 month extension to charter
20:54:17 [hhalpin]
20:54:19 [nvdbleek]
20:54:20 [selfissued]
20:54:21 [mountie]
20:54:58 [rsleevi]
RESOLUTION: 6 months extension will be pursued
20:56:18 [emily]
hhalpin: april 23-24, paypal headquarters in silicon valley
20:56:30 [jyates]
In San Jose?
20:56:45 [emily]
hhalpin: could do joint WG session with webappsec
20:57:00 [rsleevi]
@jyates: yes
20:57:01 [emily]
... could also try to overlap and do 24-25 but some concern with paypal
20:57:23 [hhalpin]
The joint session would be the 25th in morning
20:57:49 [selfissued]
20:57:49 [virginie]
20:57:51 [emily]
virginie: proposal for f2f april 23-24, joint session on 25th
20:57:51 [rsleevi]
PROPOSAL: Face to face on 23/24 at PayPal HQ in San Jose
20:57:53 [rbarnes]
20:57:56 [mountie]
20:57:56 [ddahl]
20:57:57 [emily]
20:57:58 [rsleevi]
20:57:59 [hhalpin]
20:58:08 [jyates]
20:58:21 [rsleevi]
RESOLUTION: Next f2f on April 23/24
20:58:25 [hhalpin]
It will also be good because we can have lots of f2f time with WebApps and HTML WGs over issues like test cases and even registries if needed.
21:00:38 [hhalpin]
2 weeks to read and discuss!
21:00:44 [wseltzer]
ACTION hhalpin and wseltzer to prepare extension request for 6 months
21:00:44 [trackbot]
Created ACTION-75 - And wseltzer to prepare extension request for 6 months [on Harry Halpin - due 2013-02-11].
21:01:04 [wseltzer]
ACTION all participants to review proposals to close issues
21:01:04 [trackbot]
Error finding 'all'. You can review and register nicknames at <>.
21:01:11 [Zakim]
21:01:14 [Zakim]
21:01:15 [Zakim]
21:01:16 [Zakim]
21:01:17 [Zakim]
21:01:18 [Zakim]
21:01:19 [Zakim]
21:01:19 [Zakim]
21:01:20 [Zakim]
21:01:20 [mountie]
mountie has left #crypto
21:01:21 [Zakim]
21:01:22 [Zakim]
21:01:23 [Zakim]
21:01:27 [Zakim]
21:01:29 [Zakim]
21:01:30 [arunranga]
arunranga has left #crypto
21:01:38 [wseltzer]
zakim wseltzer_cpdp is really wseltzer
21:01:51 [wseltzer]
s/zakim wseltzer_cpdp is really wseltzer//
21:02:13 [wseltzer]
trackbot, end teleconf
21:02:13 [trackbot]
Zakim, list attendees
21:02:13 [Zakim]
As of this point the attendees have been Wendy, jyates, nvdbleek, +1.408.540.aaaa, rsleevi, Scott_Kelly, virginie, ddahl, emily, +1.617.873.aabb, rbarnes, selfissued, hhalpin,
21:02:16 [Zakim]
... arunranga, karen, +1.510.387.aacc, cjkula, mountie
21:02:21 [trackbot]
RRSAgent, please draft minutes
21:02:21 [RRSAgent]
I have made the request to generate trackbot
21:02:22 [trackbot]
RRSAgent, bye
21:02:22 [RRSAgent]
I see no action items
21:03:17 [RRSAgent]
RRSAgent has joined #crypto
21:03:17 [RRSAgent]
logging to
21:03:39 [wseltzer]
rrsagent, make minutes
21:03:39 [RRSAgent]
I have made the request to generate wseltzer
21:05:02 [wseltzer]
regrets+ Asad_Ali, Seetharama_Durbha, Mark_Watson
21:05:05 [wseltzer]
rrsagent, make minutes
21:05:05 [RRSAgent]
I have made the request to generate wseltzer
21:06:39 [wseltzer]
rrsagent, bye
21:06:47 [wseltzer]
rrsagent, make minutes public
21:06:47 [RRSAgent]
I'm logging. I don't understand 'make minutes public', wseltzer. Try /msg RRSAgent help
21:06:54 [wseltzer]
rrsagent, make logs public
21:06:57 [wseltzer]
rrsagent, bye
21:06:57 [RRSAgent]
I see no action items