20:09:35 <RRSAgent> RRSAgent has joined #crypto
20:09:35 <RRSAgent> logging to http://www.w3.org/2013/03/18-crypto-irc
20:09:37 <trackbot> RRSAgent, make logs public
20:09:39 <rbarnes> any suggestions regarding the agenda?  hearing none
20:09:39 <trackbot> Zakim, this will be SEC_WebCryp
20:09:39 <Zakim> ok, trackbot, I see SEC_WebCryp()3:00PM already started
20:09:40 <trackbot> Meeting: Web Cryptography Working Group Teleconference
20:09:40 <trackbot> Date: 18 March 2013
20:09:41 <scottk__netflix> scottk__netflix has joined #crypto
20:09:44 <wseltzer> Chair: virginie
20:09:47 <wseltzer> agenda?
20:10:03 <virginie> http://www.w3.org/2013/03/04-crypto-minutes.html
20:10:15 <mitchz> Zakim, Netflix has scottk__netflix
20:10:15 <Zakim> +scottk__netflix; got it
20:10:28 <rbarnes> chair requests approval of previous minutes.  approved without objection.
20:10:51 <hhalpin> RESOLVED: http://www.w3.org/2013/03/04-crypto-minutes.html are approved for the minutes
20:11:12 <rbarnes> virginie: important to update the charter about when and what we will deliver
20:11:37 <rbarnes> discussion last time was between 6/9 months, no clear resolution
20:11:39 <hhalpin> Note we can turn things in at 6 months
20:11:50 <rbarnes> w3c leadership / roessler suggested being conservative, going for 9 months
20:11:56 <hhalpin> But W3C felt that 9 months would be safe, and prevent us from revisiting this in case things slipped a bit.
20:12:26 <virginie> http://lists.w3.org/Archives/Public/public-webcrypto/2013Mar/0087.html
20:12:56 <rbarnes> intention is to remove the notion of "high-level" and just say "api"
20:12:59 <hhalpin> PROPOSAL: Extend charter by 9 months and delete word "high-level" from  "The mission of the Web Cryptography Working Group, part of the Security Activity, is to define a high-level API providing common cryptographic functionality to Web Applications."
20:13:03 <hhalpin> Just in case :)
20:13:09 <hhalpin> We can still deliver the high-level
20:13:13 <hhalpin> but...we don't have to!
20:13:14 <rbarnes> q+
20:13:26 <hhalpin> If we get end up focussing on low-level
20:14:54 <wseltzer> rbarnes: comment on removal of high-level; want to make sure we're clear that the audience for this API is general web developers, not those with degrees in crypto
20:15:00 <hhalpin> q+
20:15:03 <virginie> q?
20:15:07 <rbarnes> ack
20:15:09 <wseltzer> ... should still be the group's objective to produce something usable by ordinary web developers
20:15:12 <wseltzer> ack hhalpin
20:15:12 <rbarnes> ack rbarnes
20:16:17 <rsleevi> does not agree to Richard's statement of our deliverables/use case
20:16:20 <rbarnes> virginie: definitely, it's not a matter of making the API more complicated, still an objective to be usable by developers
20:16:51 <rsleevi> q?
20:16:58 <rsleevi> q+
20:17:11 <wseltzer> ack rsleevi
20:17:27 <hhalpin> Anyways, in IRC - tlr (Thomas Roessler, domain lead for Security Area) wants to make sure ordinary web developers are in audience, but he felt we needed to be very clear if we were promising to deliver a high-level or not.
20:17:43 <rbarnes> q+
20:18:01 <rbarnes> rsleevi: clearly our discussions focused on a low-level API, and we have an obligation to deliver on that
20:18:07 <hhalpin> I think tlr and some will be disappointed if we don't deliver that, but the WG is de-facto focussed on "low-level"
20:18:12 <virginie> q+
20:18:51 <wseltzer> rbarnes: some features of an API can make it easy for inexperienced developers to make mistakes
20:18:54 <virginie> ack rbarnes
20:18:56 <rsleevi> We should probably take this to the list for further discussion.
20:20:14 <hhalpin> there's a great thread on indexedDB going on www-tag@w3.org about "easy-to-use" if folks want to read up on it.
20:20:35 <rbarnes> virginie: we'll continue discussion on the list, focused on low-level; not much discussion of high-level
20:20:55 <Zakim> +[Apple]
20:21:10 <rbarnes> … so we will continue as planned: low-level, key discovery, maybe high-level
20:21:12 <hhalpin> We will keep the secondary features, but must be more use-case driven.
20:21:44 <virginie> q?
20:21:52 <virginie> ack virginie
20:22:23 <rbarnes> virginie: hearing rbarnes not as objection, just clarification, so hearing no objection to the proposal
20:22:26 <Zakim> -[Apple]
20:22:34 <hhalpin> I think Apple just dropped
20:22:37 <wseltzer> PROPOSAL: extend charter as proposed in email
20:22:46 <Zakim> +[Apple]
20:22:58 <hhalpin> +1
20:22:59 <virginie> PROPOSAL: Extend charter by 9 months and delete word "high-level" from  "The mission of the Web Cryptography Working Group, part of the Security Activity, is to define a high-level API providing common cryptographic functionality to Web Applications."
20:23:04 <wseltzer> [http://lists.w3.org/Archives/Public/public-webcrypto/2013Mar/0087.html]
20:23:08 <karen> +1
20:23:10 <rbarnes> +1
20:23:11 <markw_> +1
20:23:12 <rsleevi> +1
20:23:14 <ddahl> +1
20:23:15 <virginie> +1
20:23:15 <wseltzer> +1
20:23:17 <nvdbleek> +1
20:23:41 <hhalpin> RESOLVED: Extend charter by 9 months and delete word "high-level" from  "The mission of the Web Cryptography Working Group, part of the Security Activity, is to define a high-level API providing common cryptographic functionality to Web Applications."
20:24:10 <hhalpin> ACTION: wseltzer, hhalpin, and virgine make sure this is communicated to W3C
20:24:10 <trackbot> Error finding 'wseltzer,'. You can review and register nicknames at <http://www.w3.org/2012/webcrypto/track/users>.
20:24:15 <virginie> agenda?
20:24:23 <hhalpin> (I'll do that email now)
20:24:35 <Zakim> -rsleevi
20:24:35 <wseltzer> Topic: Report of IETF#86 JOSE/CFRG discussions
20:25:19 <wseltzer> rbarnes: I was at JOSE, not at CFRG
20:25:32 <wseltzer> ... JOSE is IETF group defining JSON- based object format
20:25:47 <wseltzer> ... instead of XML or ASN1, they're using JSON
20:26:04 <wseltzer> ... Perform a crypto op, algorightm ID, key, ciphertext or signature
20:26:15 <wseltzer> ... JOSE is a natural target for this API
20:26:29 <wseltzer> ... This group had talked to JOSE about wrapped key formats.
20:26:44 <wseltzer> ... WebCrypto API is producing a way to export wrapped keys;
20:26:55 <wseltzer> ... JWK format (JSON Web Key) is a JOSE format
20:27:05 <wseltzer> ... Right now, there's a syntax defined for public keys;
20:27:26 <wseltzer> ... in response to WebCrypto request, developing a format for private and symmetric keys, encrypting, defining attributes
20:27:32 <Andrew> Andrew has joined #crypto
20:27:38 <wseltzer> ... Agreement on what we were supposed to deliver.
20:27:50 <wseltzer> ... encode private and symm keys, encrypt, attach attribs
20:27:51 <hhalpin> +1 agreement that JOSE accepted the request from this WG :)
20:27:57 <wseltzer> ... Now, figuring out how to do that.
20:28:08 <wseltzer> ... Working on a draft now, proceeding relatively quickly.
20:28:19 <hhalpin> How about algorithm identifiers??
20:28:20 <wseltzer> ... Also work on encrypted signed objects
20:28:44 <wseltzer> ... CFRG what algorithms are appropriate to use in wrapped signed objects?
20:29:17 <wseltzer> ... Which algos will be possible in key-wrapping framework?
20:29:34 <vgb> q+
20:29:54 <wseltzer> virginie: Do you have any specific references or timeline to share?
20:30:16 <wseltzer> rbarnes: I was given an action by the WG to produce a combined draft
20:30:27 <wseltzer> ... will share a link when available.
20:30:51 <wseltzer> ... Timeline: loose, but expect to have a general idea of syntax in next 4-6 wks
20:31:16 <wseltzer> virginie: will you have anything to share by our next f2f?
20:31:28 <wseltzer> rbarnes: there will definitely be a publicly available draft
20:31:37 <wseltzer> ... Whether it's a WG draft depends on the WG
20:31:54 <wseltzer> ... not impossible we'd have a WG draft by f2f
20:31:56 <wseltzer> ack next
20:32:26 <wseltzer> vgb: When you talk about key-wrapping algorithms, is that a question of priorities, or will those not defined be forbidden?
20:32:41 <wseltzer> rbarnes: a bit of both. discussion largely around syntax
20:33:04 <wseltzer> ... 2 main design. taking current encrypted object format, and wrapping keys, or @@
20:33:59 <wseltzer> ... there's a good chance we'll end up needing both
20:34:08 <wseltzer> ... please share feedback on use cases with list.
20:34:24 <wseltzer> vgb: Approach 1: JWE, message is JWK
20:34:28 <rbarnes> 1. JWK within JWE, 2. JWE with empty message
20:34:33 <wseltzer> ... Approach 2: JWE with empty message
20:34:52 <markw_> q+
20:34:58 <wseltzer> ... strong desire in crypto community not to use AES keywrap
20:35:10 <wseltzer> ack next
20:35:37 <wseltzer> markw_: How would 2d approach handle using RSA key of arbitrary size?
20:35:53 <wseltzer> rbarnes: we'd need to add something like RSA-KEM
20:36:35 <markw_> s/key of arbitrary size/key to protect data of arbitrary size/
20:36:42 <wseltzer> virginie: rbarnes, how can we best coordinate with JOSE?
20:36:55 <wseltzer> rbarnes: I can post a message to JOSE list summarizing the group's feedback
20:37:07 <wseltzer> ... Members of the group can also post to the list, add use cases
20:37:41 <wseltzer> zakim, take up agenda4
20:37:41 <Zakim> agendum 4. "Web Crypto API" taken up [from virginie]
20:37:55 <wseltzer> Topic: Wrap/Unwrap
20:38:20 <rbarnes> mark: proposal was made to do wrap/unwrap using JWK within JWE
20:38:41 <rbarnes> … [draft-miller-jose-jwe-protected-jwk, or something like that]
20:38:51 <rbarnes> … haven't been that many contributions to that discussion
20:39:13 <rbarnes> q+
20:39:14 <virginie> http://lists.w3.org/Archives/Public/public-webcrypto/2013Mar/0076.html
20:39:18 <markw_> http://www.w3.org/2012/webcrypto/wiki/KeyWrap_Proposal
20:40:36 <rbarnes> rbarnes: got to wait for JOSE anyway, to get private/symmetric format; wrapping not too much more latency; just say "we'll use what JOSE produces"
20:40:46 <hhalpin> The proposal looks sensible to me, format issues aside.
20:41:10 <rbarnes> vgb: it would be good to understand the direction that JOSE is going to go
20:41:27 <rbarnes> markw: there are also some pure web crypto choices, not dependent on JOSE
20:42:25 <rbarnes> virginie: suggest that we have some additional discussion on this topic, hearing agreement that we're going to work with JOSE
20:43:29 <hhalpin> Ryan's concerns were just RSA-KEM it seemed...
20:43:51 <rbarnes> markw: would like to make as much progress as we can independent of the JOSE proposal
20:43:56 <hhalpin> +1
20:44:05 <rbarnes> … account for both cases, then just delete whichever one  they don't choose
20:45:07 <markw_> @hhalpin: as rbarnes just pointed out, 'something like RSA-KEM' is needed for approach 2
20:45:09 <rbarnes> virginie: would like to report here what the editor already mentioned: In order to shape a high-level API, we need use cases
20:45:25 <rbarnes> … what kind of service do we want to create?
20:45:55 <ddahl> q+
20:46:01 <rbarnes> ack rbarnes
20:46:04 <vgb> rbarnes: Nobody implements KEM :) Windows does not, OpenSSL doesn't either AFAIK, etc.
20:46:42 <rbarnes> ddahl: recent discussions in mozilla, we're focusing on low-level; high-level on the back burner
20:48:01 <rbarnes> virginie: certificate discovery has moved to the top of the priority list among secondary features
20:48:53 <rbarnes> … we may end up getting a milestone to do a certificates API; low-priority for now, but want to allow contributions
20:49:00 <rbarnes> q+
20:49:11 <ddahl> q-
20:49:17 <virginie> ack ddahl
20:49:30 <mountie> mountie has joined #crypto
20:49:56 <rbarnes> rbarnes: might be nice for key discovery and cert discovery to be similar to each other
20:50:07 <rbarnes> ack rbarnes
20:50:27 <virginie> http://lists.w3.org/Archives/Public/public-webcrypto/2013Mar/0029.html
20:50:33 <rbarnes> virginie: next question: bignum
20:50:47 <rbarnes> … not sure how this integrates with our current work, but at least we have a proposal
20:51:10 <rbarnes> vgb: this is probably a better question for tony; he has the use cases
20:51:19 <rbarnes> … harry captured several of them accurately in the email thread
20:51:34 <rbarnes> … there are some newer crypto algorithms that could benefit from a low-level primitive of this type
20:51:45 <rbarnes> … could provide some new types of security properties
20:52:44 <hhalpin> re BigNum, we could do a dedicated call to it...
20:53:06 <virginie>  Registration is open http://lists.w3.org/Archives/Public/public-webcrypto/2013Mar/0085.html
20:53:15 <rbarnes> virginie: registration for f2f is open, see link
20:53:35 <rbarnes> … hosted by paypal at their HQ, overlap with webappsec and html
20:54:00 <rbarnes> … please register on the questionnaire whether you can attend 23/24 april
20:54:08 <rbarnes> … no formal joint meeting planned with webappsec
20:54:29 <wseltzer> [Please register, or indicate if you can't attend: https://www.w3.org/2002/09/wbs/54174/webcrypto-april-2013/ ]
20:54:30 <rbarnes> … nobody asked; maybe not enough synergy
20:54:45 <wseltzer> s/can't attend/want to participate remotely/
20:55:13 <rbarnes> … objective to progress seriously on the low-level API
20:55:20 <rbarnes> … please give it a good read and make sure it fits your expectations
20:55:38 <rbarnes> … we will also look at key discovery, HL API use cases, cert discovery, bignum
20:55:43 <rbarnes> … in priority order
20:55:51 <rbarnes> … will suggest an agenda in 1-2 weeks
20:56:17 <rbarnes> … who will be at the f2f?
20:56:19 <jyates> +1
20:56:24 <virginie> +1 for going to the F2F meeting
20:56:25 <ddahl> +1
20:56:26 <mountie> +1
20:56:26 <wseltzer> +1
20:56:27 <rsleevi> +1
20:56:29 <karen> +1
20:56:33 <vgb> +0.9
20:56:34 <Andrew> +0.5 (24th only)
20:56:34 <markw_> +1
20:56:36 <mountie> 4 members from Korea
20:56:51 <ddahl> mountie: cool
20:57:01 <rbarnes> q+
20:57:47 <hhalpin> I think we were not having requirement levels
20:59:41 <wseltzer> [next IETF: July 28 - August 2, 2013, Berlin]
21:00:06 <rbarnes> virginie: if we need more intensive synchronization, we might schedule something near the IETF meeting, or send an "official delegation"
21:00:39 <Zakim> -vgb
21:00:41 <Zakim> -rbarnes
21:00:42 <Zakim> -jyates
21:00:42 <Zakim> -Karen
21:00:43 <Zakim> -ddahl
21:00:44 <Zakim> -[Apple]
21:00:47 <Zakim> -nvdbleek?
21:00:48 <Zakim> -hhalpin
21:00:48 <Zakim> -Netflix
21:00:49 <Zakim> -markw_
21:01:03 <Zakim> -wseltzer
21:01:03 <hhalpin> trackbot, end meeting
21:01:03 <trackbot> Zakim, list attendees
21:01:04 <Zakim> As of this point the attendees have been +1.857.928.aaaa, ddahl, +1.703.284.aabb, rbarnes, rsleevi, +1.512.257.aacc, markw_, vgb, Karen, wseltzer, hhalpin, nvdbleek?, mitchz,
21:01:04 <Zakim> ... skelly, virginie?, jyates, scottk__netflix, [Apple]
21:01:11 <trackbot> RRSAgent, please draft minutes
21:01:11 <RRSAgent> I have made the request to generate http://www.w3.org/2013/03/18-crypto-minutes.html trackbot
21:01:12 <trackbot> RRSAgent, bye
21:01:12 <RRSAgent> I see 1 open action item saved in http://www.w3.org/2013/03/18-crypto-actions.rdf :
21:01:12 <RRSAgent> ACTION: wseltzer, hhalpin, and virgine make sure this is communicated to W3C [1]
21:01:12 <RRSAgent>   recorded in http://www.w3.org/2013/03/18-crypto-irc#T20-24-10