W3C

- DRAFT -

Web Cryptography Working Group Teleconference

16 Sep 2013

See also: IRC log

Attendees

Present
mete, +1.617.253.aaaa, Wendy, +1.512.257.aabb, +1.408.540.aacc, virginie, markw, jyates, +1.540.809.aadd, kodonog, +1.650.275.aaee, Virginie_Galindo, +1.512.257.aaff, +1.415.294.aagg, MichaelH, arunranga, jimschaad, bryaneyler, israelh, [IPcaller]
Regrets
Chair
Virginie_Galindo
Scribe
MichaelH

Contents


<virginie> good evening/afternoon cryptoz

<mete> good evening virginie

<wseltzer> trackbot, prepare teleconf

<trackbot> Date: 16 September 2013

<kodonog> zakim aadd is kodonog

<virginie> proposed agenda http://lists.w3.org/Archives/Public/public-webcrypto/2013Sep/0039.html

<wseltzer> scribenick: MichaelH

Introduction

Review of actions and issues

<virginie> http://www.w3.org/2012/webcrypto/track/actions/open

<wseltzer> ACTION-64?

<trackbot> ACTION-64 -- Ryan Sleevi to Add SEED to WebCrypto API -- due 2012-11-09 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/64

<rsleevi> sorry, having phone difficulties atm

rsleevi: No plans to implement SEED

<arunranga> Correct, no plan to implement SEED in FxOS right now.

rsleevi: SEED bad algorithm
... no likely to be included in Chrome
... just won't put it in

<arunranga> My recommendation is to close this.

rsleevi: proposal to close

<wseltzer> Proposal: close ACTION-64, no implementation expected

<wseltzer> ACTION-73?

<trackbot> ACTION-73 -- Harry Halpin to Ask for a formal review of WebApps and HTML -- due 2013-01-28 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/73

Virginie: Ping back end of this month
... close

<wseltzer> close ACTION-74, expecting to hear back from PING next

<wseltzer> trackbot, close ACTION-74, expecting to hear back from PING next

<trackbot> Sorry, wseltzer, I don't understand 'trackbot, close ACTION-74, expecting to hear back from PING next'. Please refer to <http://www.w3.org/2005/06/tracker/irc> for help.

<wseltzer> trackbot, close ACTION-74

<trackbot> Closed ACTION-74.

<wseltzer> ACTION-76?

<trackbot> ACTION-76 -- Harry Halpin to Schedule call about registry, due 4/15 -- due 2013-03-11 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/76

<wseltzer> ACTION-80?

<trackbot> ACTION-80 -- Karen Lu to Write up use case for the pre-provisioned key discovery use case -- due 2013-04-30 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/80

Virginie: Keep it open

<wseltzer> close ACTION-80

<trackbot> Closed ACTION-80.

<wseltzer> ACTION-81?

<trackbot> ACTION-81 -- Ryan Sleevi to Describe we're not storing key material itself in IDB -- due 2013-04-30 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/81

<wseltzer> close ACTION-81

<trackbot> Closed ACTION-81.

rsleevi: Done

<wseltzer> ACTION-82?

<trackbot> ACTION-82 -- Vijay Bharadwaj to Write sentence about how structured clone relates to different types of key storage and that that key storage may have high-security implications (not in our spec!) -- due 2013-04-30 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/82

Virginie: Ryan do we have anything about cloning

rsleevi: Don't know

<wseltzer> ACTION-84?

<trackbot> ACTION-84 -- Richard Barnes to Vgb and jimsch to discuss key generation/derivation/agreement -- due 2013-05-21 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/84

<wseltzer> close action-84

<trackbot> Closed action-84.

Virginie: Discussion finished?

<wseltzer> ACTION-86?

<trackbot> ACTION-86 -- Richard Barnes to Make a proposal for an explicit auto generation token for IV -- due 2013-05-28 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/86

rsleevi: Yes, close it

<wseltzer> ACTION-88?

<trackbot> ACTION-88 -- Ryan Sleevi to Review syntactic sugar overloads for taking (ArrayBuffer and ArrayBufferView) -- due 2013-04-30 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/88

virginie: Anybody know anything about 86?

<wseltzer> close action-88

<trackbot> Closed action-88.

<wseltzer> action-89?

<trackbot> action-89 -- Ryan Sleevi to And israelh to work more on Streams API in joint with Futures API -- due 2013-04-30 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/89

<arunranga> This one ^^ is open in multiple working groups.

virginie: Is 89 complete?

Israelh: No, more work needed

<wseltzer> action-91?

<trackbot> action-91 -- Mark Watson to Clarify how public/private key pairs are retrieved with respect to naming -- due 2013-05-01 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/91

virginie: OK to close due to two names

<wseltzer> ACTION-96?

<trackbot> ACTION-96 -- Ryan Sleevi to Include statement about web platform in the doc -- due 2013-05-01 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/96

markw: No still open

virginie: Is 96 complete?

<wseltzer> ACTION-98?

<trackbot> ACTION-98 -- Ryan Sleevi to Get review of dictionary/WebIDL problem from TAG and/or WebApps -- due 2013-05-20 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/98

rsleevi: Issue should be resolved, but keep open for now

<wseltzer> close ACTION-98

<trackbot> Closed ACTION-98.

<wseltzer> close ACTION-99

<trackbot> Closed ACTION-99.

<wseltzer> close ACTION-103

<trackbot> Closed ACTION-103.

<wseltzer> action-104?

<trackbot> action-104 -- Mountie Lee to Usability of Web Crypto Key Discovery by Korean banking use case -- due 2013-06-03 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/104

<wseltzer> ACTION-105?

<trackbot> ACTION-105 -- Nick Van Den Bleeken to Usability of Web Crypto Key Discovery by belgium eID use case -- due 2013-06-03 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/105

<wseltzer> ACTION-106?

<trackbot> ACTION-106 -- Virginie GALINDO to Key Discovery - Use Case for multi keys on a single device -- due 2013-07-29 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/106

<wseltzer> close action 106

<wseltzer> ACTION-107?

<trackbot> ACTION-107 -- Harry Halpin to With markw to make sure it goes through WD via W3C TR -- due 2013-07-29 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/107

<wseltzer> close action-107

<trackbot> Closed action-107.

<wseltzer> close action-108

<trackbot> Closed action-108.

<wseltzer> ACTION-109?

<trackbot> ACTION-109 -- Ryan Sleevi to Submit the W3C Web Crypto WG API to public-script-coord -- due 2013-08-15 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/109

virginie: Ryan, improvements made?

<wseltzer> ACTION-110?

<trackbot> ACTION-110 -- Alex Russell to Ask TAG review on Web Crypto API -- due 2013-08-15 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/110

<wseltzer> ACTION-111?

<trackbot> ACTION-111 -- Mountie Lee to Update the Web Certificate API based on comments received by the WG -- due 2013-09-16 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/111

rsleevi: that' correct

<wseltzer> ACTION-112?

<trackbot> ACTION-112 -- Sangrae Cho to Bring in the WG some browser experiment of SOP exception for Web Certificate management -- due 2013-09-16 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/112

<wseltzer> close action-113

<trackbot> Closed action-113.

Most of it!

<wseltzer> [open issues: http://www.w3.org/2012/webcrypto/track/issues/open ]

virginie: Talk about blocking issues

<wseltzer> ISSUE-9?

<trackbot> ISSUE-9 -- what will be the mean to integrate in the API the fact that key usage may need user consent ? -- open

<trackbot> http://www.w3.org/2012/webcrypto/track/issues/9

virginie: Where are we?

rsleevi: No idea what this means

virginie: User confirms operation

rsleevi: Out of scope

+q

<wseltzer> PROPOSAL: Close ISSUE-9 unless objections raised on-list

<wseltzer> ISSUE-10?

<trackbot> ISSUE-10 -- Making sure our API is usable with pure js environement -- open

<trackbot> http://www.w3.org/2012/webcrypto/track/issues/10

rsleevi: Early discussions

<jimsch> Issue 9 - want to be able to pass a string from the script to the key access system for dipslay

MichaelH: Does it not still apply
... Korean use case?

virginie: Not going to address
... Issue 9 no conclusion
... Issue 12 no conclusion

<wseltzer> ISSUE-28?

<trackbot> ISSUE-28 -- Short-names for algorithms -- open

<trackbot> http://www.w3.org/2012/webcrypto/track/issues/28

virginie: Issue 28 As a working group decided to address it
... Should be closed

<wseltzer> PROPOSAL: Close ISSUE-28

<wseltzer> ISSUE-32?

<trackbot> ISSUE-32 -- Section 5.2 in API draft should mention use of secure element in the context of key security -- open

<trackbot> http://www.w3.org/2012/webcrypto/track/issues/32

virginie: Issue 32 Covered several times

<wseltzer> PROPOSAL: Close ISSUE-32

<wseltzer> ISSUE-35?

<trackbot> ISSUE-35 -- Handling of wrap/unwrap operations -- open

<trackbot> http://www.w3.org/2012/webcrypto/track/issues/35

virginie: Close by email in coming weeks
... Issue 35 Still pending extract

<wseltzer> ISSUE-36?

<trackbot> ISSUE-36 -- Semantics for key generation versus key derivation -- open

<trackbot> http://www.w3.org/2012/webcrypto/track/issues/36

virginie: Issue 36 Addressed by Vijay proposal

rsleevi: No directly by Vijay, but combination of propoisals

<wseltzer> ISSUE-43?

<trackbot> ISSUE-43 -- Separate method for key agreement -- open

<trackbot> http://www.w3.org/2012/webcrypto/track/issues/43

virginie: Issue 43 Related to 74

<wseltzer> ISSUE-44?

<trackbot> ISSUE-44 -- Require creation of random IVs by default for CBC, CFB, GCM -- open

<trackbot> http://www.w3.org/2012/webcrypto/track/issues/44

virginie: Issue 44 Related to IV

rsleevi: We said close this

virginie: Some topics keeping this open
... Today extractablity

<rsleevi> https://www.w3.org/bugzilla_public/buglist.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document

virginie: Anybody having issue?
... Use bugzilla to track

Review of action and issue

Web Crypto API

virginie: Clear demand from Netflix for UA to maintain the attribute for special case of JWT
... Microsoft supported this
... Google (ryan) not a fan of proposal
... other people want to comment?
... write a sentence in the spec to describe attributes for this?

<Zakim> arunranga, you wanted to make a suggestion

arunranga: Extractability has value
... service provider needs security
... propose JWK be a distint specification
... keep if out of WebCrypto API

virginie: Jim suggest an alternate approach

rsleevi: Jim proposal similar to one I made earlier
... usage of SE, Smart card, painting ourselves into a corner
... ryan "Can you paste those into the irc?"
... Set of undefined attributes
... key format describes attributes

<rsleevi> Will mail those to the list, as discussed

ryan: thanks!

jimsch: Don't believe that will be sufficient
... I know what happens for RSA and symettric key unwrap
... but other key types are not well understood
... Operations are divided
... into multiple operations

markw: Ryan suggestion is good
... allows us to move forward
... future updates can be made when needed

<arunranga> So I think rsleevi said what I was saying, but better

ryan: The description of the problem with multiple key usages is not clear
... only netflix has requested this; go for min solution
... until we get more complete use cases

virginie: We may have a consenus

<Zakim> rsleevi, you wanted to respond to jimsch

virginie: get ryan to generate a written proposal
... group to review

@wseltzer ACTION?

<virginie> http://lists.w3.org/Archives/Public/public-webcrypto/2013Jul/0070.html

introduction

Web Crypto Key Discovery

<wseltzer> MichaelH: use case for multiple keys on a single device

<wseltzer> ... home automation system

<wseltzer> ... see email: http://lists.w3.org/Archives/Public/public-webcrypto/2013Jul/0070.html

<wseltzer> ACTION, MichaelH to make proposal to amend API

<wseltzer> ACTION: MichaelH to make proposal to amend API [recorded in http://www.w3.org/2013/09/16-crypto-minutes.html#action01]

<trackbot> Error finding 'MichaelH'. You can review and register nicknames at <http://www.w3.org/2012/webcrypto/track/users>.

<wseltzer> ACTION: Michael Hutchinson to make proposal to amend API [recorded in http://www.w3.org/2013/09/16-crypto-minutes.html#action02]

<trackbot> 'Michael' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., MHutchinson, mjones7).

<arunranga> +1 Viriginie

<wseltzer> ACTION: MHutchinson to make proposal to amend API [recorded in http://www.w3.org/2013/09/16-crypto-minutes.html#action03]

<trackbot> Created ACTION-114 - Make proposal to amend api [on Michael Hutchinson - due 2013-09-23].

virginie: Please register

<wseltzer> [TPAC 2013: http://www.w3.org/2013/11/TPAC/ ]

@wseltzer <http://www.w3.org/2012/webcrypto/track/users>.DOCUMENT NOT FOUND

<wseltzer> [early-bird registration until 18 Oct; get your visa invitation letters if necessary ]

scribe: Any topic please mention it early!

<rsleevi> +1 to attending to TPAC

<mete> +1

<markw> +1

<kodonog> +1

<wseltzer> +1

<jimsch> +0 Status is currently unknown

<israelh> +1

+0

<virginie> +1

<rsleevi> I said I'm attending

scribe: Just try and stop him!
... Visa could be an issue

<hhalpin_> +1

scribe: so get your request in early

Next call in 2 weeks

Web Certificate API

<hhalpin_> If you submit your registration and email Beihang for a visa letter, you will get I believe by Sept 30th.

<hhalpin_> Also, note next call Dan Boneh wants some time for his review of the API.

scribe: MichaelH please get proposal in so we can review that

<mete> bye

@wseltzer close scibe?

<wseltzer> trackbot, end teleconf

@wseltzer thanks!

Summary of Action Items

[NEW] ACTION: MHutchinson to make proposal to amend API [recorded in http://www.w3.org/2013/09/16-crypto-minutes.html#action03]
[NEW] ACTION: Michael Hutchinson to make proposal to amend API [recorded in http://www.w3.org/2013/09/16-crypto-minutes.html#action02]
[NEW] ACTION: MichaelH to make proposal to amend API [recorded in http://www.w3.org/2013/09/16-crypto-minutes.html#action01]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.136 (CVS log)
$Date: 2013-09-16 21:13:12 $