19:50:09 RRSAgent has joined #crypto 19:50:09 logging to http://www.w3.org/2014/01/27-crypto-irc 19:51:22 Zakim has joined #crypto 19:52:04 Zakim, what conferences do you see ? 19:52:04 I see no active conferences 19:52:05 scheduled at this time are RWC_Audio()2:00PM, W3C_DOCS()2:00PM, XML_CG()3:00PM, WAI_PFWG(A11Y)3:00PM 19:52:36 terri has joined #crypto 19:53:12 Zakim, this is crypto 19:53:12 sorry, virginie, I do not see a conference named 'crypto' in progress or scheduled at this time 19:54:38 Zakim, this is SEC_WebCryp 19:54:38 sorry, virginie, I do not see a conference named 'SEC_WebCryp' in progress or scheduled at this time 19:55:06 trackbot, prepare teleconf 19:55:08 RRSAgent, make logs public 19:55:10 Zakim, this will be CRYPT 19:55:10 I do not see a conference matching that name scheduled within the next hour, trackbot 19:55:11 Meeting: Web Cryptography Working Group Teleconference 19:55:11 Date: 27 January 2014 19:55:24 zakim, space for 20 at 1500? 19:55:27 ok, wseltzer; conference Team_(crypto)20:00Z scheduled with code 26632 (CONF2) at 15:00 for 60 minutes until 2100Z 19:55:48 agenda? 19:55:54 agenda+ welcome 19:56:04 agenda+ status on web crypto API 19:56:29 wseltzer has changed the topic to: WebCrypto conference code 26632 19:57:32 Team_(crypto)20:00Z has now started 19:57:37 MichaelH has joined #crypto 19:57:39 Team_(crypto)20:00Z has ended 19:57:40 Attendees were 19:58:49 jimsch has joined #crypto 19:59:01 Team_(crypto)20:00Z has now started 19:59:11 +Virginie_Galindo 19:59:58 markw has joined #crypto 19:59:58 +??P3 19:59:59 hi all, please join the call on the usual number but use the code 26632 (CONF2) 20:00:30 +[Netflix] 20:00:31 +terri 20:00:50 Zakim, [Netflix] is me 20:00:56 +markw; got it 20:01:34 +[IPcaller] 20:01:53 Zakim, who is on the phone ? 20:01:53 On the phone I see Virginie_Galindo, ??P3, markw, terri, [IPcaller] 20:01:55 zakim, [ipcaller] is jimsch 20:01:55 +jimsch; got it 20:02:02 Zakim, who is on the phone ? 20:02:02 On the phone I see Virginie_Galindo, ??P3, markw, terri, jimsch 20:02:11 rbarnes has joined #crypto 20:02:19 zakim, who is on the phone? 20:02:19 On the phone I see Virginie_Galindo, ??P3, markw, terri, jimsch 20:02:30 zakim, ??P3 is me 20:02:30 +rbarnes; got it 20:02:52 hhalpin has joined #crypto 20:03:04 Zakim, what's the code? 20:03:04 the conference code is 26632 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), hhalpin 20:03:16 Zakim, this is crypt 20:03:16 hhalpin, this was already Team_(crypto)20:00Z 20:03:18 ok, hhalpin; that matches Team_(crypto)20:00Z 20:03:43 +Karen 20:03:58 Zakim, what's the code? 20:03:58 the conference code is 26632 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), hhalpin 20:04:19 Zakim, who is on the phone ? 20:04:19 On the phone I see Virginie_Galindo, rbarnes, markw, terri, jimsch, Karen 20:04:22 +[IPcaller] 20:04:23 rsleevi has joined #crypto 20:04:31 Zakim, IPcaller is hhalpin 20:04:31 +hhalpin; got it 20:04:33 karen_ has joined #crypto 20:05:07 -rbarnes 20:05:23 +??P3 20:05:31 + +1.650.275.aaaa 20:05:37 zakim, i am ??P3 20:05:37 +rbarnes; got it 20:05:43 agenda? 20:06:01 agenda+ milestones for the last call 20:06:18 agenda+ workshop on hardaware token 20:06:25 agenda+ Any other buisness 20:06:40 Zakim, who is on the phone ? 20:06:40 On the phone I see Virginie_Galindo, markw, terri, jimsch, Karen, hhalpin, rbarnes, +1.650.275.aaaa 20:08:28 agenda? 20:08:31 how do you do the scribe nick thing? 20:09:52 markw: suggest discussing a f2f in March 20:09:53 agenda+ F2F meeting? 20:09:57 Scribenick: rbarnes 20:10:06 virginie: good point 20:10:35 malaclyps has joined #crypto 20:10:36 Note that I've sent the request to co-ordinate Bugzilla to mailing list to our Systems Team 20:10:39 we should have an answer shortly 20:10:51 markw: went through the 15 bugs that virginie had identified 20:11:14 ... several have been discussed and can be closed; proposed resolutions ahead of this meeting 20:11:33 ... proposed fixes are in the ED of 24 jan 20:11:45 https://www.w3.org/Bugs/Public/buglist.cgi?quicksearch=web%20cryptography 20:12:14 ... opened a new bug to flesh out algorithm descriptions 20:12:29 https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html 20:12:51 virginie: what would be helpful here? do you think that you authors will be able to finish everything soon? 20:13:18 markw: would be helpful to visit issues marked as OPEN 20:13:41 ... the resolutions for most are minimal; the new bug is more substantial 20:14:21 Zakim, mute karen_ 20:14:21 sorry, hhalpin, I do not know which phone connection belongs to karen_ 20:14:29 Zakim, who's making noise? 20:14:43 hhalpin, listening for 10 seconds I heard sound from the following: Virginie_Galindo (82%), markw (4%), Karen (31%), rsleevi (8%) 20:14:47 Zakim, mute karen 20:14:47 Karen should now be muted 20:14:47 Zakim, mute Karen 20:14:48 Karen was already muted, hhalpin 20:15:30 reviewing https://www.w3.org/Bugs/Public/show_bug.cgi?id=20611 20:16:31 Reviewing https://www.w3.org/Bugs/Public/show_bug.cgi?id=22570 20:16:41 rbarnes: how is tag put in according to the current spec? need to have something 20:16:42 +0 20:16:55 rsleevi: pkcs11-style, appended to the ciphertext 20:17:01 current construct for AEAD is Input = (Ciphertext)+(Tag), output = (Ciphertext)+(Tag) 20:17:27 sounds good to me, don't see how that can go wrong 20:17:33 +q 20:17:47 23831reviewing https://www.w3.org/Bugs/Public/show_bug.cgi?id=23831 20:18:16 Back to broken crypto, but SHA-1 is used a lot 20:18:17 jimsch: should acknowledge that SHA1 is used sufficiently widely 20:18:23 q- 20:18:25 +1 20:18:27 I'm happy to add it along with some kind of warning 20:18:33 hhalpin: There's no need for "warning" 20:18:34 +1 to adding a warning 20:18:41 markw: any other opinions? 20:18:48 hhalpin: as long as there's some warning text 20:19:03 rsleevi: not necessary, e.g., HMAC-MD5 is not affected 20:19:13 ... weaknesses of SHA1 do not affect HMAC-SHA1 20:19:15 note that the bug to be reviewed can also be seen under http://lists.w3.org/Archives/Public/public-webcrypto/2014Jan/0039.html 20:19:17 Thought it was SHA1 in general 20:19:26 markw: will add SHA1 to recommended algorithms, with no warning 20:19:41 @hhalpin: See rfc6151 Sect 2.3 for the discussion of HMAC-MD5 construction 20:19:43 perhaps a note that it is not affected would be helpful, but I guess not necessary 20:20:03 reviewing https://www.w3.org/Bugs/Public/show_bug.cgi?id=23445 20:20:05 reviewing https://www.w3.org/Bugs/Public/show_bug.cgi?id=23445 20:20:11 q+ 20:20:35 markw: propose just adding an implementor note re: conversion to form with a sign bit 20:20:46 rsleevi: agree with adding the clarification, but think it should be normative 20:21:16 +1 normative if it's a place for possible divergence 20:21:16 markw: the fact that it's an unsigned integer is normative, so it's not ambiguous in the spec 20:21:44 rsleevi: speaking from an implementor side, there is ambiguity 20:22:19 markw: just to be clear, there can be an arbitrary number of leading zeros with the current spec 20:22:25 ... do you think it's necessary to restrict that? 20:22:42 rsleevi: yes, should require the most compact form 20:23:34 q_ 20:23:36 q+ 20:23:52 rbarnes: seems sensible to put the requirement on BigIntegers produced by the API, while requiring the API to be tolerant of leading zeros 20:24:15 jimsch: cautious of requiring things to be minimum-length, since it's sometimes easier to have fixed-length buffers 20:24:36 markw: do you mean within UA or JS? 20:24:39 jimsch: JS 20:24:43 q- 20:24:54 markw: so requiring API to be tolerant would address that 20:25:17 reviewing https://www.w3.org/Bugs/Public/show_bug.cgi?id=23500 20:25:21 markw: everyone OK with requiring API to produce most compact, but tolerate leading zeros? 20:25:24 rbarnes: yep 20:26:09 The raw AES came from Boneh 20:26:12 markw: discuss this now, or continue on the list? 20:26:39 reviewing https://www.w3.org/Bugs/Public/show_bug.cgi?id=23729 20:26:59 markw: seems like there's agreement to use DOMStrings, will work on implementing that 20:27:08 BUG 23503? 20:27:14 reviewing https://www.w3.org/Bugs/Public/show_bug.cgi?id=23503 20:27:30 markw: had some discussions, seems like there's not an immediate need for extensibility 20:28:07 rsleevi: the only change we'll be making to named curves is going from enum to DOMString 20:28:14 q? 20:28:16 ... makes it easier to add new named curves 20:28:26 markw: are there any other enums lurking around? 20:28:51 rsleevi: key type (pub/priv/secret) and key format (pkcs8/jwk/...) 20:28:57 ... maybe should just change all to DOMString 20:29:28 ... impact is just that we have to say how unknown DOMStrings are handled 20:30:05 markw: will create a new bug for enum->DOMString conversion in general 20:30:09 q+ 20:31:03 MichaelH: for things like padding, how do you change the DOMString? 20:31:20 rsleevi: the change from enum to DOMString does not change the process for extending the API. they're all spec updates 20:31:28 q+ 20:31:44 q- 20:32:19 q? 20:32:22 MichaelH: does adding a new algorithm require updating the spec? 20:32:26 rsleevi: yes, it always has 20:32:32 reviewing https://www.w3.org/Bugs/Public/show_bug.cgi?id=23495 20:32:42 Note that we can't update the spec per se after going to Last Call, but I imagine we'll start a 1.1 WD and continue the WG 20:32:54 q? 20:32:55 so having the group add a new algorithm is possible as long as WG is running 20:33:24 q- 20:33:25 anders has joined #crypto 20:33:28 @Richard: Requiring spec updates has worked just fine for every other deployed WebAPI :) 20:34:08 @rsleevi: other specs don't have as many variants and nation-defined parameters. don't want to have those fights 20:34:11 https://www.w3.org/Bugs/Public/show_bug.cgi?id=24410 20:34:32 virginie: any objection to implementing these plans, then going to LC 20:34:46 I'd like a time estimate from the editors 20:34:49 @rbarnes: Luckily, few UAs care about those variants and nation-defined parameters. That said, three compat implementations = ship it = fine by me 20:34:49 if they have any idea 20:35:08 q+ 20:35:17 q+ 20:35:23 q+ 20:35:44 q+ 20:35:46 jimsch: when we say "LC", do we mean LC within this group? how long does it last? 20:35:51 Last Call -> Call for Implementations 20:35:57 q- 20:36:21 hhalpin: LC is the LC for public comment, usually give that 6 months, hopefully with implementation continuing 20:36:30 ... any comments we have to address or explain why they're out of scope 20:36:54 ... we usually advertise a lot during that period 20:37:04 q- hhalpin 20:37:20 Last Call -> PR -> CR -> Rec 20:37:25 rsleevi: harry skipped a step in the process; call for implementations follows LC 20:37:33 ... spec may change based on implementation experience 20:37:34 Actually I mentioned that Ryan :) 20:37:56 However, after Last Call we don't have to take comments from the entire Internet and can focus on test-suites/implementation 20:37:58 q? 20:38:48 How about 1 month? 20:38:52 ... would like to give the WG a chance to review before LC 20:38:59 ... skeptical about that getting done in even 1 week 20:39:16 virginie: can we expect a new version on 10 Feb? 20:39:24 How about end of February? 20:39:32 For actual transition 20:39:40 markw: to address today's bugs by end of Feb would not be a problem; 24410 might be doable 20:40:08 ... agree that we need to give WG members a few days to review 20:40:22 s/a few days/more than a few days/ 20:40:52 virginie: so how about a 6 week timeline, with 4 weeks edit, 2 weeks WG review? 20:40:53 q+ 20:40:56 markw: ok with me 20:41:37 Hitting Last Call at IETF would help review 20:41:40 Do we need to address tag feedback? 20:41:44 since we could then discuss with everyone at IETF 20:41:53 TAG feedback can be addressed in Last Call period 20:41:54 virginie: we can re-evaluate the WG review timeline once the new version is out 20:42:16 q? 20:42:35 q+ 20:42:37 hhalpin: hitting LC right before/after the IETF could be helpful, since we could advertise there 20:42:58 Note as regards CR/PR distinction, yep its WD->Last Call->CR->PR->Rec 20:42:59 @hhalpin: I don't see a lot of value either way 20:43:12 CR is for implementers and PR is for AC review 20:43:24 rsleevi: other specs typically do one push per bug 20:43:45 @hhalpin: i agree with rsleevi, not much different 20:44:18 markw: will certainly be one commit per bug, question is whether to push them all at once 20:44:26 rsleevi: tend to batch push, say at the end of the day 20:44:30 Well, if we wait around till say March or April to hit Last Call, we are slipping and it seems like we want to get most of our review in before summer break 2014 hits 20:45:10 agenda? 20:45:56 virginie: this is a different, long-term topic 20:46:14 ... in december, there was an idea to have a workshop on integrating hardware into webcrypto 20:46:47 ... some folks have said that h/w tokens might be too limited 20:47:01 ... maybe discuss "trusted things" generally (h/w or s/w) 20:47:04 q+ 20:47:08 q+ 20:47:53 ... what feedback to people have? 20:48:02 q- 20:48:02 q+ 20:48:20 terri: is this related to discussion of h/w tokens on sysapps 20:48:35 http://lists.w3.org/Archives/Public/public-webcrypto-comments/2013Dec/0004.html 20:48:47 virginie: not really, this is about web crypto specifically, since h/w was ruled out of scope earlier 20:49:15 ... sys apps work is more raw access 20:49:36 We'll keep tabs and co-ordinate, depending on how implementaiton goes 20:49:37 q- 20:49:55 hhalpin: we will coordinate with sys apps, and other parts of the w3c 20:50:18 ... important not to have the workshop too early, since we want to have the main spec more or less out of the woods 20:50:25 ... that would probably put it in the latter half of 2014 20:50:43 ... workshop would not change the charter of the WG or the initial spec, more about long-term vision 20:51:25 ... having that discussion early could help smooth things out in the WG 20:51:31 i.e. start discussion early, but implement one thing at a time :) 20:52:30 rbarnes: would be useful to have a workshop and see if we can do something here 20:52:44 ... US DHS is very interested in using their existing PIV credentials with web apps 20:52:53 ... BBN might have some experiments to talk about soon 20:53:29 virginie: not hearing anyone calling for the more general "trusted thing" scope. will come back for more details 20:53:52 ... now, should we have a f2f in march? 20:53:54 Who is at IETF? 20:54:04 @hhalpin: i will be at ietf 20:54:14 Not I 20:54:19 ... focus of f2f would probably be future work 20:54:48 I would come to an F2F 20:54:57 ... maybe if people are going to be at IETF, we could have at least, say a half day 20:55:01 We could do any last minute Last Call bug discussion and then think about Workshop scoping 20:55:56 -1 20:55:58 +1 (happy with a f2f or informal f2f) 20:56:00 +1 20:56:03 show of hands: would you attend a WebCrypto f2f during the week prior to IETF week ? 20:56:06 +1 20:56:12 +1 20:56:15 -0 (unknown, but seems unlikely) 20:56:25 -0 20:56:42 Doing it day before STRINT may make sense, keep it one day I think 20:56:43 virginie: 1-day or 2-day f2f? 20:56:48 1 20:56:51 @hhalpin: i was just going to suggest that 20:56:55 1 20:56:58 1 20:57:20 https://www.w3.org/2014/strint/ 20:57:23 That puts us on Feb 27th 20:57:44 q+ 20:57:55 virginie: will see if i can organize this during that week, see if we can have a location 20:57:56 q- 20:58:21 hhalpin: w3c has decided that during the korean WWW conference, they will be doing a web crypto session in the developer track 20:58:43 As regards Korea, we'll be doing a developer session in Korea in April on WebCrypto 20:58:45 virginie: so we will try to make something happen on the 27th of february 20:58:50 ... any other business? 20:58:50 q+ 20:59:00 24410 20:59:05 markw: please look at 24410 and the proposal there 20:59:13 https://www.w3.org/Bugs/Public/show_bug.cgi?id=24410 20:59:18 ... it's going to be a lot of work, don't want to start unless we agree 20:59:43 rsleevi: a little nervous with what's been proposed; don't know if it will be sufficient to do what you've proposed 21:00:14 +1 rbarnes 21:00:26 rbarnes: maybe do one of these things so we know what you're really talking about 21:00:41 to repeat rbarnes, "Can you give one iteration before we begin going through all of these?" 21:00:51 rsleevi: have attempted to fully specify one or two, maybe compare/contrast 21:01:10 virginie: next call in two weeks 21:01:57 -Karen 21:02:04 -jimsch 21:02:06 -Virginie_Galindo 21:02:07 -rsleevi 21:02:12 -terri 21:02:13 -markw 21:02:14 -rbarnes 21:03:08 RRSAgent, draft minutes 21:03:08 I have made the request to generate http://www.w3.org/2014/01/27-crypto-minutes.html hhalpin 21:03:13 -hhalpin 21:03:14 Team_(crypto)20:00Z has ended 21:03:14 Attendees were Virginie_Galindo, terri, markw, jimsch, rbarnes, Karen, hhalpin, +1.650.275.aaaa, rsleevi 21:03:16 RRSAgent, draft minutes 21:03:16 I have made the request to generate http://www.w3.org/2014/01/27-crypto-minutes.html hhalpin 21:03:20 trackbot, end meeting 21:03:20 Zakim, list attendees 21:03:20 sorry, trackbot, I don't know what conference this is 21:03:28 RRSAgent, please draft minutes 21:03:28 I have made the request to generate http://www.w3.org/2014/01/27-crypto-minutes.html trackbot 21:03:28 Zakim, this is crypt 21:03:28 sorry, hhalpin, I do not see a conference named 'crypt' in progress or scheduled at this time 21:03:29 RRSAgent, bye 21:03:29 I see no action items