08:53:33 RRSAgent has joined #crypto 08:53:33 logging to http://www.w3.org/2014/02/10-crypto-irc 08:53:49 Zakim, what conference do you see ? 08:53:49 I don't understand your question, virginie. 08:53:59 Zakim, what conferences do you see ? 08:53:59 I see no active conferences 08:54:00 scheduled at this time are SEC_WebCryp()4:00AM, Team_Offices(EMEA)4:00AM 08:55:32 Zakim, this conference is sec_webcrypt 08:55:32 sorry, virginie, I do not see a conference named 'sec_webcrypt' in progress or scheduled at this time 08:55:45 mountie has joined #crypto 08:55:56 hello mountie 08:56:01 hello 08:56:16 looks like we have no conf call booked, let me see what i can do... 08:56:18 am I wight time? 08:56:23 yes 08:56:39 ok 08:57:22 zakim, this conference will be sec_webcrypt_asia 08:57:22 I do not see a conference matching that name scheduled within the next hour, virginie 08:59:13 is the conference code is 27978# or 26632#? 09:00:04 problem is that no bridge has been booked 09:00:18 i am sending new details for the call 09:00:34 aha. ok. 09:00:58 lets join under +33155015500 (french number) 09:01:16 with the code : 83693450# 09:01:20 I will 09:03:01 hi all 09:04:08 anyone wanting to join the discussion about web crypto WG is invited to join on +33155015500 with access 83693450# 09:07:45 sangrae has joined #crypto 09:08:01 hello sangrae anyone wanting to join the discussion about web crypto WG is invited to join on +33155015500 with access 83693450# 09:08:21 hi. sandrae 09:08:25 (apologize for badly managing the call booking) 09:08:49 I tried to call that number. but didn't ask me access code. 09:09:20 can u hear us ? 09:09:32 I can hear you 09:09:51 sangrae, can u hear us ? 09:10:25 sangrae, did we loose u ? 09:18:05 Mark status on web crypto API : http://lists.w3.org/Archives/Public/public-webcrypto/2014Feb/0027.html 09:21:00 hhalpin has joined #crypto 09:21:22 Zakim, this is crypt 09:21:22 hhalpin, I see SEC_WebCryp()4:00AM in the schedule but not yet started. Perhaps you mean "this will be crypt". 09:23:46 anyone wanting to join the discussion about web crypto WG is invited to join on +33155015500 with access 83693450# 09:24:08 virginie, did anyone join? 09:24:28 Bug 24457 * - AES-KW can only wrap a JWK key if its serialization happens to be 8*n bytes long 09:24:32 it appears Zakim has it booked in 30 minutes. 09:24:53 I'll send adminreq a message correcting so we start an hour earlier. 09:25:03 (to harry, yes we have sangrae, mountie and kishan from typhone 09:25:07 Excellent! 09:25:07 ) 09:25:37 Let me change the booking time so the code works properly next time. 09:28:06 http://www.w3.org/2012/webcrypto/wiki/WG_Future_Work 09:28:21 ok, correction sent 09:28:30 So next time, the code should work. 09:29:07 Quick update - W3C is discussing Asian presence at WWW2014 in W3C developer track, I'd like to dial-in briefly to discuss. 09:29:26 We'd like to discuss Korean use-cases in particular at the track in terms of scoping future work. 09:31:13 mountie: we don't know how private keys are protected and managed 09:31:19 ... we are trying to set some guidelines 09:31:33 ... maybe not normative, but at least guidelines 09:33:07 virginie: is use-case hardware token or software 09:33:10 mountie: both 09:33:16 ... who owns the key? 09:33:24 ... does it belong to the provisioner? 09:33:39 .... if we really accept hardware tokens or secure element, the key owner belongs to the user 09:33:58 thanks harry for scribing 09:33:58 ... some concerns can we match those requirements 09:34:26 virginie: clarify two things, the way the credentials are secured 09:34:34 ... way they are managed by the ownership 09:35:00 ... can you write down the requirements? 09:35:09 http://www.w3.org/2012/webcrypto/wiki/Deliverable_web_certificate_API 09:36:49 the asian call is prior to the US call. 09:37:29 q+ 09:37:53 virginie: on issue of key ownership, how would you implement that? 09:38:20 ... keys that work cross-origin, would you provision the authorized origin to deal with the key? 09:38:46 mountie: if the key is combined with a certificate, we set exceptions via same origin policy 09:38:52 s/via/to 09:39:13 mountie: we also need some form of user-consent, password, pin, biometrics 09:39:22 ... for use or access of the key 09:39:49 virginie: access whatever key plus certificate, with no limitation up to user for final version 09:39:56 ... or more of a whitelist or blacklist 09:40:01 hhalpin: whitelists are usually safer 09:40:27 folks should look at how CORS works 09:40:42 mountine: key genreated by site A, but can be accessed for signing data in different websites 09:40:53 s/mountine/mountie 09:41:28 CORS basically gives you a whitelist-like mechanism 09:41:48 mountie: Not so much people agreed 09:42:01 You may also want to approach the questions re CORS to the WebApp and WebAppSec WG 09:43:57 harry suggesting to look at CORS and see how to use it for local ressources 09:44:44 and communicate with the WebAppSec after CORS/Web Crypto API go to Last Call 09:45:24 Off top of head, CORS is best bet, although they won't have the UA stuff you want. 09:45:46 mountie: exceptions would be best, postMessage would be second-choice 09:49:06 happy to do quick intro over CORS 09:49:42 www2014.kr 09:49:46 April 7-11th 2014 09:49:56 WebCrypto Next Steps Session 09:50:05 http://www2014.kr/ 09:50:05 90 minutes maybe 180 minutes 09:53:22 We are considering Sept 2014 in Washington DC 09:58:33 Will send emails out 09:58:41 Zakim, generate minutes 09:58:41 I don't understand 'generate minutes', hhalpin 09:58:55 Zakim, create minutes 09:58:55 I don't understand 'create minutes', hhalpin 10:04:00 rrsagent, please draft minutes 10:04:00 I have made the request to generate http://www.w3.org/2014/02/10-crypto-minutes.html rigo 10:04:30 rrsagent, please set log public 10:22:25 mountie has joined #crypto 10:37:27 mountie has joined #crypto 10:52:27 mountie has joined #crypto 11:07:15 mountie has joined #crypto 11:22:28 mountie has joined #crypto 11:37:15 mountie has joined #crypto 11:52:27 mountie has joined #crypto 12:07:15 mountie has joined #crypto 12:22:31 mountie has joined #crypto 12:37:15 mountie has joined #crypto 12:52:15 mountie has joined #crypto 13:07:15 mountie has joined #crypto 13:22:25 mountie has joined #crypto 13:37:23 mountie has joined #crypto 13:52:23 mountie has joined #crypto 15:02:57 drew has joined #crypto 15:03:21 drew has left #crypto 15:08:13 drew has joined #crypto 15:08:25 drew has left #crypto 15:09:08 drew has joined #crypto 15:09:30 drew has left #crypto 15:19:00 mountie has joined #crypto 15:38:58 jyates has joined #crypto 15:56:00 jyates_ has joined #crypto 15:56:25 jyates has left #crypto 15:56:45 jyates has joined #crypto 15:59:04 malaclyps has joined #crypto 16:04:49 tantek has joined #crypto 17:37:50 hhalpin has joined #crypto 17:37:53 Zakim, this is CRYPT 17:37:53 sorry, hhalpin, I do not see a conference named 'CRYPT' in progress or scheduled at this time 17:38:04 Zakim, this will be CRYPT 17:38:04 I do not see a conference matching that name scheduled within the next hour, hhalpin 18:06:40 drew has joined #crypto 18:09:20 terri has joined #crypto 18:13:55 malaclyps has joined #crypto 19:22:27 malaclyps has joined #crypto 19:33:44 tantek has joined #crypto 19:44:32 jyates has joined #crypto 19:53:05 virginie has joined #crypto 19:53:46 zakim, what conferences do you see? 19:53:46 I see no active conferences 19:53:47 scheduled at this time are RWC_Audio()2:00PM, XML_CG()3:00PM, W3C_DOCS()2:00PM, PP_PSIG()3:00PM, WAI_PFWG(A11Y)3:00PM, SEC_WebCryp()3:00PM 19:54:39 zakim, this is SEC_WebCryp 19:54:39 virginie, I see SEC_WebCryp()3:00PM in the schedule but not yet started. Perhaps you mean "this will be SEC_WebCryp". 19:54:42 jyates has joined #crypto 19:54:52 zakim, this will be SEC_WebCryp 19:54:52 ok, virginie; I see SEC_WebCryp()3:00PM scheduled to start in 6 minutes 19:55:05 agenda? 19:56:05 zakim, clear agenda 19:56:05 agenda cleared 19:56:12 agenda+ Welcome 19:56:51 agenda+ Status on actions 19:57:07 agenda+ Status on Web Crypto API issues 19:57:20 agenda+ Status on Web Crypto API 19:57:43 agenda+ informal F2F in London on 27th of feb 19:57:56 agenda+ AOB 19:59:06 jimsch has joined #crypto 19:59:48 SEC_WebCryp()3:00PM has now started 19:59:56 +terri 20:00:09 + +1.617.253.aaaa 20:00:11 +[IPcaller] 20:00:27 +??P7 20:00:37 zakim, aaaa is jyates 20:00:37 +jyates; got it 20:00:37 zakim, who is on hte phone ? 20:00:39 I don't understand your question, virginie. 20:00:47 zakim, who is on the phone ? 20:00:47 On the phone I see terri, jyates, [IPcaller], ??P7 20:00:51 +[Apple] 20:01:16 zakim, who is on the phone ? 20:01:16 On the phone I see terri, jyates, [IPcaller], ??P7, [Apple] 20:03:04 [IPcaller] is me 20:03:15 +[IPcaller.a] 20:03:26 zakim, IPcaller is me 20:03:26 +virginie; got it 20:03:29 markw has joined #crypto 20:03:43 zakrim, ipcaller.a is me 20:03:56 zakim, ipcaller.a is me 20:03:56 +jimsch; got it 20:04:02 +[Netflix] 20:04:28 Zakim, [Netflix] is me 20:04:28 +markw; got it 20:04:29 +rsleevi 20:04:44 zakim, ??P7 is drew 20:04:44 +drew; got it 20:04:58 zakim, who is on the phone ? 20:04:58 On the phone I see terri, jyates, virginie, drew, [Apple], jimsch, markw, rsleevi 20:06:46 agenda? 20:07:20 karen_ has joined #crypto 20:08:19 +Karen 20:09:17 scribenick: rsleevi 20:09:22 scribe: Ryan Sleevi 20:09:37 wg members to have a look http://www.w3.org/2012/webcrypto/track/actions/open 20:09:41 +[Microsoft] 20:09:48 virginie: WG members should take a look at the open ACTION items 20:10:06 israelh has joined #Crypto 20:10:16 ... if there are any items that should be closed, just close your ACTION item. No need to go through the WG before doing so 20:10:48 ... in the same spirit, there's also a set of open ISSUEs 20:10:55 http://www.w3.org/2012/webcrypto/track/issues/open 20:11:02 ... specifically those related to the Web Crypto API 20:11:42 ... Going to LC requires that there be no open ISSUEs, but we have some still open. There has been some discussion on the mailing list for closing/resolving some, but it seems there remain some items 20:11:46 ISSUE-12? 20:11:46 ISSUE-12 -- Should the API distinguish between algorithm and operation parameters? -- open 20:11:46 http://www.w3.org/2012/webcrypto/track/issues/12 20:12:01 q+ 20:13:31 rsleevi: vgb sent a mail to the list several weeks (months?) ago suggesting he didn't really have any concrete proposals 20:13:56 ... I suggest we close this issue. There's some small tweaks related to the status update, but as a whole, we don't have any good proposals for such a large API change 20:13:58 ISSUE-28? 20:13:58 ISSUE-28 -- Short-names for algorithms -- open 20:13:58 http://www.w3.org/2012/webcrypto/track/issues/28 20:14:25 ISSUE-35? 20:14:25 ISSUE-35 -- Handling of wrap/unwrap operations -- open 20:14:25 http://www.w3.org/2012/webcrypto/track/issues/35 20:14:29 q+ 20:14:53 markw: I think we've addressed these in the latest ED. I think we can close this issue 20:14:57 I closed ISSUE-59 : http://www.w3.org/2012/webcrypto/track/issues/59 based on the conversation at the F2F in China. 20:15:04 +1 to closeing ISSUE-35 20:15:55 35 20:16:05 sory 43 20:16:08 ISSUE-43? 20:16:08 ISSUE-43 -- Separate method for key agreement -- open 20:16:08 http://www.w3.org/2012/webcrypto/track/issues/43 20:16:11 kodonog has joined #crypto 20:16:16 q+ 20:17:37 rsleevi: This is another one that I believe we resolved on the mailing list 20:18:10 ... The main people who raised concern expressed acceptance with the API for deriveKey/deriveBits 20:18:34 +karen_oDonoghue 20:18:35 virginie: Will suggest on the mailing list to close ISSUE-43 20:19:05 44 20:19:07 ISSUE-44? 20:19:07 ISSUE-44 -- Require creation of random IVs by default for CBC, CFB, GCM -- open 20:19:07 http://www.w3.org/2012/webcrypto/track/issues/44 20:20:03 virginie: Contacted rbarnes to attempt to gather more information. We discussed during the F2F, and then rbarnes was silent on this. 20:20:12 ... attempt to contact richard one last time, and then close this 20:20:14 ISSUE-46? 20:20:14 ISSUE-46 -- Optional algorithm parameters must have default values -- open 20:20:14 http://www.w3.org/2012/webcrypto/track/issues/46 20:20:22 I just pinged richard… he is coming now 20:20:44 virginie: Another situation where discussed with richard but not concrete solution 20:21:01 ISSUE-59? 20:21:02 ISSUE-59 -- Promises Programming Pattern Verification -- closed 20:21:02 http://www.w3.org/2012/webcrypto/track/issues/59 20:21:15 +??P25 20:22:45 rbarnes: Will take a look in the next few days and continue discussion on the list 20:22:56 virginie: Just a reminder that we need to have 0 ISSUEs open before LC 20:24:15 status by the editor : http://lists.w3.org/Archives/Public/public-webcrypto/2014Feb/0028.html 20:24:23 markw: Briefly, I took the 15 bugs that we identified as required for last call as Pre-LC 20:24:56 virginie: In this mail, there were some further discussions, correct? 20:25:54 markw: The ones that are open are the ones that we could spend time discussing here if we think we can resolve here 20:26:14 ... JWK format, raw AES access, and adding an additional curve to the named curve registry 20:26:21 rbarnes has joined #crypto 20:26:22 ... also a discussion on making all method failures asynchronous 20:26:38 > *Bug **24427* 20:26:49 q+ 20:26:54 +1 to making all failures async, in case it wasn't clear 20:27:17 q? 20:27:37 jimsch: In addition to specifying whether failures should be asynchronous, should we also specify failures should be constant time 20:27:43 q- 20:28:23 rsleevi: Dpn't believe we need to make any statements about constant time 20:28:52 ... it would be a quality of implementation issue for the algorithm-specific stuff 20:29:06 ... can't really interop test it 20:29:38 ... an it doesn't necessarily invalidate an implementation if it is later discovered that it is not constant time 20:30:04 ... also, it's not clear how we would defined an interop requirement 20:30:26 +1 to rsleevi 20:30:34 ... for example, for RSA, there are quality of implementation issues around the quality of the primes etc. 20:30:48 +1 to adding to security considerations ( I think we did already ) 20:31:25 virginie: So is your proposal jimsh that we add it to security considerations 20:31:33 jimsch: I'll have to think about it, but I think that sounds right 20:32:15 virginie: Can raise that discussion on the mailing list 20:32:40 q+ 20:32:41 markw: Bug 24444 20:33:08 israelh: Just really quickly on the previous bug, are we suggesting to do all the failures asynchronous 20:33:14 -[Microsoft] 20:33:16 q- 20:33:32 Bug 24444 20:33:33 @israel: Yeah, all failures async. This also will require some prose regarding the WebIDL conversions 20:33:44 virginie: What is the suggested resolution? 20:34:21 +[Microsoft] 20:34:48 I 20:34:52 I'm back 20:35:15 +1 on not including 20:35:35 rsleevi: My feeling is that this curve is actually not widely implemented (eg: CNG, nor CSSM I believe). I addressed this on the list that unless we here from implementors requesting it, it would be better to leave it off for now 20:35:47 https://www.w3.org/Bugs/Public/show_bug.cgi?id=24444 20:35:48 markw: I would rather we decide something, either way, and close it 20:35:50 my inclination is to include it, just because identifiers are cheap, and developers are going to have to check for support anyway 20:36:00 but i don't feel that strongly 20:36:11 @rbarnes: It affects our ability to move the spec to REC, regarding compatible implementations 20:36:24 @rbarnes: Thats why I suggest we defer until implementors actually request it / suggest implementing it 20:36:27 q+ 20:36:42 @rsleevi: i thought we had already agreed that we would not have requirements for specific algorithms / curves ? 20:36:48 looooong ago 20:36:48 karen: I think that particular curve is not in NIST 20:36:50 q+ 20:37:04 q+ 20:37:06 curve 25519 is the current hot curve to adopt in the IETF at the moment 20:37:21 jimsch: let's not go there 20:37:33 rsleevi: Part of SEC 1 / NIST, not part of Suite B 20:37:44 rbarnes: that is why I said don't adopt 20:38:08 jimsch: that's different; djb has a whole different point representation etc 20:38:24 virginie: Sounds like from the discussion the answer is "no" but we'll wait to hear back from israel 20:38:35 israelh: My guess/vote is "no" - less is more 20:38:46 i'm not hearing a lot of "yes' 20:39:09 +1 to closing pending more info 20:39:10 markw: We can close this with NEEDSINFO, with the info needed being implementors wanting to implement it 20:39:11 +1 20:39:13 +1 20:40:39 virginie: BUG 24457 20:40:44 Bug 24457 * 20:41:03 q+ 20:41:24 q+ 20:42:06 https://www.w3.org/Bugs/Public/show_bug.cgi?id=24457 20:43:40 q+ 20:43:54 richard: Is this a result of JOSE choosing the simpler form of key wrap 20:44:24 jimsch: There was some discussion of this on the mailing list. On the mailing list, the discussion was "If it's not 8*n bytes long, you can't use it. Tough" 20:45:01 ... the choice of IV was fairly arbitrary and not based on security decisions, it just needed to be a constant 20:45:30 ... the question I have for Mark is, we did have a conversation about this, what more is desired 20:46:30 markw: That's correct, that resolution is fine for the AES-KW case. The thing I pointed out on the bug is that it's possible for implementations to generate a JWK that is aligned to 8*n bytes - by using additional whitespace or additional members with junk data, for example 20:47:09 ... based on that, Ryan made some comments that the flexibility just described (the non-canonical nature of the JSON) raised concerns regarding the security properties of AES-KW being based on being a canonical representation 20:47:45 ... so there's no question about reversing the previous decision, the question is just whether there's a fundamental security question with wrapping JWKs with AES-KW as opposed to AES-GCM 20:47:53 virginie: Let's have a follow-up on the mailing list on this bug 20:48:45 jimsh: no security considerations that I can think of 20:49:10 q- 20:49:15 https://www.w3.org/2002/09/wbs/54174/February2014/ 20:49:53 q+ 20:49:55 virginie: Because there has been very short notice regarding this F2F, it would be good to know who will be able to be in attendance 20:50:58 markw: If we would be able to spend a portion of the time resolving issues and making sure the spec is ready for LC, I think I could justify attending, but if it's just going to be discussion future work, it's harder to reason 20:51:34 virginie: It's harder because this is an informal meeting 20:52:07 markw: I don't think formal or informal matters much, since we close things by reaching consensus, and we reach consensus by talking about things, and we can talk informal or formal. If informal, we can just reach formal consensus on the mailing list 20:52:15 -1 for attending 20:52:20 +1 20:52:22 +.8 20:52:25 -1 20:52:29 -1 20:52:31 0 20:52:34 -1 20:52:35 -1 previous commitment conflicts 20:52:37 -1 20:52:39 have to leave 20:52:43 -jimsch 20:52:53 just me and virginie! 20:53:45 virginie: It seems like there will be very few people attending. May be worth considering cancelling. Going to reach a "last call" of sorts on the mailing list this week 20:54:13 markw: An alternative would be to consider a longer call to deal with the issues going towards LC 20:54:33 virginie: So for example a 2 hour call for the next two calls 20:54:39 +1 20:55:20 israelh: What about a special meeting that goes 2 hours (only one) that just identifies all the issues we should go through and make sure that everybody that needs to be there can be there 20:55:49 q+ 20:57:45 -[Apple] 20:59:42 rsleevi: next call (2 weeks) is when markw and I are supposed to deliver "LC-ready" spec. Following call the WG will vote on adopting it as LC 21:00:21 rsleevi: So first call being 2 hours will allow markw and I to discuss and debrief about any open issues or questions, then following call can allow WG members to discuss issues seen 21:01:05 israelh: Would it make more sense to have 1 hour call in two weeks for debrief, and then a following week have a 1 hour call to discuss issues, then follow with another 1 hour call for debrief 21:01:41 virginie: What about a 2 hour call for our next call, followed by a 1 hour call the next week, followed by the regular call 21:01:52 +1 to 2,1,1 plan (if I understood correctly) 21:01:58 and also 2,1,2 if necessary 21:02:09 rsleevi: yeah that's sounds find to me 21:02:37 virginie: Plan was 2 hours call in two weeks, 1 hour call week following (which may conflict with IETF), followed by 2 hour call 21:03:18 ... reminder for people that we will potentially have a workshop in September, potentially in Washington DC, to discuss hardware tokens 21:03:42 ... still need to send out a strawman proposal for the workshop 21:04:43 virginie: Next meeting will be 24 of Feb. will ask W3C staff to make meeting a 2 hour meeting. 21:04:51 starting at the same time? 21:04:55 -jyates 21:04:57 -markw 21:04:58 -rbarnes 21:04:58 -[Microsoft] 21:05:00 -virginie 21:05:01 -Karen 21:05:04 -drew 21:05:04 -terri 21:05:13 I have made the request to generate http://www.w3.org/2014/02/10-crypto-minutes.html rsleevi 21:05:37 -karen_oDonoghue 21:07:01 -rsleevi 21:07:02 SEC_WebCryp()3:00PM has ended 21:07:02 Attendees were terri, +1.617.253.aaaa, jyates, [Apple], virginie, jimsch, markw, rsleevi, drew, Karen, [Microsoft], karen_oDonoghue, rbarnes 21:51:45 malaclyps has joined #crypto 22:17:29 drew has joined #crypto 22:48:37 malaclyps has joined #crypto 23:24:56 terri has joined #crypto 23:27:09 mountie has joined #crypto