08:53:12 <RRSAgent> RRSAgent has joined #crypto
08:53:12 <RRSAgent> logging to http://www.w3.org/2014/02/24-crypto-irc
08:53:14 <trackbot> RRSAgent, make logs public
08:53:16 <trackbot> Zakim, this will be CRYPT
08:53:16 <Zakim> ok, trackbot; I see SEC_WebCryp()3:00AM scheduled to start 53 minutes ago
08:53:17 <trackbot> Meeting: Web Cryptography Working Group Teleconference
08:53:17 <trackbot> Date: 24 February 2014
08:59:56 <virginie> virginie has joined #crypto
09:02:34 <Zakim> SEC_WebCryp()3:00AM has now started
09:02:41 <Zakim> +??P0
09:07:25 <virginie> ok
09:08:59 <hhalpin> yes, for native speakers it was probably fine
09:09:05 <hhalpin> but we may need to send out separate reminders :)
09:21:30 <Zakim> -virginie
09:21:32 <Zakim> SEC_WebCryp()3:00AM has ended
09:21:32 <Zakim> Attendees were virginie
10:25:48 <abstractj> abstractj has joined #crypto
19:49:19 <RRSAgent> RRSAgent has joined #crypto
19:49:19 <RRSAgent> logging to http://www.w3.org/2014/02/24-crypto-irc
19:49:48 <Zakim> Zakim has joined #crypto
19:50:50 <virginie> zakim, this will be SEC_WebCryp
19:50:50 <Zakim> ok, virginie; I see SEC_WebCryp()3:00PM scheduled to start in 10 minutes
19:51:58 <sangrae> sangrae has joined #crypto
19:52:45 <virginie> agenda?
19:52:53 <virginie> agenda+ welcome
19:53:17 <virginie> agenda+ Presentation of Web Crypto API by editors
19:53:28 <virginie> agenda+ questions and answers
19:54:06 <virginie> agenda+ group life (Last Call, next conf call, next F2F)
19:56:00 <mete> mete has joined #crypto
19:58:28 <Zakim> SEC_WebCryp()3:00PM has now started
19:58:35 <Zakim> + +1.617.253.aaaa
19:59:00 <Zakim> +[IPcaller]
19:59:02 <markw> markw has joined #crypto
19:59:04 <drew> drew has joined #crypto
19:59:35 <jyates> Zakim, aaaa is jyates
19:59:35 <Zakim> +jyates; got it
19:59:43 <Zakim> +[Netflix]
19:59:54 <Zakim> +[IPcaller.a]
19:59:55 <markw> Zakim, [Netflix] is me
19:59:56 <Zakim> +markw; got it
20:00:47 <jimsch> jimsch has joined #crypto
20:01:09 <Zakim> -[IPcaller.a]
20:01:33 <Zakim> +[IPcaller.a]
20:01:47 <jimsch> zakim, [ipcaller.] is me
20:01:47 <Zakim> sorry, jimsch, I do not recognize a party named '[ipcaller.]'
20:01:48 <Zakim> +[IPcaller.aa]
20:02:01 <jimsch> zakim, [ipcaller.a] is me
20:02:01 <Zakim> +jimsch; got it
20:02:18 <vgb> vgb has joined #crypto
20:02:23 <hhalpin> hhalpin has joined #crypto
20:02:24 <Zakim> +??P4
20:02:31 <Zakim> +[Microsoft]
20:02:33 <hhalpin> Zakim, what's the code?
20:02:33 <Zakim> the conference code is 27978 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), hhalpin
20:02:39 <virginie> zakim, ??P4 is me
20:02:40 <Zakim> +virginie; got it
20:02:48 <vgb> zakim, [microsoft] is me
20:02:49 <Zakim> +vgb; got it
20:02:50 <virginie> zakim, who is on the phone ?
20:02:50 <Zakim> On the phone I see jyates, [IPcaller], markw, jimsch, [IPcaller.aa], virginie, vgb
20:03:06 <Zakim> +[IPcaller.a]
20:03:12 <hhalpin> Zakim, IPcaller is hhalpin
20:03:12 <Zakim> +hhalpin; got it
20:03:39 <Zakim> + +1.503.712.aabb
20:03:58 <hhalpin> Zakim, aabb is sangrae
20:03:58 <Zakim> +sangrae; got it
20:04:04 <sangrae> hi everybody
20:04:06 <mete> no voice here, following on irc only
20:04:54 <hhalpin> trackbot, start meeting
20:04:56 <trackbot> RRSAgent, make logs public
20:04:58 <trackbot> Zakim, this will be CRYPT
20:04:58 <Zakim> ok, trackbot; I see SEC_WebCryp()3:00PM scheduled to start 4 minutes ago
20:04:59 <trackbot> Meeting: Web Cryptography Working Group Teleconference
20:04:59 <trackbot> Date: 24 February 2014
20:05:03 <terri> aabb is me
20:05:06 <virginie> zakim, who is on the phone ?
20:05:06 <Zakim> I notice SEC_WebCryp()3:00PM has restarted
20:05:07 <Zakim> On the phone I see jyates, hhalpin, markw, jimsch, [IPcaller.aa], virginie, vgb, [IPcaller.a], sangrae
20:05:11 <terri> Zakim, aabb is me
20:05:11 <Zakim> sorry, terri, I do not recognize a party named 'aabb'
20:05:17 <hhalpin> Zakim, IPcaller.a is sangrae
20:05:17 <Zakim> +sangrae; got it
20:05:23 <hhalpin> Zakim, sangrae is sangrae2
20:05:23 <Zakim> +sangrae2; got it
20:05:25 <virginie> zakim, who is on the phone ?
20:05:25 <Zakim> On the phone I see jyates, hhalpin, markw, jimsch, [IPcaller.aa], virginie, vgb, sangrae.a, sangrae2
20:05:34 <hhalpin> Zakim, Sangrae2 is terri
20:05:34 <Zakim> +terri; got it
20:05:40 <terri> thanks!
20:06:35 <hhalpin> wseltzer has been promoted!
20:07:00 <hhalpin> http://www.w3.org/blog/news/archives/3482
20:07:02 <Zakim> +[Microsoft]
20:07:07 <hhalpin> So I'll be attending the calls as Team contact.
20:07:11 <hhalpin> Zakim, pick a scribe
20:07:11 <Zakim> Not knowing who is chairing or who scribed recently, I propose jimsch
20:07:24 <hhalpin> scribe: jimsch
20:07:27 <hhalpin> chair: virginie
20:07:32 <hhalpin> agenda?
20:07:37 <virginie> agenda?
20:08:29 <israelh> israelh has joined #crypto
20:09:04 <jimsch> virginie:  review agenda
20:09:29 <jimsch> ... cll for other items?
20:09:43 <virginie> zakim, who is on the phone ?
20:09:43 <Zakim> On the phone I see jyates, hhalpin, markw, jimsch, [IPcaller.aa], virginie, vgb, sangrae.a, terri, [Microsoft]
20:10:10 <hhalpin> markw can handle the presentation of recent bugs as he's been manning quite a bit of the editorial work.
20:10:28 <drew> zakim, i am IPcaller.aa
20:10:28 <Zakim> ok, drew, I now associate you with [IPcaller.aa]
20:10:45 <jimsch> ... markw:  focusing on adding algorthm desription text
20:10:49 <virginie> https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html
20:11:11 <jimsch> ... Still some gaps - DH not yet committed and key derviation functions not done yet.
20:11:30 <jimsch> ... sha1 may be visiable in current editors draft
20:11:43 <jimsch> ... will notify as new things become available.
20:12:02 <jimsch> ...  Based on list disucssion, key wrapping descipritions are going to change
20:12:31 <jimsch> ... methods ask if there is a wrap/unwrap - will use the encrypt opertion if it is not present.
20:12:44 <jimsch> ... discussion on list is that second option should be removed.
20:13:14 <jimsch> ... For some, the encrypt and wrap will be the same (AES-GCM) for others only wrap/unwrap my be defined (AES-KW)
20:13:22 <jimsch> ... list of three to talk about.
20:13:39 <jimsch> virgine: Lets strt with three points that are raised.
20:14:02 <jimsch> ... Any generl questions to the editor at this time?
20:14:28 <jimsch> Isereal:  Would llike to put worker crypto interface at risk if noboy objects
20:14:41 <hhalpin> israel, do you have some reasoning?
20:15:00 <virginie> https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#WorkerCrypto-interface
20:15:27 <jimsch> ... From the worker pattern, because of other limitations we have not implemented some of the indexDB interfaces for them
20:15:39 <jimsch> ... So deprioritizing some of the webworker interfaces
20:16:02 <jimsch> ... Rather make sure that async senerios are right
20:16:44 <jimsch> virginie: How do we manage that - add editors note saying it is at risk
20:17:40 <jimsch> ... as noone is challenging it - seems to be ok
20:18:02 <hhalpin> As long as its announced on mailing list so Chromium devs can respond
20:18:05 <jimsch> hhalpin: need to announce over the mailig list
20:18:42 <jimsch> virginie: start on technical discussion
20:19:18 <jimsch> markw: two of the three are housekeeping - shoud be able to close
20:19:35 <jimsch> ... #1 32500 - support of raw AES
20:19:46 <markw> https://www.w3.org/Bugs/Public/show_bug.cgi?id=23500
20:20:07 <jimsch> ... concluded on the list - there is no effiecnet way to do this and can do it with cbc or counter -
20:20:12 <jimsch> .... suggest close as won't fix
20:20:22 <jimsch> +1
20:20:29 <hhalpin> I think that comment came from Boneh, right?
20:20:36 <jimsch> yes it did
20:20:37 <hhalpin> Perhaps we should just respond to him directly
20:20:45 <hhalpin> to see if he agrees/knows about implementation
20:20:54 <hhalpin> I'm happy to email him the proposed change and see if he agrees
20:21:18 <jimsch> virginie:  with no objections - will close bug - action to harry to inform Boneh
20:21:26 <jimsch> ... if any problems will come back
20:21:34 <markw> https://www.w3.org/Bugs/Public/show_bug.cgi?id=24755
20:21:59 <jimsch> markw: AES CFB - parameter on the shift size
20:22:08 <jimsch> ... Nothing in the spec prior to now.
20:22:17 <jimsch> ... Suggest we treat the diffrerent shift values as different algorithms
20:22:30 <jimsch> ... Which shift values to be supported?
20:22:44 <jimsch> .... Discussion says that it appers mostly be 8 bit shifts
20:23:01 <jimsch> ... Propsoal - rename and support only the 8 bit shift size
20:23:33 <jimsch> virginie: If rename - then do we indicate we welcome others if people ask for them?
20:23:50 <jimsch> markw: reason for explicit naming is to show how to add new values in the future
20:24:33 <jimsch> +1
20:25:05 <jimsch> virginie: resolution to rename is ok.
20:25:09 <markw> https://www.w3.org/Bugs/Public/show_bug.cgi?id=24457
20:25:46 <jimsch> markw: AES-KW requires 8 byte multiple on input
20:26:19 <jimsch> ... More fundimental issue - because of lack of canonicaliztion - ryan thought this might be a secueity issue
20:26:46 <jimsch> ... several people agreed with markw mailing list analysis that there is not a security problem
20:27:07 <jimsch> ... don't need to say anything bout how to make it a multiple of 8 bytes in the current spec
20:27:21 <jimsch> ... propsoal is to close as WFM
20:27:47 <jimsch> Isreal: would it make sense to add note about ability todo this in the serializer?
20:28:00 <jimsch> markw: Yes - Ryan may not accept it
20:28:22 <jimsch> virginie: suggest  a note and see if Ryan agrees with note
20:28:51 <jimsch> +1
20:29:32 <vgb> q+
20:30:39 <jimsch> markw: have openned new bugs feom the reviews that have come in - need to check for pre-last call status
20:30:59 <jimsch> vgb: Question on the mailing list about optional password parameter
20:31:31 <Zakim> -sangrae.a
20:31:33 <jimsch> markw: have not reviewed the question yet
20:32:09 <jimsch> vgb: for PBKDF2 - how does the optional base key work if the UI is supposed to prompt for the password
20:32:14 <virginie> http://lists.w3.org/Archives/Public/public-webcrypto/2014Feb/0125.html
20:33:23 <jimsch> vgb: hate to go last call if we don't know how to use the parameter
20:34:02 <jimsch> q+
20:34:34 <hhalpin_> hhalpin_ has joined #crypto
20:34:36 <jimsch> q-
20:34:52 <jimsch> jimsch: the basekey would never be used - because the password is not there
20:35:32 <jimsch> vgb: understood the opposite
20:36:08 <markw> q+
20:36:09 <jimsch> vgb: understood if basekey was left null, then some implenttions would be able to prompt for a password
20:36:36 <jimsch> vgb: need calarification on what the password parm means
20:36:51 <jimsch> markw:  could think of a numbeer of ways to consetruct the API here
20:37:10 <hhalpin_> Zakim, what's the code?
20:37:10 <Zakim> the conference code is 27978 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), hhalpin_
20:37:34 <jimsch> ... would there be a question of a doing a derivation from a different method - say DH agree
20:37:48 <Zakim> +[IPcaller]
20:37:52 <jimsch> ... DOn't know if that mkes sense as a use case for PBKDF2
20:37:59 <jimsch> ... maybe base key is always null
20:38:07 <hhalpin_> I'm in a train station :)
20:38:10 <vgb> q-
20:38:23 <markw> q-
20:38:38 <jimsch> virginie: need to clarify the behavior
20:38:56 <jimsch> ... create bug/action to get the clarification
20:39:36 <jimsch> vgb: sounds like no one knows what to currently do.
20:39:45 <jimsch> virginie: need to clarify or remove
20:39:58 <jimsch> vgb: with reasonble symmantic - then should go forward and keep.
20:40:29 <jimsch> Some of this may be because we have not looked at PBKDF2 since we changed how deriveKey wors
20:41:02 <markw> q+
20:41:23 <jimsch> virginie: should be able to go to last call if we clear out these issues
20:41:46 <jimsch> markw: Three more items possible to discuss, aslo need to fill n some import/export sections
20:42:01 <virginie> issues still open : http://www.w3.org/2012/webcrypto/track/issues/open
20:42:21 <jimsch> ... Import of JWK objects, with full detail could have model without passing in parameters from the script
20:42:33 <jimsch> ... would cause a big refactoring in the specifications
20:42:49 <jimsch> ... Implication is that one should know what i in the JWK to start with if no change
20:43:23 <jimsch> ... What if algorithm has prameter s-  i.e. HMAC hash function, JWK specifies the hash function - could default from JWK
20:43:49 <jimsch> ... Currrently say -need to know what is going to import and thus need to know what algorithm/sub-parameters in the JWK are
20:43:52 <vgb> +1 to Mark's approach
20:43:55 <jimsch> .... will get error if no match
20:44:01 <hhalpin_> Sounds reasonable
20:44:08 <jimsch> +1 (for now)
20:44:28 <jimsch> markw: Hot off the mailng list - DH discussion
20:44:46 <virginie> http://lists.w3.org/Archives/Public/public-webcrypto/2014Feb/0113.html
20:44:50 <jimsch> ... refering to PKCS#3 in the spec - also the X9.42 spec
20:45:02 <jimsch> ... slightly enhanced wrt PKCS#3
20:45:09 <jimsch> ... which shouldd we support
20:45:25 <jimsch> ... Current status on mailing list
20:45:39 <virginie> recent discussion http://lists.w3.org/Archives/Public/public-webcrypto/2014Feb/0132.html
20:45:41 <jimsch> .... X9.42 is not as widly spread
20:46:02 <jimsch> ... jim says for good security reasons need x9.42
20:46:19 <jimsch> ... is enough to suport PKCS#3 or need x9.42
20:46:21 <jimsch> q
20:46:23 <jimsch> q+
20:46:28 <markw> q-
20:46:29 <hhalpin_> What precisely is needed for x9.42 compliance?
20:46:37 <hhalpin_> Thinking of the upcoming W3C Web Payments workshop...
20:46:53 <markw> q+
20:47:05 <jimsch> jimsch:  Certifictes come in the X9.42 version not the PKCS#3 version - need for SPKI
20:47:16 <virginie> ack jimsch
20:47:22 <jimsch> markw: respond to harry - X.942 has additional prameters
20:47:40 <jimsch> ... these are used to check for specifying the privte key
20:47:53 <hhalpin_> adding order to base elements seems like it should be possible as an optional parameter, but x.942 is new to me :)
20:47:53 <jimsch> ... jim will now correct me
20:48:48 <jimsch> jimsch: reallyt there to check that the genertor is created correctly
20:49:12 <jimsch> isreal: If accepting a small sub-group - then an issue
20:49:28 <jimsch> ... Really more of a problem with static-static
20:49:47 <jimsch> ... For ephermeal-ephermal, on need to mandiate x9.42
20:49:55 <jimsch> ... Not clear that it should be required
20:51:01 <jimsch> markw: issue is that if we support x9.42 for import, then what do we do on export if implementation does not support?
20:51:40 <jimsch> isreal: then you can't do the export because it not legl
20:51:58 <hhalpin_> Obviously outlawing PKCS#3 will obviously not work
20:51:59 <jimsch> markw: suggesting onlything required is pkcs3 because it is what is supported
20:52:14 <jimsch> ... what does an implementtion do if does not suport full parameters set
20:52:26 <jimsch> isreal: is that bad?
20:52:36 <israelh> s/isreal/vijay
20:52:46 <jimsch> sorry
20:53:05 <jimsch> markw: currently nothing in terms of - is this format supported?
20:53:56 <jimsch> virginie: not sure we re going to make a decsiion now, without a concensus
20:54:09 <jimsch> markw: if we could great - if not then need to continue discussions
20:54:10 <hhalpin_> it seems that output formats should be supported in general rather than a query to see if a particular output format is supported.
20:54:35 <jimsch> ... Put the pure #3 in the spec - and people could see what happens
20:54:44 <jimsch> ... will give us an operatable to throw rocks at
20:55:21 <jimsch> virginie: any oher issues to discuss? - open issues
20:55:37 <jimsch> markw: these are the main issues for the open issues
20:55:53 <jimsch> ... encourage people to review bug list and the document
20:55:56 <virginie> https://www.w3.org/Bugs/Public/buglist.cgi?component=Web%20Cryptography%20API%20Document&product=Web%20Cryptography&resolution=---
20:56:39 <jimsch> viginie:  COuld have a call next week if there are issues for disucssion
20:56:41 <hhalpin_> We've already booked the time so an intermediate discussion will probably be useful - re UTC time, it will be late on Monday post-IETF.
20:57:12 <jimsch> ... promised Q&A session
20:57:38 <jimsch> ...  avoids issues of poeple sayng I did not have tie to raise my point
20:57:47 <jimsch> ... real decision on going to last call in two weeks
20:58:43 <jimsch> ... have suggested that could have a F2F in the future -in april
20:58:59 <hhalpin_> [looking for precise dates]
20:59:06 <jimsch> +1
20:59:11 <sangrae> +1
20:59:25 <virginie> +1
20:59:25 <hhalpin_> its April 10-11th.
20:59:25 <israelh> +1
20:59:31 <jimsch> ... please type +1 if you would be willing to meet in april
20:59:53 <markw> +1
21:00:01 <jimsch> ...  meeting is in california - think it was paypal orginizing
21:00:48 <hhalpin_> I have to be at WWW2014 on those dates.
21:00:53 <hhalpin_> i.e April 10-11th.
21:00:59 <hhalpin_> But a f2f would be useful regardless
21:01:03 <jimsch> virginie:  First chance to look at last call comments
21:01:23 <jimsch> virginie: AOB?
21:01:50 <jimsch> virginie: future work - sent a proposal to the mailing list about secure token
21:02:04 <jimsch> ... discussions with wendy and harry - check if appropriate workshop
21:02:19 <virginie> https://www.w3.org/2012/webcrypto/wiki/WG_Future_Work_hardware_token_workshop_2014
21:03:13 <Zakim> -markw
21:03:45 <Zakim> -jyates
21:03:47 <Zakim> -[Microsoft]
21:03:47 <Zakim> -vgb
21:03:49 <Zakim> -virginie
21:03:51 <Zakim> -[IPcaller.aa]
21:03:51 <hhalpin_> trackbot, end meeting
21:03:51 <trackbot> Zakim, list attendees
21:03:51 <Zakim> As of this point the attendees have been +1.617.253.aaaa, jyates, markw, jimsch, virginie, vgb, hhalpin, +1.503.712.aabb, terri, [Microsoft], [IPcaller]
21:03:59 <trackbot> RRSAgent, please draft minutes
21:03:59 <RRSAgent> I have made the request to generate http://www.w3.org/2014/02/24-crypto-minutes.html trackbot
21:03:59 <virginie> thanks to jim for scribing !
21:04:00 <trackbot> RRSAgent, bye
21:04:00 <RRSAgent> I see no action items