IRC log of crypto on 2014-03-03

Timestamps are in UTC.

19:49:28 [RRSAgent]
RRSAgent has joined #crypto
19:49:28 [RRSAgent]
logging to http://www.w3.org/2014/03/03-crypto-irc
19:50:12 [virginie]
zakim, what conferences do you see?
19:50:12 [Zakim]
I see no active conferences
19:50:13 [Zakim]
scheduled at this time are SEC_WebCryp()3:00PM, XML_CG()3:00PM, WAI_PFWG(ARIA)1:00PM, W3C_DOCS()2:00PM, RWC_Audio()2:00PM, WAI_PFWG(A11Y)3:00PM
19:52:08 [virginie]
zakim, this conference will be SEC_WebCryp
19:52:08 [Zakim]
ok, virginie; I see SEC_WebCryp()3:00PM scheduled to start in 8 minutes
19:52:16 [virginie]
agenda?
19:53:16 [virginie]
zakim, please clear the agenda
19:53:16 [Zakim]
agenda cleared
19:53:24 [virginie]
agenda+ welcome
19:53:45 [virginie]
agenda+ Q&A to editors about last version of the Web Crypto API
19:53:55 [virginie]
agenda?
19:54:00 [hhalpin]
hhalpin has joined #crypto
19:54:14 [hhalpin]
trackbot, start meeting
19:54:16 [trackbot]
RRSAgent, make logs public
19:54:18 [trackbot]
Zakim, this will be CRYPT
19:54:18 [Zakim]
ok, trackbot; I see SEC_WebCryp()3:00PM scheduled to start in 6 minutes
19:54:19 [trackbot]
Meeting: Web Cryptography Working Group Teleconference
19:54:19 [trackbot]
Date: 03 March 2014
19:57:00 [virginie]
chair : virginie
19:58:58 [Zakim]
SEC_WebCryp()3:00PM has now started
19:59:05 [Zakim]
+Karen
19:59:13 [Zakim]
+Virginie_Galindo
19:59:44 [karen_]
karen_ has joined #crypto
19:59:50 [Zakim]
+[IPcaller]
20:00:04 [vgb]
vgb has joined #crypto
20:00:28 [hhalpin]
Note that in adminstrivia, sysreq will start copying the bugs to the mailing list this week
20:00:28 [hhalpin]
the emails will be from bugzilla@jessica.w3.org
20:00:28 [hhalpin]
Hope that helps everyone
20:00:37 [Zakim]
+[Microsoft]
20:00:48 [hhalpin]
The other note is that we are slowly circling in on a date in Sept. for a possible new workshop
20:00:55 [vgb]
zakim, [Microsoft] is me
20:00:55 [Zakim]
+vgb; got it
20:00:56 [hhalpin]
So I'll throw that out when we have a proper host
20:00:59 [hhalpin]
and we'll arrange a telecon.
20:01:27 [drew]
drew has joined #crypto
20:01:57 [Zakim]
+ +1.650.224.aaaa
20:02:33 [virginie]
note : aaaa is ryan
20:02:38 [vgb]
zakim, aaaa is rsleevi
20:02:38 [Zakim]
+rsleevi; got it
20:04:57 [virginie]
agenda?
20:06:04 [vgb]
scribenick: vgb
20:06:43 [vgb]
virginie: open floor for questions to editors
20:06:43 [vgb]
q+
20:06:51 [vgb]
ack next
20:07:24 [vgb]
vgb: following up on question around PBKDF and how to use it
20:08:06 [vgb]
rsleevi: we originally talked about linking PBKDF to generateKey (for UI entry of password) but we also need programmatic setting of the password.
20:08:40 [vgb]
... e.g. if you want to do lots of operations you want to have that capability
20:08:55 [Zakim]
+[Microsoft]
20:09:18 [vgb]
... possible to define importKey with raw format but in that case you still have to do encoding
20:09:19 [israelh]
israelh has joined #crypto
20:09:42 [vgb]
... yes we haven't made much progress here. currently with spotty internet working on other issues.
20:10:53 [vgb]
vgb: was proposing last time that we do something like this, and lose the password parameter from KdfParameters.
20:11:13 [markw]
markw has joined #crypto
20:11:30 [Zakim]
+MarkW
20:11:32 [vgb]
rsleevi: broadly agree. question of whether we need to expose an export operation.
20:11:46 [markw]
Zakim, MarkW is me
20:11:46 [Zakim]
+markw; got it
20:12:36 [vgb]
vgb: don't think it's needed. especially if you go the generateKey route it's counterproductive. just mark the Key non-exportable.
20:12:48 [vgb]
rsleevi: ok. someone open a bug and we'll do this.
20:13:06 [vgb]
... can be done next week if there is a bug filed.
20:15:38 [vgb]
rsleevi: have import/export defined for most algs, still some holes like generateKey for ECDSA. but at a high level we're mostly looking at editorial issues now.
20:16:18 [vgb]
... style, terminology, etc. so broadly ready for LC. don't know if W3C process allows LC without resolving these minor things.
20:16:43 [markw]
q+
20:16:48 [vgb]
virginie: we should be okay. it seems like we have everything solved except 2-3 issues as we discussed last week.
20:17:13 [vgb]
... one concern - if we go to LC next week, when will the final ED for that be ready?
20:17:31 [vgb]
rsleevi: final meaning all editorial nits fixed?
20:17:55 [vgb]
... what are we doing on next call? Going to LC, or approving a resolution?
20:18:18 [vgb]
virginie: that was the plan - get a resolution that we're ready for LC.
20:18:48 [vgb]
rsleevi: error codes vs. reject with null is still ongoing discussion. can we carry that to LC?
20:19:44 [vgb]
virginie: having some bugs left is okay as long as issues are sorted out. the rest is interpretation. if we believe we understand how to solve the open question and there is consensus we can proceed.
20:20:01 [vgb]
markw: understand that LC means structurally ready.
20:20:16 [vgb]
... any open bugs we have could also come as LC comments.
20:20:39 [vgb]
virginie: only thing is we need to close all issues. are the current things issues or bugs?
20:21:08 [israelh]
q+
20:21:19 [vgb]
rsleevi: we've been playing fast and loose with those definitions. there is no clear consensus on error codes vs. reject with null. i can see it as a bug but not sure that's the process.
20:22:07 [virginie]
reminder : last call rpocess http://www.w3.org/2005/10/Process-20051014/tr.html#last-call
20:22:28 [vgb]
... as long as we are comfortable with the idea that backward incompatible changes may yet come, i'm okay.
20:22:37 [vgb]
virginie: feel we can go to LC.
20:22:51 [vgb]
markw: we're ready for implementation, so we should go to LC.
20:23:47 [vgb]
israelh: nowadays implementations are coming alive before CR. so we should address implementation issues now. so if we can't agree on basic things we should not go to LC.
20:24:15 [vgb]
... we should have things together before going to LC. we need to say for sure this is what we want implementers to do.
20:24:30 [vgb]
virginie: anything in the current spec that's uncomfortable to you?
20:24:46 [vgb]
israelh: i thought exception handling was a closed issue.
20:25:39 [vgb]
rsleevi: this is different. no exceptions, just rejecting promises. the issue however is whether to reject with null or with an exception code. see list discussion and feedback from blink and webkit implementers.
20:26:23 [vgb]
... e.g. what if you try an invalid hash name? Alexei proposed you reject with a syntax error. and so on.
20:26:35 [virginie]
q?
20:26:41 [vgb]
... this makes it easier for developers to understand what is going wrong.
20:26:49 [virginie]
ack markw
20:27:18 [vgb]
... this is what is outstanding. what error type to use?
20:27:39 [vgb]
israelh: so you're saying promises framework doesn't address this issue by itself.
20:27:56 [vgb]
rsleevi: same problem with event model. what error does onError get?
20:29:21 [vgb]
israelh: sounds to me like this is something we should wait to define before LC. this is the kind of thing we should have a clear stance on.
20:29:40 [vgb]
rsleevi: yes, we are still discussing and why i said this is still open.
20:30:10 [vgb]
israelh: based on that, don't want to go to LC until we have some baseline understanding on the error type at least.
20:30:46 [vgb]
virginie: so then we hav a clear decision that we will not ask for LC next week. delay that until we can clarify this. so what do people need in order to progress on this?
20:31:11 [markw]
q+
20:31:26 [vgb]
rsleevi: we've been discussing on the list. trying to nail down the mapping and inheritance. there is a proposal on the list.
20:31:58 [virginie]
ack israelh
20:32:19 [vgb]
... need feedback on the ontology. can't distinguish every possible error, so need to decide how many errors we will collapse things into.
20:32:32 [vgb]
... need consensus from implementers and potential consumers of the API.
20:33:08 [vgb]
markw: don't feel this issue should delay LC. we should try and resolve it this week so we can move on to LC next week.
20:33:42 [vgb]
virginie: need to make sure we close the issue, don't want to put pressure. so if we can fix things this week then maybe we can afford to postpone to the next call.
20:34:09 [vgb]
markw: we're way late already. let's just put a note in the spec and go to LC so we can get public feedback.
20:34:32 [vgb]
... it's clear the promise gets rejected, the rest is figuring out how many errors we define.
20:34:59 [israelh]
q+
20:35:31 [vgb]
rsleevi: my understanding of the process is similar to israel's. LC should mean we have our spec together. this issue has been lingering for a while, but now is one of the first things developers and implementers will ask for.
20:35:39 [virginie]
ack markw
20:36:10 [vgb]
markw: if we decide this week that we will reject the promise and we don't yet know if we have 3 errors or 7, should that block LC?
20:36:28 [vgb]
... that seems extremely minor and not worth more delay.
20:37:37 [vgb]
israelh: looking through thread now. i think if we had an initial set that we said we were initially comfortable with then we could proceed with that as a baseline.
20:38:03 [markw]
q+
20:38:05 [vgb]
... but going forward saying we don't know if we'll return null or an object seems wrong. fine tuning is okay.
20:38:18 [vgb]
... we don't want to rush into LC and be forced to another LC.
20:38:33 [vgb]
markw: is there anyone still arguing for returning null?
20:38:39 [vgb]
all: <crickets>
20:39:19 [vgb]
rsleevi: think we are in consensus that we want to return errors. don't know how it's going to look collectively and if the errors make sense.
20:39:36 [vgb]
... i am convinced though that we are going to have another LC given how things are going.
20:40:08 [vgb]
... maybe we are better served by another working draft, but if we are going to LC we should prepare for another LC,
20:40:32 [markw]
q?
20:40:43 [israelh]
q+
20:41:07 [vgb]
virginie: see that there is a real problem people want to address. so propose we delay the LC decision by a week, and wait for people to reach a conclusion on errors.
20:41:40 [vgb]
markw: believe that we have clearly reached consensus that we should not reject with null.
20:41:47 [markw]
q-
20:41:52 [vgb]
... so this is now just fine tuning.
20:43:09 [vgb]
israelh: agree with mark. maybe we (the implementers) could proceed with this consensus. we have some precedent, e.g. IndexedDB. if we can say in this call that it's enough to proceed, then by next week we can check for consensus on the initial error set.
20:43:27 [vgb]
... if we can close on the list next week, then we can go to LC from there.
20:43:59 [vgb]
virginie: do you think we can be ready for a decision on march 10?
20:44:06 [Zakim]
-Karen
20:44:48 [vgb]
israelh: if we can reach a conclusion this week, sure. if we decide to surface the errors and have an agreed-upon common set, then we should be set.
20:45:40 [vgb]
rsleevi: we have something like that on the list. so what needs to be done is for people to look at the spec with that list in mind and provide feedback. we have that starting point for dicsussion.
20:45:59 [vgb]
israelh: would prefer a formal table that defines this.
20:46:23 [vgb]
... bug number 24813, last email thread on the bug has lots of questions.
20:46:29 [markw]
q+
20:46:43 [vgb]
... was hoping to see a clearer statement of what the errors are and when they will be reported.
20:47:04 [virginie]
https://www.w3.org/Bugs/Public/show_bug.cgi?id=24813
20:47:26 [vgb]
rsleevi: look at Alexei's email sent february 28 @12:02 PT (GMT - 8).
20:48:13 [virginie]
http://lists.w3.org/Archives/Public/public-webcrypto/2014Mar/0003.html
20:48:25 [vgb]
... that gives us 3 maybe 5 errors. seems like a good starting point.
20:49:29 [vgb]
israelh: ok, see that now. can give feedback this week.
20:50:13 [vgb]
virginie: would like to get feedback by friday so we can have time for editors to update the doc.
20:51:02 [vgb]
... so we should be able to decide by friday if we should go to the LC decision monday.
20:51:28 [vgb]
markw: people can see updates so maybe this isn't such an issue?
20:51:44 [vgb]
rsleevi: still, should be careful. sometimes looking at isolated changes misses context.
20:51:58 [vgb]
virginie: can we have a decision monday if we have a stable version friday?
20:52:32 [vgb]
rsleevi: seems tight, people may not be able to review on the weekend.
20:52:50 [vgb]
israelh: should be able to send out feedback tuesday or wednesday.
20:53:19 [vgb]
markw: can spend time editing on wednesday so we can have a version that day.
20:53:58 [vgb]
virginie: need to inform others that this issue is being worked on. will send email to list.
20:54:13 [vgb]
... looks like we are fine with respect to other bugs.
20:54:27 [markw]
q+
20:54:31 [vgb]
... any other topics?
20:54:41 [israelh]
q-
20:55:17 [vgb]
markw: question with HKDF-CTR alg. which reference should we use? RFC 5869 or SP 800-108. Need to decide which.
20:55:32 [vgb]
rsleevi: implementation status? what does JOSE use?
20:55:57 [vgb]
vgb:
20:56:43 [vgb]
... CNG implements 800-108, think JOSE uses that as well. Not sure if JOSE does RFC 5869.
20:56:55 [vgb]
virginie: seems like we should do 800-108 then.
20:57:13 [vgb]
markw: should we mandate min key length for HMAC?
20:57:20 [vgb]
... zero length keys?
20:58:30 [vgb]
vgb: don't care. not sure 1-byte keys are that much more secure than 0-byte keys. underlying implementations will have restrictions anyways.
20:58:35 [Zakim]
-[IPcaller]
20:59:07 [vgb]
rsleevi: agree. do have a problem with limiting key length to L/2, that is not suitable especially since it should be okay to use SHA512 to derive 128-bit keys.
20:59:47 [vgb]
markw: if we allow import of 0-length keys then maybe export should allow this too for symmatry?
21:00:07 [vgb]
rsleevi: don't care. could work around in implementation or specify it in the doc. not a blocker.
21:01:10 [vgb]
virginie: thanks all. will maintain proposal to go for LC decision next week based on error feedback this week. bye!
21:01:11 [Zakim]
-rsleevi
21:01:13 [Zakim]
-markw
21:01:15 [Zakim]
-Virginie_Galindo
21:01:18 [Zakim]
-vgb
21:21:10 [Zakim]
-[Microsoft]
21:21:12 [Zakim]
SEC_WebCryp()3:00PM has ended
21:21:12 [Zakim]
Attendees were Karen, Virginie_Galindo, [IPcaller], vgb, +1.650.224.aaaa, rsleevi, [Microsoft], markw
21:21:40 [terri]
terri has joined #crypto