See also: IRC log
<trackbot> Date: 07 July 2014
I'll just hang out until others show up
like a .ics?
<rsleevi> and virginie was lost
oh dear
virginie?
<virginie> sooorry
<virginie> new phone :(
<rsleevi> thanks wendy
<rsleevi> @harry: The CFRG does *not* address attacks, based on their current charter. They deal with *protocol* design
<rsleevi> @harry: Rich's list of concerns with algorithms is precisely because he believes that general web developers will be reading the spec and seeing carte blanch to use, which is exactly where webplatform.org is better suited for
<Zakim> wseltzer, you wanted to say process, before substance
I think the main point is almost nothing is carte blanche to use :)
So, my proposal would be work with Graham to turn his blog post into an informative note either in CFRG or just an IETF Informative Note (this is in the case where Ryan's point about the charter is true).
And then just reference that.
It may also be useful to have Rich join a telecon if we have a proposal that he seems not super-unhappy with.
<wseltzer> rsleevi: I don't want to say "good/bad, secure/insecure" because those don't have objective agreement
<wseltzer> ... CFRG discussing attacks, mitigations better
<wseltzer> Virginie: work with Rich to see if we can address his concerns with a reference to an external document on attacks
<wseltzer> rsleevi: so long as it's not referencing "quality"
<wseltzer> harry: if he's asking for "what can devs expect to find in browsers", we can discuss at end of CR
<wseltzer> rsleevi: consider, there's user disabling, user choice of platform, hardware, export requirements,
seems like we need some text around either user-agent not implementing or user-disabling
<wseltzer> ... so what happens in the event that something is disabled -- what should webdev expect?
virginie takes that bug to Henri
<wseltzer> harry: keystorage to discussion at workshop, webappsec
non-NIST curves being handled by Microsoft
with the "remove all NIST curves" virginie can handle
its not a formal objection, just a complaint we can principly answer using the same answer we give Rich.
I think there's no other "objection" level bugs left.
I'm happy to ping Graham over transforming his blog to some kind of informative note.
<wseltzer> harry: propose an informative document, that we link to, link to be decided on bugzilla
<wseltzer> virginie: an external document listing attacks
<wseltzer> rsleevi: look for objective measures, rather than subjective good/bad
Sounds like a battle plan
extensibility bug?
<virginie> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618
trackbot, end meeting
This is scribe.perl Revision: 1.138 of Date: 2013-04-25 13:59:11 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) No ScribeNick specified. Guessing ScribeNick: harry Inferring Scribes: harry Default Present: hhalpin, Virginie_Galindo, [Google], markw, Wendy Present: hhalpin Virginie_Galindo [Google] markw Wendy WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Found Date: 07 Jul 2014 Guessing minutes URL: http://www.w3.org/2014/07/07-crypto-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option.[End of scribe.perl diagnostic output]