<trackbot> Date: 07 July 2014

I'll just hang out until others show up

like a .ics?

<rsleevi> and virginie was lost

oh dear

virginie?

<virginie> sooorry

<virginie> new phone :(

<rsleevi> thanks wendy

<rsleevi> @harry: The CFRG does *not* address attacks, based on their current charter. They deal with *protocol* design

<rsleevi> @harry: Rich's list of concerns with algorithms is precisely because he believes that general web developers will be reading the spec and seeing carte blanch to use, which is exactly where webplatform.org is better suited for

<Zakim> wseltzer, you wanted to say process, before substance

I think the main point is almost nothing is carte blanche to use :)

So, my proposal would be work with Graham to turn his blog post into an informative note either in CFRG or just an IETF Informative Note (this is in the case where Ryan's point about the charter is true).

And then just reference that.

It may also be useful to have Rich join a telecon if we have a proposal that he seems not super-unhappy with.

<wseltzer> rsleevi: I don't want to say "good/bad, secure/insecure" because those don't have objective agreement

<wseltzer> ... CFRG discussing attacks, mitigations better

<wseltzer> Virginie: work with Rich to see if we can address his concerns with a reference to an external document on attacks

<wseltzer> rsleevi: so long as it's not referencing "quality"

NIST curves vs safe curves

<wseltzer> harry: if he's asking for "what can devs expect to find in browsers", we can discuss at end of CR

<wseltzer> rsleevi: consider, there's user disabling, user choice of platform, hardware, export requirements,

seems like we need some text around either user-agent not implementing or user-disabling

<wseltzer> ... so what happens in the event that something is disabled -- what should webdev expect?

virginie takes that bug to Henri

<wseltzer> harry: keystorage to discussion at workshop, webappsec

non-NIST curves being handled by Microsoft

with the "remove all NIST curves" virginie can handle

its not a formal objection, just a complaint we can principly answer using the same answer we give Rich.

I think there's no other "objection" level bugs left.

I'm happy to ping Graham over transforming his blog to some kind of informative note.

<wseltzer> harry: propose an informative document, that we link to, link to be decided on bugzilla

<wseltzer> virginie: an external document listing attacks

<wseltzer> rsleevi: look for objective measures, rather than subjective good/bad

Sounds like a battle plan

extensibility bug?

<virginie> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618

trackbot, end meeting

This is scribe.perl Revision: 1.138  of Date: 2013-04-25 13:59:11  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

No ScribeNick specified.  Guessing ScribeNick: harry
Inferring Scribes: harry
Default Present: hhalpin, Virginie_Galindo, [Google], markw, Wendy
Present: hhalpin Virginie_Galindo [Google] markw Wendy

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 07 Jul 2014
Guessing minutes URL: http://www.w3.org/2014/07/07-crypto-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.