18:47:26 RRSAgent has joined #crypto 18:47:26 logging to http://www.w3.org/2014/09/29-crypto-irc 18:47:28 RRSAgent, make logs public 18:47:28 Zakim has joined #crypto 18:47:30 Zakim, this will be CRYPT 18:47:30 ok, trackbot; I see SEC_WebCryp()3:00PM scheduled to start in 13 minutes 18:47:31 Meeting: Web Cryptography Working Group Teleconference 18:47:31 Date: 29 September 2014 18:48:21 agenda+ welcome 18:48:26 agenda+ review of bugs by editors 18:48:33 agenda+ decision to exit last call 18:48:36 agenda+ next steps 18:48:40 agenda + TPAC 18:48:49 agenda + vNext workshop 18:57:12 wseltzer has changed the topic to: 29 Sept. 2000 UTC Agenda http://lists.w3.org/Archives/Public/public-webcrypto/2014Sep/0205.html 19:07:39 Zakim, who's on the phone? 19:07:39 SEC_WebCryp()3:00PM has not yet started, harry 19:07:41 On IRC I see RRSAgent, harry, jarrednicholls, ale, w3, tobie, slightlyoff, schuki, timeless, terri, wseltzer, trackbot 19:07:56 [the call is in one hour] 19:17:07 rsleevi has joined #crypto 19:40:47 harry has joined #crypto 19:40:54 harry has joined #crypto 19:41:19 q? 19:56:00 nvdbleek has joined #crypto 19:56:17 virginie has joined #crypto 19:58:38 SEC_WebCryp()3:00PM has now started 19:58:45 + +1.503.712.aaaa 19:58:52 mdwood has joined #crypto 19:58:58 MichaelH has joined #crypto 19:59:15 + +1.512.257.aabb 19:59:32 zakim, aabb is me 19:59:34 +virginie; got it 19:59:40 +Michael_Hutchinson 19:59:44 zakim, who is on the call ? 19:59:45 On the phone I see +1.503.712.aaaa, virginie, Michael_Hutchinson 19:59:46 +Wendy 19:59:54 zakim, who is on the phone ? 19:59:54 On the phone I see +1.503.712.aaaa, virginie, Michael_Hutchinson, Wendy 20:00:08 zakim, aaaa is Matt_Wood 20:00:08 +Matt_Wood; got it 20:00:44 agenda? 20:01:48 + +1.650.275.aacc 20:01:52 zakim, code? 20:01:52 the conference code is 27978 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), nvdbleek 20:02:23 markw has joined #crypto 20:02:24 zakim, who is on the phone ? 20:02:24 On the phone I see Matt_Wood, virginie, Michael_Hutchinson, Wendy, Google 20:02:27 Google has rsleevi 20:02:33 vgb has joined #crypto 20:02:35 harry has joined #crypto 20:02:57 Zakim, what's the code? 20:02:57 the conference code is 27978 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), harry 20:03:13 +[Microsoft] 20:03:16 rbarnes has joined #crypto 20:03:23 +[Microsoft.a] 20:03:24 i'm on the way 20:03:35 zakim, [microsoft] is me 20:03:35 +vgb; got it 20:03:41 +[Netflix] 20:03:44 selfissued has joined #crypto 20:03:58 zakim, who is on the phone ? 20:03:58 On the phone I see Matt_Wood, virginie, Michael_Hutchinson, Wendy, Google, vgb, selfissued, [Netflix] 20:03:59 Zakim, [Netflix] is me 20:04:01 Google has rsleevi 20:04:01 +markw; got it 20:04:42 +[IPcaller] 20:04:56 Zakim, IPcaller is hhalpin 20:04:56 +hhalpin; got it 20:05:01 agenda? 20:05:12 zakim, what's the dial-in? 20:05:12 I don't understand your question, rbarnes. 20:05:21 Zakim, what's the code? 20:05:21 the conference code is 27978 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), harry 20:05:28 zakim, who is scribing? 20:05:28 I don't understand your question, wseltzer. 20:05:39 Zakim, pick a scribe? 20:05:39 I don't understand your question, harry. 20:05:43 Zakim, pick a victim 20:05:43 Not knowing who is chairing or who scribed recently, I propose virginie 20:05:47 Zakim, pick a victim 20:05:47 Not knowing who is chairing or who scribed recently, I propose virginie 20:05:48 Zakim, pick a victim 20:05:49 Not knowing who is chairing or who scribed recently, I propose hhalpin 20:05:58 chair: Virginie 20:06:01 scribe: hhalpin 20:06:05 israelh has joined #crypto 20:06:06 + +1.434.941.aadd 20:06:13 zakim, aadd is me 20:06:13 +rbarnes; got it 20:06:14 Virginie: Welcome everyone 20:06:21 ... we'll review the bugs with the editors 20:06:30 zakim, who is on the phone? 20:06:30 On the phone I see Matt_Wood, virginie, Michael_Hutchinson, Wendy, Google, vgb, selfissued, markw, hhalpin, rbarnes 20:06:33 Google has rsleevi 20:06:36 ... then try to make formal decision to exit last call 20:06:41 +[Microsoft] 20:06:45 ... just to clarify, as regards rsleevi's call 20:07:00 ... we'll have two weeks notice for opposition to the mailing list 20:07:06 ... we'll also discussion decision for next steps 20:07:10 ... and our f2f meeting 20:07:15 +??P7 20:07:23 zakim, who is on the phone ? 20:07:23 On the phone I see Matt_Wood, virginie, Michael_Hutchinson, Wendy, Google, vgb, selfissued, markw, hhalpin, rbarnes, [Microsoft], ??P7 20:07:24 ... discussion over deliverables of v.Next workshop 3 weeks ago 20:07:24 zakim, I am ??P7 20:07:26 Google has rsleevi 20:07:26 +nvdbleek; got it 20:07:34 [roll call] 20:07:52 zakim, mute me 20:07:52 nvdbleek should now be muted 20:08:41 zakim, take up agendum 2 20:08:41 agendum 2. "review of bugs by editors" taken up [from harry] 20:08:43 topic: bug review 20:09:08 https://docs.google.com/spreadsheets/d/1rpc7Q7o4nxoKjYT8Qx4MhueQ-rUuIIM53yp7miUuxnw/edit?usp=sharing 20:09:46 markw: extensibility approach 20:09:56 https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#rsa-oaep 20:09:56 ... so basically we went over two areas 20:10:09 ... how we might do extensibility 20:10:20 ... for example, adding hash algorithms 20:10:22 q+ 20:10:39 wseltzer: Are we all looking at the same list? 20:11:01 "recent changes" tab 20:11:04 q- 20:11:06 markw: Changes are in reverse order of time fixed 20:11:32 ... for RSA-OEAP, how do you add a new hash algorithm? 20:11:50 ... how could they add that hash algorithm without monkey-patching 20:12:04 ... making changes so that people have no ideas what will happen in future 20:12:12 ... we will instead give future extension points that are explicit 20:12:23 ... as far as things go 20:12:43 ... where it comes in first is "import key" 20:12:50 ... see Annevk's post on the list 20:13:04 ... other specs may specify use of additional hash algorithms 20:13:38 I don't understand how this addresses extensibility 20:13:42 you never make to step 3, do you? 20:14:12 ... we say other specs can specify additional procedures and insert them into import procedures 20:14:16 This seems to allow some other specification to wholly replace the import steps 20:14:19 e.g. bypass steps 3+ 20:14:22 which doesn't seem desirable 20:14:29 q+ 20:14:49 ack selfissued 20:15:07 rsleevi: step 3 of which procedure? 20:15:07 I was trying not to queue so that we can make progress on this call, while still raising the concern so that we can carry on 20:15:19 Step 3 of Import Key ( https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#rsa-oaep ) 20:15:23 if you know what to do rsleevi, do tell us! 20:15:42 the current Step 2 language is equivalent to saying "Any other spec can wholly replace this section" 20:16:10 selfissued: "Other specifications" are the keyword, other specs in the algorithm in section 20, where I expected it to say "other specs may define new algorithm names", I didn't see that. Did you say it using different words? 20:16:50 q+ 20:16:51 i think i'm +1 to rsleevi here. we don't need to provide forward references here -- wherever there's a list of fixed strings, there's an extensibility point 20:16:54 drew has joined #crypto 20:17:22 markw: I don't think you need to say anything cause we already have the algorithm string here 20:17:31 selfissued: I'd just suggest repeating the same language 20:17:35 q? 20:17:39 markw: I'll file a bug and do that. 20:17:40 ack rsleevi 20:17:54 rsleevi: So I have some concerns with this approach 20:18:13 ... any other spec can redefine the RSA-OEAP key *entirely* 20:18:17 which is pretty concerning for me 20:18:29 + +1.503.528.aaee 20:18:36 rsleevi: Could we move the step to "importKey" to the concrete extension points within the spec 20:18:39 ... so if you move it to step 3 20:19:01 ... there's a place, if we match all the way to step 3, then we can constrain the other specs 20:19:12 ... so we don't have to respecify other specs entirely 20:19:14 +1 to ryan 20:19:14 Karen has joined #crypto 20:19:18 ... there are things we don't think into a parameter 20:19:25 ... for example, SPKI and JWK 20:19:30 q? 20:20:01 I'm not sure where you're talking about "says up above" mark - https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#dfn-applicable-specifications is a dead link 20:20:07 maekw: it is intention that we can constrain that explicitly 20:20:24 ... embedding the other points 20:20:44 ... you have to make a tradeoff 20:21:01 ... my preference is constraining not in the future 20:21:01 zakim, who is on the phone ? 20:21:01 On the phone I see Matt_Wood, virginie, Michael_Hutchinson, Wendy, Google, vgb, selfissued, markw, hhalpin, rbarnes, [Microsoft], nvdbleek (muted), +1.503.528.aaee 20:21:04 Google has rsleevi 20:21:04 [Microsoft] has israelh 20:21:15 ... implemeters come after users and authors 20:21:28 rsleevi: forward references is not quite what we want 20:21:32 ... we want to be pretty careful here 20:21:41 ... I'm not quite sure where want your concern is 20:22:16 ... for example, we can decode parameters 20:22:23 ... an algorithm id and an algorithm id object 20:22:32 ... so I don't see your concern re the extension ball 20:22:39 ... for example, step 3.7 - if you have that, everything else 20:22:45 ... in general, concerned about forward references 20:22:49 q+ 20:22:53 ack selfissued 20:22:57 i agree with everything ryan just said 20:23:07 selfissued: I'm not concerned about forward referenes 20:23:20 ... we should have parameterized hash fucntions in the future 20:23:22 markw: We had a long discussion on the list about htis 20:23:39 ... re embedding, I think its fine 20:23:42 I think writing it in the spec shows how it doesn't really work 20:23:46 So I think we should be flexible to change 20:23:49 ... we are already constraining extentesibility 20:23:52 q? 20:23:57 -nvdbleek 20:24:17 q+ 20:24:23 rsleevi: I'm OK with continuing discussion with TAG 20:24:32 ... so we are not really OK with this and our API design goals 20:24:45 ... with blanket exceptions to exceptions 20:24:50 markw: Which API design goals? 20:24:58 q- 20:25:04 rsleevi: Annevk said it - on forward references 20:25:06 ... on the list. 20:25:15 rsleevi: best solution on the discussion on the list. 20:25:19 q+ 20:25:26 ... TAG might object 20:25:32 i'm pretty much in agreement with annevk. not happy with forward references, but probably not sad enough to object. 20:25:43 +??P7 20:25:55 zakim, I am ??P7 20:25:55 +nvdbleek; got it 20:26:05 harry: Sounds like a blocking to Last Call to me 20:26:06 ... is it? 20:26:19 rsleevi: Haven't had chance to review the last edits 20:26:21 ... no firm comments 20:26:27 -rbarnes 20:26:27 ... this alone is enough to raise concerns about last call 20:26:36 ... the explanation is very valuable to last call 20:26:48 Yes, please keep going through the list 20:26:54 I basically think we should keep go through list 20:27:03 and see how far we can get consensus, and then try to move to Last Call 20:27:08 even if we can't get to it next week 20:27:23 virginie: Sounds good. Would like a definite proposal by next week? 20:27:33 ... is that feasible by rsleevi? 20:27:46 rsleevi: Assuming whole internet doesn't break like it did last week, sure. 20:27:57 https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#ecdsa 20:28:16 markw: A different kind of extensibility, extensibilty as regards EC curves 20:28:23 ... possibility to add addition EC 20:28:36 ... allow different specs to define sig, etc. 20:28:41 ... for example, in sig steps 20:28:59 ... if its one of the curves we define in our spec go with our spec, otherwise we follow those in other spec 20:29:02 ... likewise for any spec 20:29:12 Sounds good to me 20:29:13 ... for importkey/exportkey, back to previous issue 20:29:20 q? 20:29:28 ack harry 20:29:34 -hhalpin 20:29:52 q+ 20:34:05 We shouldn't be taking time now discussing hypotheticals. When there are actual proposed language changes, we should discuss them then. 20:34:35 This is what the cloning thing says: https://dom.spec.whatwg.org/#other-applicable-specifications 20:34:36 selfissued: This isn't a hypothetical 20:34:44 The current spec is hypotheticals 20:35:01 It is hypothetical until there's a concrete proposed alternative language 20:35:06 zakim, mute me 20:35:06 nvdbleek should now be muted 20:36:47 q? 20:37:03 ack vgb 20:37:30 harry has joined #crypto 20:37:32 vgb: I like the ECDSA section more, as an implementor, because it reads better 20:37:42 vgb: Question for Ryan, would you be satisfied with just an appendix that listed other specifications 20:37:46 vgb: Question to Mark, ??? 20:38:23 vgb: one comment and 2 questions 20:38:47 ... comment: i like the ECDSA approach a little more than the OAEP one, it reads cleaner 20:39:31 ... question to Ryan: If we simply had a list of "applicable specifications" in an appendix (not the text itself, just references), would this satisfy your objection? 20:40:03 ... question to Mark: Why doesn't the consideration about parametrized hashes apply to ECDSA? 20:40:28 I suggest we actually create an action for each of the answer expected by each of the parties here, with deadline to answer next friday 20:40:45 The problem with an appendix listing other specifications is that keeping that up to date requires updating the main specification every time an extension spec is created. That's not a reasonable or scalable approach. 20:41:23 q? 20:42:07 vgb: the SPKI encoding of an EC key does not constrain the hash algorithm 20:42:21 whereas the SPKI encoding of an RSA-OAEP key MAY constrain the hash algorithm 20:42:42 (now, NIST specifications say you should only use hash X with curve Y, but that's not part of the core ECDSA op) 20:42:51 so you could use a different hash alg with a single ECDSA key 20:42:58 whereas with RSA-OAEP, SPKI/PKCS8 can prevent this 20:43:02 scribe: rsleevi 20:43:21 virginie: I'm not scribing, I'm responding 20:43:52 s/scribe: rsleevi// 20:45:06 Bug 35382? 20:45:15 25382 20:45:30 markw: Add text to return an invalid access error 20:45:50 ... skipping the less controversial ones 20:45:56 @rsleevi: actually there is an algorithm OID for ecdsa-with-SHA1 and so on. you don't have to specify the hash in the SPKI, but you could 20:46:01 .. cleaning up which error type was used 20:46:15 ... a few re parameter validation 20:46:30 - +1.503.528.aaee 20:46:30 ... In some cases, we explicitly validate params, in some cases we don't 20:46:40 ... Validation error vs data or syntax error 20:47:14 @vgb: Well, those keys aren't currently supported in the current draft :) 20:47:14 ... Ryan has pointed out that if delegated to crypto library, don;t know why it failed 20:47:25 ... So should just return operation error 20:47:41 ... 25741 20:47:42 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25741 20:47:45 25741 20:47:51 example 25741 20:48:12 @rsleevi: then why not do the same for OAEP :) 20:48:16 I have no feedback to offer, as I have not reviewed any of these changes 20:48:55 question is what do you think about that bug https://www.w3.org/Bugs/Public/show_bug.cgi?id=25741 20:49:36 markw: proposal, use operation error for all param validation errors 20:50:08 @vgb: I think it's more of a bug with our current SPKI import code that it chokes on the ecdsa-with-* foo OIDs. Of course, this would make the ECDSA code the same problem as the OAEP code :) 20:50:21 @rsleevi: this is not changes, this is a question of principle as to what error is returned when there are parameter validation changes 20:50:26 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25741#c3 20:50:34 vgb: every time you make a call to underlying crypto library, you should expect informative error 20:50:45 ... but if you want to check formatting before making the crypto call, that's bad 20:50:58 markw: but there are places we do param checks before calling crypto 20:51:03 ... we could rip them all out 20:51:10 ... but then we'd need to check the references 20:51:23 ... Or, we could say they all return operation error 20:51:32 ... and leave flexibility to the implementor to delegate to crypto library 20:51:42 q+ 20:51:49 vgb: sounds fine to change to operational error 20:52:11 israelh: concern that not providing enough info the library is useless in diagnosis 20:52:53 ... how much granularity do we want to provide? 20:53:20 markw: If we specify different errors, then we're assuming crypto libraries assume that info, or requiring the UA to do the checks 20:53:43 ... or you'd get different results on different platforms 20:53:55 s/assume/expose/ 20:54:07 israelh: On indexdb we have "unknown error," and that's not very useful 20:54:27 vgb: on this list, all are "check length" 20:55:10 ... would we be forcing them to add extra length-checking? 20:55:24 markw: Please look at these bugs on error reporting 20:55:57 virginie: could you please start a mailing list discussion, Mark? 20:56:00 markw: sure 20:56:08 virginie: anything else you want to highlight? 20:56:29 markw: Look at the recent changes tab, the changes I made last week 20:56:38 ... most of those are straightforward 20:56:50 ... Think we've resolved in principle security considerations; 20:56:55 ... we discussed extensibility here 20:57:07 ... make keys non-extractable by default (25721) 20:57:34 virginie: We have been suggesting to WG that we'd try to exit LC today 20:57:44 ... we'd like to get there 20:58:06 ... Please make sure your orgs have enough bandwidth to review remaining bugs 20:58:16 ... Do you have time this week? 20:58:55 vgb: I've been working to spin up again 20:59:45 rsleevi: I said I'd look through Mark's 39 changes and provide feedback by Friday 20:59:59 virginie: Deadline for text proposals to change is Friday 21:00:15 ... Propose another call 13 October, 2000 UTC 21:00:20 13th of oct would be the call for trying to exit last call 21:01:14 ... fallback, 20 October 21:01:15 unless opposition to the date on the coming 2 days 21:02:03 Virginie: F2F at TPAC, 30 October 21:02:17 ... please register, http://www.w3.org/2014/11/TPAC/ 21:02:59 ... more discussion on the list 21:03:00 -Matt_Wood 21:03:01 bye 21:03:02 -[Microsoft] 21:03:03 -virginie 21:03:05 -vgb 21:03:06 -Google 21:03:07 -Wendy 21:03:10 -markw 21:03:12 MichaelH has left #crypto 21:03:13 [adjourned] 21:03:16 -selfissued 21:03:21 -nvdbleek 21:03:54 -Michael_Hutchinson 21:03:55 SEC_WebCryp()3:00PM has ended 21:03:55 Attendees were +1.503.712.aaaa, +1.512.257.aabb, virginie, Michael_Hutchinson, Wendy, Matt_Wood, +1.650.275.aacc, rsleevi, vgb, selfissued, markw, hhalpin, +1.434.941.aadd, 21:03:55 ... rbarnes, nvdbleek, israelh, +1.503.528.aaee 21:04:05 rrsagent, make minutes 21:04:05 I have made the request to generate http://www.w3.org/2014/09/29-crypto-minutes.html wseltzer 21:04:06 rsleevi has left #crypto 21:04:22 rrsagent, make logs public 21:04:24 rrsagent, make minutes 21:04:24 I have made the request to generate http://www.w3.org/2014/09/29-crypto-minutes.html wseltzer 21:05:02 i/invalid access error/scribenick: wseltzer 21:05:07 trackbot, end teleconf 21:05:07 Zakim, list attendees 21:05:07 sorry, trackbot, I don't know what conference this is 21:05:15 RRSAgent, please draft minutes 21:05:15 I have made the request to generate http://www.w3.org/2014/09/29-crypto-minutes.html trackbot 21:05:16 RRSAgent, bye 21:05:16 I see no action items 21:05:42 RRSAgent has joined #crypto 21:05:42 logging to http://www.w3.org/2014/09/29-crypto-irc 21:06:02 i/scribe: hhalpin/scribenick: harry/ 21:06:05 rrsagent, make minutes 21:06:05 I have made the request to generate http://www.w3.org/2014/09/29-crypto-minutes.html wseltzer 21:52:35 tantek has joined #crypto 23:34:08 harry has joined #crypto