WebCrypto transition to CR

09 Dec 2014


See also: IRC log


wseltzer, Plh, hhalpin, Wendy, Virginie_Galindo


IPcaller is hhalpin

<wseltzer> scribenick: harry

<wseltzer> [the group expresses regrets that plh is not in France]

<wseltzer> https://lists.w3.org/Archives/Member/chairs/2014OctDec/0181.html

wselzter: We have the transition request Virginie sent
... we can walk through that
... we have a proposed URL for the CR
... and a provisioned temporary URL

notes that I will send this out tonight if we get through :)

otherwise, we have a bit of time next week

plh: For once, I did my homework
... I went through the entire transition before this call

<wseltzer> plh: There are no formal objections

<wseltzer> harry: because all the objections raised have been resolved

plh: notes that we do *not* have formal objections
... since they have been resolved
... note that the dependencies are not quite right
... this is not a blocker for CR

<wseltzer> plh: Disposition of comments looks ok

plh: but it's an early warning re move to PR
... the first reference is to DOM
... it was in CR, moved back Last Call
... so we have some features to adjust
... the DOM is a moving target
... none of the chages will effect you
... if the goal is to reference the W3C DOM
... and not do it in CR document
... you also have an "editorial document" that this will be updated to W3C DOM4 once "promises" are incorporated
... instead, Promises ECMAScript will have them in ECMAScript 6
... while you only reference ECMAScript 5

virginie: Is ECMAScript 6 stable?

plh: no

<wseltzer> [this was the link PLH shared: https://people.mozilla.org/~jorendorff/es6-draft.html#sec-25.4 ]

virginie: Any other group shave this problem?

plh: It is an early warning that this may be an issue
... in PR transition
... a little bit of homework may have to be done with PR
... re just the "Promises" part of ECMAScript 6
... I don't have that info myself

virginie: Do we have an official rep from W3C?

<plh> http://lists.w3.org/Archives/Public/public-script-coord/

plh: No, but we have a mailing list

notes that we did email that list when we moved into Last Call!

but not over this specific question

plh: You should ask the questions when they are ready
... so we should fix the W3C DOM4
... reference and the editorial note
... also, update reference to HTML
... you are also referencing WebIDL2
... its also unstable
... there has been discussion to move it out
... my recommendation is to stick to syntax to WebIDL but don't normatively spec it
... it's a bit of moving target due to ECMAScript
... for example, sequences are being redone
... just make it clear
... not familiar enough with the rest of the references
... some of them are "work-in-progress" in IETF

<plh> Update "HTML5: A vocabulary and associated APIs for HTML and XHTML (work in progress), I. Hickson. W3C. "

<wseltzer> harry: We refer to 2 kinds of IETF docs, normative and informative

<wseltzer> ... assume we can reference informative docs in-progress as non-normative refs

<wseltzer> plh: just looking at normative refs

<wseltzer> harry: we're coordinating with JOSE, so I believe those are stable

<wseltzer> ... currently in IAB review

I'll make sure to double-check that before we go to PR

we did email them all very systematically

<wseltzer> plh: did you get review from WebApps, WebAppSec, HTML?

reviews came in via bugzilla

not via WG

<wseltzer> harry: Virginie emailed request to all the groups

<wseltzer> ... people responded individually in the bugzilla

<wseltzer> plh: I don't see unresolved comments

plh: Did not see any unsatisfied commenter, all responded to satisfication of reviewer

notes that reviewer not responding in 2 weeks counted as "satisfaction" in Dispositon of Comments

plh: Are all the algorithms normative and required for implementation?

virginie: All of them are not required
... that was part of the consensus
... from the browser vendors

<wseltzer> [not MTI]

virginie: but because a high number of people wanted a stable profile of algoritms
... so during PR, we will make a "profile" of those that are implemented
... but each browser does not have to implement all of them

plh: they can implement none of them and still be part of the spec
... will that profile be part of the specification or not?
... When you implement none of the algorithms, it will be OK
... so I would be uncomfortale for not having a profile in spec

virginie: Happy to help put this into the spec

plh: My recommendation would be to put them into the spec
... if at end of CR, you don't have a profile, I will want a rationale about how useful API will be
... for CR phase, do you plan tests and 2 implementations for every algorithms?

virginie: It depends on the browser vendors

plh: I'm a bit uncomfortable

<wseltzer> harry: this was a protracted discusion in the WG even before LC

<wseltzer> ... editor did not want normative algorithms, as there might be particular custom clients

<wseltzer> ... also some concern about legal restrictions in some jurisdictions

<wseltzer> ... in LC, browser developers suggested they'd like to know what can be relied on on the Web

<wseltzer> ... so for the general-purpose Web, we could build a profile expressing what they support

wseltzer: We are talking not about browser vendors, general purpose Web
... that is a profile that would be published alongside the API with docs from web developers pointing to it
... along with higher-level constructs
... but there woudl still be possibility someone with a very specialized purpose could use the API

plh: If we have no impementations that supports all the
... algorithms in the spec, we do not keep them

<wseltzer> harry: originally, we'd expected all algos to be non-normative

<wseltzer> ... but during LC discussion, we mighthave said algos that didn't have 2 interop implementations ould be demoted to extensions

<wseltzer> ... so we'd have test cases

<virginie> note that implementations are already in progress, wee here https://www.w3.org/2012/webcrypto/wiki/Main_Page#First_implementations

<wseltzer> plh: Features at risk, you're saying that all algos are at-risk

plh: That note should referenced from status or moved to status

<wseltzer> plh: Editorial note should either be ref'd from status or in the status

<wseltzer> [Note: All algorithms listed should be considered as "features at risk", ]

We can move that to the top, no problem

plh: I would like to see it said that we want 2 interoperable implementations per algorithm
... if you don't have it, there may be some arguments
... It would not appropriate to say "hey we want to move to PR anyways"

<wseltzer> harry: there are some algos where we're waiting for more info, CFRG work at IETF

<wseltzer> plh: they're at risk, so you can remove them without going back to LC

<wseltzer> harry: what if we add an EC algo from IETF in TLS

<wseltzer> ... would we have to go back to LC?

<wseltzer> plh: yes

<wseltzer> ... and that could e a short LC

<wseltzer> ... as short as month and a half, you can do LC-> PR

<wseltzer> harry: We agreed we'd move back to LC if TLS WG gave a recommendation before we got out of CR

<wseltzer> ... else, we'd do errata process

<wseltzer> plh: you have a crypto API, no agreement on algos

<wseltzer> ... generally, we'd put into a registry rather than spec itself

<wseltzer> ... like HTML5 video element without a codec specified

virginie: We were discussing adding a registry
... we did not have a stable profile, the editor wanted no registry
... so we have them in the API itself
... with chair's hat on
... once we have a list of common algorithms
... we will know what to do and how to put them in

plh: Just add this "two implementations if you are OK with it with that", if it doesn't make sense, then please list in exit criteria

Virginie: I think that's what we wanted to add

plh: We want to the transition call optional features
... out explicitly
... we want to have two implementations for optional features, i.e. all the algorithms
... Assuming you are on top of testing
... I have no other questions

wseltzer: Any other questions for plh?

virginie: For me its clear

wseltzer: Then unless there are any questions, are we ready to make the WebCrypto transition?

plh: As the delegate of the Director, I am OK with CR transition with update of reference to DOM and update of exit criteria

wselzter: Thanks very much congrats!

<wseltzer> ACTION: hhalpin to update exit criteria, reference to DOM [recorded in http://www.w3.org/2014/12/09-crypto-minutes.html#action01]

<trackbot> Created ACTION-149 - Update exit criteria, reference to dom [on Harry Halpin - due 2014-12-16].

plh: Oh, and add ECMAScript 6 Promises

virginie: We would like to thank the editors, they've done a great job

Agreed, they've done a great job

plh: Congrats to all for all the work well done
... very much appreciated.
... we know how painful it can be

wselzter: It's an exciting move in the security discussions and privacy discussions
... its great to be able to be point to WebCrypto as a concrete move

<wseltzer> ACTION hhalpin to notify webmaster of publication request

<trackbot> Created ACTION-150 - Notify webmaster of publication request [on Harry Halpin - due 2014-12-16].

<scribe> ACTION: hhalpin will notify webmaster of publication request and double-check with editors on changes [recorded in http://www.w3.org/2014/12/09-crypto-minutes.html#action02]

<trackbot> Created ACTION-151 - Will notify webmaster of publication request and double-check with editors on changes [on Harry Halpin - due 2014-12-16].

plh: Draft director's decision?

<scribe> ACTION: hhalpin to make Director's decision, note that WG plans to make the "profile" for browser related to algorithm [recorded in http://www.w3.org/2014/12/09-crypto-minutes.html#action03]

<trackbot> Created ACTION-152 - Make director's decision, note that wg plans to make the "profile" for browser related to algorithm [on Harry Halpin - due 2014-12-16].

plh: For interop we need this profile

wselzter: This decision as a WG during PR

virginie: Can we stick to initial plan?

plh: I'm happy to take a look at it but don't block on me

<wseltzer> harry: I'll make the edits tomorrow

<plh> https://lists.w3.org/Archives/Member/w3c-ac-members/2014OctDec/0051.html

<plh> https://lists.w3.org/Archives/Member/w3c-ac-members/2014OctDec/0043.html

we may of course be delayed if there's any errors the webmaster detects

wselzter: Let's send it tonight

Virginie: thanks very much!

<wseltzer> [adjourned]

<wseltzer> trackbot, end meeting

Summary of Action Items

[NEW] ACTION: hhalpin to make Director's decision, note that WG plans to make the "profile" for browser related to algorithm [recorded in http://www.w3.org/2014/12/09-crypto-minutes.html#action03]
[NEW] ACTION: hhalpin to update exit criteria, reference to DOM [recorded in http://www.w3.org/2014/12/09-crypto-minutes.html#action01]
[NEW] ACTION: hhalpin will notify webmaster of publication request and double-check with editors on changes [recorded in http://www.w3.org/2014/12/09-crypto-minutes.html#action02]
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2014-12-09 20:53:39 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/TONIGHT/tonight/
Succeeded: s/2 interoperable implementations/2 interoperable implementations per algorithm/
Found ScribeNick: harry
Inferring Scribes: harry

WARNING: No "Topic:" lines found.

Default Present: wseltzer, Plh, hhalpin, Wendy, Virginie_Galindo
Present: wseltzer Plh hhalpin Wendy Virginie_Galindo
Agenda: https://lists.w3.org/Archives/Member/chairs/2014OctDec/0181.html

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Got date from IRC log name: 09 Dec 2014
Guessing minutes URL: http://www.w3.org/2014/12/09-crypto-minutes.html
People with action items: hhalpin

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report

[End of scribe.perl diagnostic output]