Web Cryptography Working Group Teleconference -- 14 Sep 2015

<trackbot> Date: 14 September 2015

scribe?

<scribe> scribenick: wseltzer

virginie: Welcome back
... Harry has been working on tests
... For this call, progress on testing, some results to report
... also charter extension, since current charter ends at end of Sept, so suggest 6mo extension
... to finalize tests and get to Rec
... Any other business?

Members and activity status

virginie: Anyone want to discuss implementation?

<hhalpin> Basically, I'd like to know if anyone plans to change anything in their next browser version

<hhalpin> I'm happy to email Microsoft and Mozilla.

rsleevi: no updates since last call
... we've put in the algos we intend to
... looking at 25519, in IETF
... also how to do deterministic signatures on 25519
... status on chromium.org

Test cases status

hhalpin: test case
... Google led the way; MS implementation now works interoperably

<virginie> FYI, harry sent a snapshot here : https://lists.w3.org/Archives/Public/public-webcrypto/2015Sep/0008.html

rsleevi: there's nothing we haven't yet implemented that we plan to implement
... 25519 still being specified
... some differences platform-to-platform, see chromium.org
... nothing is still in-progress

hhalpin: I suggested algos for browser profile based on Mac/Linux/Windows

<hhalpin> Then there's some algorithms with no implementations: RSA-PSS, AES-CMAC, AES-CFB, CONCAT, HKDF-CTR

hhalpin: some algos have no implementation

<hhalpin> Should we remove?

hhalpin: Should we remove them?

<rsleevi> Not really all that close. e.g. the lack of ECC on Linux when using an NSS w/o ECC (RHEL & friends)

<virginie> question to rsleevi : is this page the one you are referencing for chromium ? https://www.chromium.org/blink/webcrypto

<rsleevi> That's not correct statement harry

<rsleevi> Chrome implements RSA-PSS, HKDF-CTR (in the modified form)

rsleevi: there was a github version that had a bug

<hhalpin> ACTION: Fix RSA-PSS [recorded in http://www.w3.org/2015/09/14-crypto-minutes.html#action01]

<trackbot> Error finding 'Fix'. You can review and register nicknames at <http://www.w3.org/2012/webcrypto/track/users>.

rsleevi: there's an open bug that what's in the spec is unimplementable

<rsleevi> Not sure what you mean by "FIx RSA-PSS"

<rsleevi> the issue was in HKDF-CTR

hhalpin: it would be great to fix that

<rsleevi> https://diafygi.github.io/webcrypto-examples/

hhalpin: reviewing https://lists.w3.org/Archives/Public/public-webcrypto/2015Sep/0008.html
... Do we keep those algos that have 2 implementations, or those implemented everywhere?
... at least 2 proves interop; devs might like what's implemented everywhere

virginie: it's more reasonable to keep algos that are implemented broadly; 2 is a minimum, even better to get broader implementation

<rsleevi> Even within the algorithm space, there's a number of differences

<rsleevi> e.g. Safari does not implement the DER-encoded forms (SPKI, PKCS#8)

<rsleevi> Chrome does not implement the AES-192 families

hhalpin: if we don't expect implementers to change, then suggest making browser profile based on what's already been implemented everywhere

<rsleevi> Curve P-521 may be removed

hhalpin: Q to WG: should browser profile be 2 implementations, or all browsers?

<rsleevi> Even Chrome's implementation of SPKI/PKCS#8 are not spec compliant w/ respect to validation, error handling, or strict export. Real interoperability concerns there.

virginie: question to those implementors not on the call, are there other algos that you intend to implement?

<rsleevi> (We're more liberal than required by the spec)

hhalpin: we can't exit CR until we specify a browser profile
... so I'm asking editors what they want to include

<hhalpin> The question is does the 'browser profile' cover algorithms that currently have interop between *all browsers*, 3, or 2?

rsleevi: The spec should reflect reality
... we want to understand why there are 2 but not more implementers -- plans, or schedule
... I described in irc a number of ways that implementations can vary
... we need implementer feedback

hhalpin: to editors, woudl you support dropping from the spec algos with no or 1 implementation?

rsleevi: absolutely

<virginie> +1 to that proposal, harry, dropping less then 2 implementations

hhalpin: a few cases that only Mozilla implements
... would you want to drop those?

rsleevi: for the things we haven't implemented, we don't plan to implement.
... I'd be curious to hear from the group at-large about use cases, including non-browser
... algos where no one plans to implement don't do anyone a service in the spec

markw: flag 1 or fewer implementation as to-be-removed (at-risk)
... so implementers can report plans to implement
... but we need 2 interop implementations to move forward
... can keep them around someplace, document history

engelke: as a developer, I'm neutral on how much is added
... would like profiles to have lower bound of commonality
... so 2 users on different browsers can communicate

virginie: Direction to have two implementations of each algo

<rsleevi> Speaking with the "I have to deal with crypto lawyers" hat on, I don't know we can *guarantee* that :) The best is 'best effort' and recognizing configuration and laws conspire against us

<hhalpin> I believe the 'browser profile' was agreed to informative rather than normative

rsleevi: it's crypto, so we can't guarantee that every browser will be able to talk, everywhere

<hhalpin> Just a quick clue to end-users that 'at the date of this spec, all these browsers implemented these algorithms'

<virginie> to hhalpin, okay

rsleevi: conceptually similar to the gamepad API doesn't work if you don't have a gamepad

hhalpin: we should try to get MS and Moz into a meeting

<virginie> action to hhalpin and virginie to have mozilla and microsoft opinion or presence for the next call

<trackbot> Error finding 'to'. You can review and register nicknames at <http://www.w3.org/2012/webcrypto/track/users>.

hhalpin: saying we will remove these algos with only one implemenation, unless you have plans to implement

virginie: sure
... Ryan, could you update list Harry sent?
... regarding implementation status

<hhalpin> We should probably move that list into github

<rsleevi> https://diafygi.github.io/webcrypto-examples/

rsleevi: that github link, now fixed
... is a representative sample of tested from a mac

virginie: Harry, where are you on testing?

hhalpin: still working on it for the CR report
... I'll put a sample CR report in github
... invite pull requests
... 2 weeks to put CR report together
... review at next meeting, then review spec and delete unused algorithms
... and then ready to move forward

virginie: Meet again 28 September?

<hhalpin> The main issue would be to get rbarnes and israel here, but I'll ping them.

RESOLUTION: meet 28 September

virginie: try to get Mozilla and Microsoft to the next call

WG charter extension proposal

virginie: W3C doesn't want groups to publish when out of charter
... propose to extend charter, unchanged, for 6 months
... no change of scope, just move out the milestones

<rsleevi> +1 to charter extension

virginie: if you agree with extension, +1

<engelke> +1

<virginie> +1 for charter extension by 6 months

<markw> +1

RESOLUTION: Group supports charter extension request

virginie: Revision of roadmap, Harry suggests we can finish by end of year

<hhalpin> +1

virginie: another thing still on the plan is to transform key discovery to note
... I'll send a formal proposal

markw: sounds good

virginie: any other questions?

<rsleevi> Regrets, I won't be able to make the next call.

virginie: ok to keep in touch by email?

rsleevi: I'll review the minutes and email

[adjourned]

trackbot, end meeting

- DRAFT -

Web Cryptography Working Group Teleconference

14 Sep 2015

Attendees

Contents

Members and activity status

Test cases status

WG charter extension proposal

Summary of Action Items

Scribe.perl diagnostic output