See also: IRC log
<trackbot> Date: 14 September 2015
scribe?
<scribe> scribenick: wseltzer
virginie: Welcome back
... Harry has been working on tests
... For this call, progress on testing, some results to
report
... also charter extension, since current charter ends at end
of Sept, so suggest 6mo extension
... to finalize tests and get to Rec
... Any other business?
virginie: Anyone want to discuss implementation?
<hhalpin> Basically, I'd like to know if anyone plans to change anything in their next browser version
<hhalpin> I'm happy to email Microsoft and Mozilla.
rsleevi: no updates since last
call
... we've put in the algos we intend to
... looking at 25519, in IETF
... also how to do deterministic signatures on 25519
... status on chromium.org
hhalpin: test case
... Google led the way; MS implementation now works
interoperably
<virginie> FYI, harry sent a snapshot here : https://lists.w3.org/Archives/Public/public-webcrypto/2015Sep/0008.html
rsleevi: there's nothing we
haven't yet implemented that we plan to implement
... 25519 still being specified
... some differences platform-to-platform, see
chromium.org
... nothing is still in-progress
hhalpin: I suggested algos for browser profile based on Mac/Linux/Windows
<hhalpin> Then there's some algorithms with no implementations: RSA-PSS, AES-CMAC, AES-CFB, CONCAT, HKDF-CTR
hhalpin: some algos have no implementation
<hhalpin> Should we remove?
hhalpin: Should we remove them?
<rsleevi> Not really all that close. e.g. the lack of ECC on Linux when using an NSS w/o ECC (RHEL & friends)
<virginie> question to rsleevi : is this page the one you are referencing for chromium ? https://www.chromium.org/blink/webcrypto
<rsleevi> That's not correct statement harry
<rsleevi> Chrome implements RSA-PSS, HKDF-CTR (in the modified form)
rsleevi: there was a github version that had a bug
<hhalpin> ACTION: Fix RSA-PSS [recorded in http://www.w3.org/2015/09/14-crypto-minutes.html#action01]
<trackbot> Error finding 'Fix'. You can review and register nicknames at <http://www.w3.org/2012/webcrypto/track/users>.
rsleevi: there's an open bug that what's in the spec is unimplementable
<rsleevi> Not sure what you mean by "FIx RSA-PSS"
<rsleevi> the issue was in HKDF-CTR
hhalpin: it would be great to fix that
<rsleevi> https://diafygi.github.io/webcrypto-examples/
hhalpin: reviewing
https://lists.w3.org/Archives/Public/public-webcrypto/2015Sep/0008.html
... Do we keep those algos that have 2 implementations, or
those implemented everywhere?
... at least 2 proves interop; devs might like what's
implemented everywhere
virginie: it's more reasonable to keep algos that are implemented broadly; 2 is a minimum, even better to get broader implementation
<rsleevi> Even within the algorithm space, there's a number of differences
<rsleevi> e.g. Safari does not implement the DER-encoded forms (SPKI, PKCS#8)
<rsleevi> Chrome does not implement the AES-192 families
hhalpin: if we don't expect implementers to change, then suggest making browser profile based on what's already been implemented everywhere
<rsleevi> Curve P-521 may be removed
hhalpin: Q to WG: should browser profile be 2 implementations, or all browsers?
<rsleevi> Even Chrome's implementation of SPKI/PKCS#8 are not spec compliant w/ respect to validation, error handling, or strict export. Real interoperability concerns there.
virginie: question to those implementors not on the call, are there other algos that you intend to implement?
<rsleevi> (We're more liberal than required by the spec)
hhalpin: we can't exit CR until
we specify a browser profile
... so I'm asking editors what they want to include
<hhalpin> The question is does the 'browser profile' cover algorithms that currently have interop between *all browsers*, 3, or 2?
rsleevi: The spec should reflect
reality
... we want to understand why there are 2 but not more
implementers -- plans, or schedule
... I described in irc a number of ways that implementations
can vary
... we need implementer feedback
hhalpin: to editors, woudl you support dropping from the spec algos with no or 1 implementation?
rsleevi: absolutely
<virginie> +1 to that proposal, harry, dropping less then 2 implementations
hhalpin: a few cases that only
Mozilla implements
... would you want to drop those?
rsleevi: for the things we
haven't implemented, we don't plan to implement.
... I'd be curious to hear from the group at-large about use
cases, including non-browser
... algos where no one plans to implement don't do anyone a
service in the spec
markw: flag 1 or fewer
implementation as to-be-removed (at-risk)
... so implementers can report plans to implement
... but we need 2 interop implementations to move forward
... can keep them around someplace, document history
engelke: as a developer, I'm
neutral on how much is added
... would like profiles to have lower bound of
commonality
... so 2 users on different browsers can communicate
virginie: Direction to have two implementations of each algo
<rsleevi> Speaking with the "I have to deal with crypto lawyers" hat on, I don't know we can *guarantee* that :) The best is 'best effort' and recognizing configuration and laws conspire against us
<hhalpin> I believe the 'browser profile' was agreed to informative rather than normative
rsleevi: it's crypto, so we can't guarantee that every browser will be able to talk, everywhere
<hhalpin> Just a quick clue to end-users that 'at the date of this spec, all these browsers implemented these algorithms'
<virginie> to hhalpin, okay
rsleevi: conceptually similar to the gamepad API doesn't work if you don't have a gamepad
hhalpin: we should try to get MS and Moz into a meeting
<virginie> action to hhalpin and virginie to have mozilla and microsoft opinion or presence for the next call
<trackbot> Error finding 'to'. You can review and register nicknames at <http://www.w3.org/2012/webcrypto/track/users>.
hhalpin: saying we will remove these algos with only one implemenation, unless you have plans to implement
virginie: sure
... Ryan, could you update list Harry sent?
... regarding implementation status
<hhalpin> We should probably move that list into github
<rsleevi> https://diafygi.github.io/webcrypto-examples/
rsleevi: that github link, now
fixed
... is a representative sample of tested from a mac
virginie: Harry, where are you on testing?
hhalpin: still working on it for
the CR report
... I'll put a sample CR report in github
... invite pull requests
... 2 weeks to put CR report together
... review at next meeting, then review spec and delete unused
algorithms
... and then ready to move forward
virginie: Meet again 28 September?
<hhalpin> The main issue would be to get rbarnes and israel here, but I'll ping them.
RESOLUTION: meet 28 September
virginie: try to get Mozilla and Microsoft to the next call
virginie: W3C doesn't want groups
to publish when out of charter
... propose to extend charter, unchanged, for 6 months
... no change of scope, just move out the milestones
<rsleevi> +1 to charter extension
virginie: if you agree with extension, +1
<engelke> +1
<virginie> +1 for charter extension by 6 months
<markw> +1
RESOLUTION: Group supports charter extension request
virginie: Revision of roadmap, Harry suggests we can finish by end of year
<hhalpin> +1
virginie: another thing still on
the plan is to transform key discovery to note
... I'll send a formal proposal
markw: sounds good
virginie: any other questions?
<rsleevi> Regrets, I won't be able to make the next call.
virginie: ok to keep in touch by email?
rsleevi: I'll review the minutes and email
[adjourned]
trackbot, end meeting
This is scribe.perl Revision: 1.140 of Date: 2014-11-06 18:16:30 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/community/communicate/ Succeeded: s/\me wseltzer, yes, I am// Succeeded: i/test case/Topic: Test cases status Found ScribeNick: wseltzer Inferring Scribes: wseltzer Default Present: wseltzer, viriginie, jyates, markw, kodonog, hhalpin, Charles_Engelke, Colin, rsleevi Present: wseltzer viriginie jyates markw kodonog hhalpin Charles_Engelke Colin rsleevi Found Date: 14 Sep 2015 Guessing minutes URL: http://www.w3.org/2015/09/14-crypto-minutes.html People with action items: fix[End of scribe.perl diagnostic output]