W3C

- DRAFT -

WebCrypto WG

28 Sep 2015

Attendees

Present
wseltzer, mikepie_msft, kodonog, markw, vjb, jyates
Regrets
Chair
Virginie_Galindo
Scribe
hhalpin

Contents

<virginie> https://lists.w3.org/Archives/Public/public-webcrypto/2015Sep/0028.html

<scribe> chair: Virginie

<scribe> scribe: hhalpin

Virginie: Objective of the call is to have discussion with browser profile
... and then make edits to the spec

No implementations: RSA-PSS, AES-CMAC, AES-CFB, CONCAT

Probably keep them since there are two different teams: DH, CONCAT, HKDF, PBDKDF2

Delete algorithms with no implementation, and keep onces with at least two different *teams* who made implementation even if they only work on one platform.

So we'd give MarkW an action to remove RSA-PSS, AES-CMAC, AES-CFB, CONCAT

The browser profile seems stable: RSASSA-PKCS1-v1_5, RSA-OAEP, AES-CBC, AES-GCM, AES-KW, HMAC, SHA-256, SHA-384, SHA-512

markw: We should ask to see if browser profiles and if there's fundamental reason why some will never be implemented

vijay: I'll be sad to see RSA-PSS and PBKDF2 go

hhalpin: We can keep PBKDF2

vijay: I'd hazard a guess that RSA-PSS is just not widely implemented yet in various libraries
... its in Windows OS in underyling platform but we're not ready

markw: How about AES-CTR?

hhalpin: it's kept but we don't expose it since there's two platforms

vijay: We've had a debate in terms of AES-CTR since lots of people don't have underlying security properties

markw: I could have a use-case AES-CTR and you have media files encrypted with AES counter and you wan't to described, so you'd need AES-CTR
... That's abstract rather than something we necessarily want to do

virgine: Markw, we have to demonstrate several implementations
... we cannot negotiate

<virginie> Action for editor to remove : RSA-PSS, AES-CMAC, AES-CFB, CONCAT

<trackbot> Error finding 'for'. You can review and register nicknames at <http://www.w3.org/2012/webcrypto/track/users>.

<wseltzer> [we can even leave the text as non-normative notes]

virginie: How do we proceed to capture the reality of implementations?

hhalpin: Someone needs to craft a paragraph, probably before the algorithm section, that says what algorithms are implemented across all browsers with the best implementation.

Virginie: I can try to write this paragraph, but how do we keep it updated?

We can just refer to the time-stamp of the spec, and then update as the spec matures. We can try to check once a year, and if there's major changes in algorthm support we can do a co-edited CR.

Virginie: Any alternatives?

Vriginie: If we make call for consensus for the plan October 13th
... call with management beginning of November

and then we'd try to transition out of CR and into PR into November at some point

virginie: A phone call one week prior to TPAC Monday the 19th

20 UTC

<mikepie_msft> thanks. bye

trackbot, end meeting

Summary of Action Items

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.136 (CVS log)
$Date: 2015/09/28 21:04:04 $