<scribe> chair: Virginie
<scribe> scribe: hhalpin
Virginie: Objective of the call is to have discussion with browser profile
... and then make edits to the spec
No implementations: RSA-PSS, AES-CMAC, AES-CFB, CONCAT
Probably keep them since there are two different teams: DH, CONCAT, HKDF, PBDKDF2
Delete algorithms with no implementation, and keep onces with at least two different *teams* who made implementation even if they only work on one platform.
So we'd give MarkW an action to remove RSA-PSS, AES-CMAC, AES-CFB, CONCAT
The browser profile seems stable: RSASSA-PKCS1-v1_5, RSA-OAEP, AES-CBC, AES-GCM, AES-KW, HMAC, SHA-256, SHA-384, SHA-512
markw: We should ask to see if browser profiles and if there's fundamental reason why some will never be implemented
vijay: I'll be sad to see RSA-PSS and PBKDF2 go
hhalpin: We can keep PBKDF2
vijay: I'd hazard a guess that RSA-PSS is just not widely implemented yet in various libraries
... its in Windows OS in underyling platform but we're not ready
markw: How about AES-CTR?
hhalpin: it's kept but we don't expose it since there's two platforms
vijay: We've had a debate in terms of AES-CTR since lots of people don't have underlying security properties
markw: I could have a use-case AES-CTR and you have media files encrypted with AES counter and you wan't to described, so you'd need AES-CTR
... That's abstract rather than something we necessarily want to do
virgine: Markw, we have to demonstrate several implementations
... we cannot negotiate
<virginie> Action for editor to remove : RSA-PSS, AES-CMAC, AES-CFB, CONCAT
<trackbot> Error finding 'for'. You can review and register nicknames at <http://www.w3.org/2012/webcrypto/track/users>.
<wseltzer> [we can even leave the text as non-normative notes]
virginie: How do we proceed to capture the reality of implementations?
hhalpin: Someone needs to craft a paragraph, probably before the algorithm section, that says what algorithms are implemented across all browsers with the best implementation.
Virginie: I can try to write this paragraph, but how do we keep it updated?
We can just refer to the time-stamp of the spec, and then update as the spec matures. We can try to check once a year, and if there's major changes in algorthm support we can do a co-edited CR.
Virginie: Any alternatives?
Vriginie: If we make call for consensus for the plan October 13th
... call with management beginning of November
and then we'd try to transition out of CR and into PR into November at some point
virginie: A phone call one week prior to TPAC Monday the 19th
<mikepie_msft> thanks. bye
trackbot, end meeting