19:55:25 <RRSAgent> RRSAgent has joined #crypto
19:55:25 <RRSAgent> logging to http://www.w3.org/2015/10/12-crypto-irc
19:55:27 <trackbot> RRSAgent, make logs public
19:55:27 <Zakim> Zakim has joined #crypto
19:55:29 <trackbot> Zakim, this will be CRYPT
19:55:29 <Zakim> I do not see a conference matching that name scheduled within the next hour, trackbot
19:55:30 <trackbot> Meeting: Web Cryptography Working Group Teleconference
19:55:30 <trackbot> Date: 12 October 2015
19:55:55 <hhalpin> hhalpin has changed the topic to:  WebCrypto October 12th meeting +1-617-324-0000 meeting number 643 244 026 code: crypto
20:01:52 <hhalpin> chair: Virginie
20:02:16 <engelke> engelke has joined #crypto
20:03:09 <bal> bal has joined #crypto
20:03:39 <hhalpin> present+ joanna, engelke, bal
20:03:51 <hhalpin> scribe: hhalpin
20:04:14 <hhalpin> bal: The reason I dove onto this call to discuss CFRG's supposed output
20:04:26 <hhalpin> ... given recent Suite B announcements
20:04:30 <hhalpin> ... I've gotten lots of questions
20:04:32 <hhalpin> q+
20:05:09 <hhalpin> virginie: We'd like Microsoft's input on implementing various algorithms
20:05:13 <hhalpin> ... in particular, RSA-PSS
20:05:39 <hhalpin> Note last time Vijay said it wasn't likely for RSA-PSS to be implemented in WebCrypto soon
20:05:47 <hhalpin> Note also I believe Israel has left Microsoft I heard?
20:05:50 <hhalpin> So maybe ask Vijay?
20:06:01 <hhalpin> bal: this will be my personal opinion, not a product commitment
20:06:14 <hhalpin> q?
20:06:16 <virginie> to hhalpin : yes, for israel leaving , heard too :)
20:06:20 <hhalpin> ack hhalpin
20:07:02 <virginie> agenda ?
20:07:11 <virginie> agenda+ welcome
20:07:33 <virginie> agenda+ Discussion around transfer of algorithm to Note
20:07:50 <virginie> agenda+ Discussion on CFRG recommendation
20:07:57 <hhalpin> I'd like to have a procedure for adding algorithms at the end of this meeting.
20:08:06 <virginie> agenda+ Next steps to go for Rec
20:08:07 <hhalpin> bal: We have less interoperability than we hoped for across a wide variety of algorithms
20:08:17 <hhalpin> ... for example, we're not seeing RSA-PSS implemented
20:08:21 <virginie> agenda+ Coming working method for the maintenance phase
20:08:24 <virginie> agenda ?
20:08:43 <virginie> agenda+ AOB
20:08:51 <hhalpin> ... would polyfill count? We've shipped that.
20:10:00 <virginie> action hhalpin : clarify polyfill versus native in the implementation count
20:10:00 <trackbot> Created ACTION-153 - : clarify polyfill versus native in the implementation count [on Harry Halpin - due 2015-10-19].
20:10:03 <hhalpin> I'm OK with a polyfill, but I'd have to check with W3C
20:10:22 <hhalpin> bal: Again, new investiment is in Edge, so unclear how it will come.
20:10:32 <hhalpin> ... we aren't talking about a browser profile
20:10:38 <hhalpin> ... we're talking about two communicating points
20:10:54 <virginie> agenda?
20:12:01 <hhalpin> ... two Javascript implementations should count
20:12:07 <hhalpin> bal: Note we've moved on, I don't have a lot of cycles
20:12:29 <hhalpin> ... if there's code out there, we can do that
20:12:42 <hhalpin> ... if we want it all to be native in the browser, that's fine
20:13:17 <hhalpin> virginie: What are the chances that if something in polyfill becomes native in browser?
20:13:30 <hhalpin> bal: We don't have an agreement between polyfill and the browser
20:13:52 <hhalpin> ... we had product groups inside of MS that needed this functionality
20:14:01 <hhalpin> ... we needed client side crypto and all they had was a browser context
20:14:18 <hhalpin> ... so we have a client base for library, but that's separate from the Windows browser
20:14:37 <hhalpin> Sounds like a strong case for the polyfill, I'll ask PLH and W3C if they have any opinion
20:14:54 <virginie> agenda?
20:17:04 <hhalpin> topic: Discussion around transfer of algorithms to Note
20:17:18 <hhalpin> Virginie: Some algorithms will be removed as they are not implemented in two different browsers
20:17:30 <wseltzer> regrets+ wseltzer
20:17:32 <hhalpin> Note DH and AES-CTR are also implemented in Mozilla
20:17:46 <hhalpin> q+
20:18:28 <hhalpin> virginie: If Mozilla can't ship in main browser, then we have to remove it.
20:18:31 <hhalpin> q+
20:20:05 <hhalpin> PROPOSAL: We can keep it until a few days before, and then we remove it.
20:20:24 <hhalpin> virginie: testing on nightly is OK?
20:20:29 <hhalpin> hhalpin: Yes, it varies by working group
20:20:54 <hhalpin> its OK in our case
20:21:14 <hhalpin> but he really does want things without two interoperable implementions he wants removed
20:21:51 <hhalpin> virginie: What should we do with these?
20:22:00 <hhalpin> ... NUMS and Curve 25519 were not reviewed extensively
20:22:14 <hhalpin> ... I would put past algorithms in one note and others a second note.
20:22:16 <bal> q+
20:22:21 <hhalpin> q- hhalpin
20:22:57 <hhalpin> bal: My advice is not that's important for some of these algorithms
20:23:07 <hhalpin> ... they fail to meet interoperability minimum bar
20:23:18 <hhalpin> ... the text is present in the CR
20:23:21 <hhalpin> ... so we won't lose it.
20:23:47 <hhalpin> ... if we text of other algorithms in a spec
20:23:55 <hhalpin> ... it might confuse people
20:24:01 <hhalpin> ... it was also an issue with XML-DSIG
20:24:21 <hhalpin> ... the big lesson from XML-DSIG, was that to try to get SHA-2 into spec took us 4 years
20:24:28 <hhalpin> ... we needed all of Suite B
20:24:36 <hhalpin> ... two years of a IRTF WG hold
20:24:42 <hhalpin> ... it made spec be less relevant, not fast enough for industry
20:24:55 <hhalpin> ... we are going to see a lot more churn in proposed algorithms
20:25:06 <hhalpin> ... its going to happen on elliptic curve space, post-quantum space
20:25:08 <hhalpin> ... its hitting TLS
20:25:15 <hhalpin> +1 keeping post-quantum in mind
20:25:32 <hhalpin> ... I will assume you want a clear process
20:25:50 <hhalpin> ... and to keep people from submitting.
20:25:57 <hhalpin> ... There are certain national algorithms that may come here too.
20:26:38 <hhalpin> virginie: Would you recommend one spec per algorithm?
20:26:43 <hhalpin> bal: That might overload process of W3C
20:27:13 <hhalpin> virginie: Removing the stuff is done, but we need to know what to do next.
20:27:36 <hhalpin> bal: Let me throw a further wrench, we've had the 4Q curve that is 2.5 faster than Curve25519
20:27:44 <hhalpin> ... lots of interest in performance characteristics
20:28:04 <hhalpin> ... its always tough to register new algorithms
20:28:25 <hhalpin> ... in XML-DSIG you could define new identifier and we were loose with private labels
20:28:30 <hhalpin> q+
20:28:38 <hhalpin> ... none of this is mandatory to implement
20:28:51 <hhalpin> bal: I've found Notes to have limited value
20:29:21 <hhalpin> virginie: There is no plan to put them in our main spec
20:29:33 <hhalpin> ... the Note is algorithms be implemented
20:35:26 <hhalpin> http://www.w3.org/2014/Process-20140801/#revised-cr
20:35:52 <hhalpin> bal: If you say "Proposed" then it could be considered going forward
20:36:02 <hhalpin> ... if you say "Additional" then its less likely.
20:36:22 <hhalpin> ... I know there's lots of different opinions on the registry
20:36:34 <kodonog> kodonog has joined #crypto
20:36:37 <hhalpin> ... my feeling is we're going to see a lot more things proposed due to lots of new work
20:36:43 <hhalpin> ... its not going to be one or two
20:36:55 <hhalpin> virginie: What is going to drive adoption is implementation
20:37:22 <hhalpin> ... it will be the implementation that reflects the market
20:37:26 <hhalpin> ... but maybe not so many implementations
20:37:31 <hhalpin> bal: We'll need to try some things out
20:37:40 <hhalpin> ... what the engineering parameters will be.
20:37:55 <hhalpin> ... given NSA just killed P-256 by saying its not part of Suite B anymore
20:37:59 <hhalpin> ... thrown EC up in the air a bit
20:38:32 <hhalpin> ... so what's going on is we're going to be also reflecting what's happening this of.
20:39:21 <ale> ale has joined #crypto
20:40:33 <hhalpin> "Submitted for Consideration"
20:40:43 <hhalpin> bal: It will open it wide up, but not commitment no action
20:42:04 <hhalpin> What about DH?
20:42:12 <hhalpin> Should we have a third category
20:42:19 <hhalpin> or do we put in "Proposed" or "Submitted"
20:42:30 <hhalpin> bal: From our experience, theres clear wins on the ECDH side
20:42:35 <hhalpin> ... we need a motivating scenario
20:43:16 <hhalpin> some crypto libraries let everything in
20:43:26 <hhalpin> bal: So I would dump it back in Proposed
20:43:35 <hhalpin> ... unless you feel a negative recommendation
20:43:43 <hhalpin> q+
20:44:56 <hhalpin> I would support putting DH into "Proposed"
20:45:15 <hhalpin> and anything else the WG ha agreed on but hasn't  - for whatever reason - been implemented.
20:45:24 <virginie> agenda?
20:56:24 <hhalpin> hhalpin: We're going to ship rather than wait for the crypto-space to be stable
20:56:30 <hhalpin> bal: Let's ship this
20:56:40 <hhalpin> virginie: We'll be pragmatic
20:56:54 <hhalpin> ... and when someone proposes a new algorithm, we'll direct them to do it
20:57:05 <hhalpin> hhalpin: And the only testing will be interop
20:57:10 <hhalpin> bal: I think you're correct on that
20:58:01 <hhalpin> ... all national standards bodies are pushing for international standards via ISO
20:59:48 <hhalpin> ... for examples, these could go into "Proposed"
21:00:00 <hhalpin> virginie: What about presence or absence of algorithms per region?
21:00:20 <hhalpin> q+
21:00:21 <Yates> Yates has joined #crypto
21:00:29 <hhalpin> ... that is something we'll have to deal with
21:00:34 <hhalpin> ... in order to stay pragmatic
21:01:13 <hhalpin> bal: National-level interop and regional restrictions around crypto never came up in XML-DSIG
21:01:18 <hhalpin> ... what key lengths you were allowed etc.
21:01:24 <hhalpin> ... Not a problem I'd try to proactively solve
21:01:35 <hhalpin> ... if we start proactively adding support, we'll encourage fractured spaces
21:01:40 <hhalpin> ... doesn't help interop
21:02:22 <hhalpin> ... web and physical locality doesn't interact very well
21:03:04 <virginie> agenda?
21:06:42 <hhalpin_> hhalpin_ has joined #crypto
21:06:55 <hhalpin_> RRSAgent, draft minutes
21:06:55 <RRSAgent> I have made the request to generate http://www.w3.org/2015/10/12-crypto-minutes.html hhalpin_
21:07:17 <virginie> hhalpin, i am alone on the bridge
21:07:23 <hhalpin_> OK, time to end meeting :)
21:07:26 <virginie> you can come back s that we have a short chat