WebCrypto WG -- 30 Nov 2015

<hhalpin> 1-617-324-0000 Access Code: 643 244 026

<hhalpin> Password is member-only link

<scribe> scribenick: wseltzer

<virginie> http://www.w3.org/2015/Process-20150901/#Reports

virginie: Welcome. We're checking to see whether the spec is ready to progress toward Rec
... Discussion on mailing list over the last few weeks to finalize the WebCrypto API

<virginie> https://github.com/w3c/webcrypto

virginie: spec in github repo
... Harry, can you share recent changes?

hhalpin: some edits to prep for PR
... and Jim giving a substantive check

<hhalpin> pr-edits branch of the git repo

<hhalpin> 1) Normative references

hhalpin: Three edits: fixing normative references

<virginie> https://github.com/w3c/webcrypto/tree/pr-edits

hhalpin: Added a resolution to Akamai's objection
... noting the CFRG document on crypto algorithm analysis

<hhalpin> 2) We added a sentence to resolve the Akamai objection, noting the CFRG document which the CFRG has accepted to maintained, added to references

hhalpin: minor things

<hhalpin> 3) Editorial Notes -> Just became part of the spec text

<hhalpin> Even though support BER encoding, we don't.

hhalpin: text from note was moved to spec

<hhalpin> 4) Some of preamble removed

hhalpin: preamble was removed, where it asked for help
... and finally, changing SOTD

<hhalpin> The last PR -> is to change the status section to match the PR section and to change the CSS

hhalpin: Last issue, I thought we could add a sentence to the algo section saying "if an algo is not in this list, it doesn't mean it's not under consideration, please check proposed algorithm note"
... but I wanted to get discussion from WG/editors
... or we could put that on the group homepage .

<hhalpin> Only substantial change to the spec that I would see making before going to PR

jimsch: I have a slightly different proposal for dealing with editorial notes
... I noted at least one ref to a section in an X9 document that wasn't filled in.

<jimsch> Let <var>secret</var> be the result of applying the field element to

<jimsch> <a href="#dfn-octet-string">octet string</a> conversion defined in Section ? of <a href="#X9.63">X9.63</a>

<jimsch> to the output of the ECDH primitive.

wseltzer: we're looking for a copy of the X9 spec

hhalpin: let's try to get a copy of the spec, and if not, can delete the reference

<hhalpin_> Not super-happy with deleting reference, but it seems to be the best thing to do if otherwise its unfixable. I would assume Sleevi may have had same issue.

virginie: we need to fix that before we move to PR
... regarding proposed algorithm note, we don't currently ahve that document
... so I don't want to put a dangling link

hhalpin: I could write the list, but we'd want someone available to maintain it
... Does anyone want to edit?

jimsch: there are other documents we could reference instead of X9
... there's an IETF ref.

hhalpin: sure

<hhalpin_> X9 - what other document could we reference?

hhalpin_: I'll make a "proposed algorithm" page, but won't refer to it in the spec

virginie: We need a WG resolution to move to PR

<hhalpin_> We can make that clear on the homepage, so people who find the spec and are looking for their favorite algorithm, we can at least point them to a document, even if it doesn't have an editor.

<jimsch> Change X9 to RFC6090

selfissued: I had thought that issue of IANA registry adding algorithm analysis line would be done

hhalpin_: I'll put that in

jimsch: I'm willing for it not to exist

selfissued: N/A

<hhalpin_> I'm OK with anything.

jimsch: it's ok if the line doesn't exist

selfissued: for IANA, it shouldn't be missing a required field, even if the field's value is N/A

hhalpin_: 3 options, nothing, N/A, or ref to CFRG document

selfissued: nobody objected to N/A

<jimsch> n/a is fine

<selfissued> Algorithm Analysis Documents(s): n/a

<virginie> https://lists.w3.org/Archives/Public/public-webcrypto/2015Nov/0012.html

<selfissued> Put that line after each of the Specification Document(s) lines in 34.1

<selfissued> In Section 34.1. JSON Web Signature and Encryption Algorithms Registration

<selfissued> Refreshing https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#iana-section-jws-jwa I'm not seeing the edits. Is this expected?

jimsch: I want to change one of the editorial issues response

hhalpin_: we should allow editorial flexibility to deal with minor issues that don't have substantive impact

jimsch: should we send notice of pull request to the mailing list?

virginie: yes, let's do that

selfissued: I had thought the current editors' draft was at the "latest" link in the CR

<scribe> ACTION: hhalpin to change the ED link in mercurial to point to github [recorded in http://www.w3.org/2015/11/30-crypto-minutes.html#action01]

<trackbot> Created ACTION-154 - Change the ed link in mercurial to point to github [on Harry Halpin - due 2015-12-07].

<hhalpin_> https://github.com/w3c/webcrypto/tree/pr-edits/spec/

<jimsch> Is there a version that gets rebuilt automatically on github?

selfissued: the call for review should contain a link to arendered version of the document with PR edits

<hhalpin_> https://raw.githubusercontent.com/w3c/webcrypto/pr-edits/spec/Overview.html

<jimsch> Let's make a README.md file that has the link to the rendered document.

wseltzer: we'll make sure when we send the minutes there's a rendered version to include a pointer

<hhalpin_> I'll have to set-up up gh-pages or make a standalone rendered version

<hhalpin_> No problem doing that.

selfissued: please point to both github and rendered version

virginie: provided that we have a link to rendered version, that we fix X9 links, that we allow editors to make non-substantive changes, and ask editor about link to "proposed algorithm"

PROPOSED: That we move the WebCrypto API to Proposed Recommendation
... as found at https://raw.githubusercontent.com/w3c/webcrypto/pr-edits/spec/Overview.html

<hhalpin_> "Move the WebCrypto API [at https://github.com/w3c/webcrypto/tree/pr-edits/spec/] to Proposed Recommendation with the ability of the editors to make minor changes as needed.

<hhalpin_> But Wendy's is a bit more straightforward.

<selfissued> Please include both a link to a rendered version and the github branch in the review e-mail

<jimsch> harry - are you going to approve your pull request or are you going to wait for an editor to do it?

<hhalpin_> I'm going to give the editor a few more days, I see no reason to rush

virginie: if you agree, +1, disagree, -1

<dconnolly> +1

<virginie> +1

<jimsch> +0

<Charles_Engelke> +1

<hhalpin_> The important thing is to start the clock!

<selfissued> +1

<hhalpin_> +1

virginie: Sounds like consensus here. We submit to 2-week review on mailing list, and if no objection there, then 14 December, move to PR
... Thank you for your work
... Anything else to discuss?

<hhalpin_> Just find that IETF reference for me ASAP Jimsch :)

<jimsch> harry - it is in the log

RESOLUTION: That we move the WebCrypto API to Proposed Recommendation, as found at https://raw.githubusercontent.com/w3c/webcrypto/pr-edits/spec/Overview.html

virginie: in the meantime, if you find editors for the Proposed Algorithms note, please let us know.

<kodonog> +1 (didn't hit return)

virginie: No further calls planned, but keep working by email.
... Don't hesitate to use mailing list.

<selfissued> What's the e-mail list you referenced, Wendy?

<inserted> wseltzer: For further W3C discussions on Web Security, see the Web Security IG, public-web-security@w3.org, and discussion of draft charters for Web Authentication and Hardware-Based Security

wseltzer: public-web-security@w3.org (Web Security IG)

virginie: thank you all

trackbot, end meeting

- DRAFT -

WebCrypto WG

30 Nov 2015

Attendees

Contents

Summary of Action Items

Summary of Resolutions

Scribe.perl diagnostic output