Web Cryptography Working Group Teleconference

22 Feb 2016

See also: IRC log


wseltzer, virginie, hhalpin, jyates, Charles_Engelke, jimsch, markw


<hhalpin> thanks, that's what I was about to do.

<hhalpin> lets try to join the telco now

<hhalpin> I just sent Wendy the host key as well, I'll send it to you Virginie

<hhalpin> Happy to scribe

virginie: anyone from Microsoft here?

<hhalpin> scribe: hhalpin

Virginie: Tim from Mozilla and Microsoft said they were going to join but didn't make it.
... so let's continue this on the mailing list
... we want to go through charter and timeline
... hard to address if state of browser implementation
... test-suite status
... let's focus on that.

hhalpin: We should push the spec to CR and reflect how it's currently implemented, so let's focus on 2-4 regardless of lack of support from browser vendors

wseltzer: It's an important spec for developers, let's tie up loose ends and make sure we can get interop needs

virginie: it's the minimum we can have
... the voice of the browser implementers is very important

<inserted> scribenick: wseltzer

hhalpin: we have to assume no new features, current state of implementation is what goes to Recommendation
... so we'll need to remove some algorithms
... and make sure we have tests for what's implemented

markw: test suite is key

<virginie> +1 to test implementations by tests

<hhalpin> markw: If we have a detailed test-suite then we can have a clear record of what is miss or missing not.

<hhalpin> ... maybe there's resistance to a few things, but we can probably get a few tweaks

hhalpin: I can review the three edits we need to go to CR
... procedural, let's move our work to github

<virginie> +1 to github

markw: github will be much better

<jimsch> +1 github

<hhalpin> PROPOSAL: Move everything to github, shut-down redirect and the W3C mercurial repo


RESOLUTION: Move everything to github, shut-down redirect and the W3C mercurial repo

hhalpin: then we have to show we've resolved all objections
... 1st was Akamai's request for pointer to security guidance
... I suggest we add a pointer to CFRG document
... 2d was non-NIST curve
... CFRG hasn't yet fully resolved

<jimsch> +q

hhalpin: not enough detail for us to implement
... so I suggest we respond to CFRG

jimsch: what do you believe isn't covered in terms of format?

hhalpin: last I saw, there was still debate on parameters

<virginie> Note : security guidelines from CFRG https://datatracker.ietf.org/doc/draft-irtf-cfrg-webcrypto-algorithms/

hhalpin: on curve 25519

jimsch: wire transfer format is open in terms of what the points look like
... but it's now a published RFC
... Adam Langley's draft is finished
... Edwards signature is still open

hhalpin: I believe Mozilla is implementing

<hhalpin> http://www.ietf.org/mail-archive/web/cfrg/current/msg07288.html

hhalpin: haven't yet decided to expose to WebCrypto

jimsch: they'll have to implement DH for TLS, not necessarily signature

hhalpin: unless we have 2 implementations, the most we can do now is a note

jimsch: until we get a wire format for keys, we can't import or export
... neither JOSE nor PKICS is specified yet
... so punt for now

Test Suite

hhalpin: minimum bar, or higher
... proving that algorithms, WebIDL have been implemented in more than 1 browser
... using Charles's tests, we showed this was partially true

<hhalpin> http://testthewebforward.org/


hhalpin: or should we do more?

<virginie> https://github.com/diafygi/webcrypto-examples/

hhalpin: if anyone is available to help

markw: the challenge with webcrypto is that there are so many individual pieces to test

<hhalpin> webidlharness.js

markw: we have some tests in jasmine, not portable

charles: has anyone written a shim for jasmine to webplatform test framework?

hhalpin: I can ask

markw: then we can put in the Netflix tests

hhalpin: I'll ask Tobie if he knows of a Jasmine->webplatform test framework

charles: I'd love to help, but I'm slammed at the moment

hhalpin: some outside people have shown interest
... I'd be happy to do test suite training on off weeks between our biweekly wg calls
... if we can't get WPT, jasmine tests meet minimum bar

markw: I didn't find lots of interest
... but I could help if Harry is leading a test effort
... if you're willing to lead, then we can help fill in missing tests

hhalpin: I'll do a training next week at this time
... pick a few algorithms, make some tests
... we'll test that IDL is implemented
... not testing every step in every algorithm
... we can't test service workers, key format interop
... because we've gotten advice we won't get implemenation
... we can submit bug reports on the implementations
... but if we don't get bug fixes, we should take pieces out of the spec

virginie: that sounds like the right way forward

markw: we're not using key formats
... can we get enough test cases to show the boundary between what works and what doesn't?

hhalpin: so long as the guidance is clear, on what's usable, what's not

<hhalpin> PROPOSAL: Do a test-creating session on the off-days from telecon, next week Monday - see who shows up?

<hhalpin> If no one shows up, we already have test of presence of algorithms and we'll just go with that.

<hhalpin> Which is already there.

virginie: we need to keep talking as well with browser implementors about status

<scribe> ACTION: virginie to talk with Microsoft and Mozilla [recorded in http://www.w3.org/2016/02/22-crypto-minutes.html#action01]

<trackbot> Created ACTION-155 - Talk with microsoft and mozilla [on Virginie GALINDO - due 2016-02-29].

hhalpin: it would be great if you share summary of current state

virginie: one month for feedback, whether to go for extensive or more minimal tests
... and editorial changes

<hhalpin> wseltzer: let's make some concrete dates

virginie: to match
... two big tasks: spec editing, and tests
... if we were going for extensive tests, and you therefore had to remove features
... can you do that in a month, markw?

markw: yes, for editing, a month would be fine
... so a month deadline sounds fine

virginie: follow-up call in 2 weeks
... bringing info back to WG
... bi-weekly calls for WG; tests on the alternate weeks
... so we'll need to work on mailing list as well
... what's our choice for charter renewal?

wseltzer: we have an important, mostly implemented spec
... since we also know it needs some cleanup, I'd like to see it move forward to Rec
... I think we should give it 6 months for the procedural steps

hhalpin: we know mostly what's required to be removed
... since CR->PR and PR->Rec are both process steps, even a 6mo extension gives only 4 months of work
... so if we have no movement by the end of March, we should go directly to edits on the spec

PROPOSED: extend the WG for 6 months

<virginie> +1 on 6 months

virgine: extension means no change to scope, continue to move forward
... any objections?

RESOLUTION: extend the WG for 6 months

virginie: so we'll ask for a 6mo extension
... Harry will meet next week regarding test suites
... any other business?
... thank you to those who participated!
... next WG meeting March 7
... Please come then, and for test discussion on 29 February, 2000 UTC

hhalpin: I'll send an email on TTWF process


<hhalpin> thanks everyone!

Summary of Action Items

[NEW] ACTION: virginie to talk with Microsoft and Mozilla [recorded in http://www.w3.org/2016/02/22-crypto-minutes.html#action01]

Summary of Resolutions

  1. Move everything to github, shut-down redirect and the W3C mercurial repo
  2. extend the WG for 6 months
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.144 (CVS log)
$Date: 2016/02/22 22:06:10 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.144  of Date: 2015/11/17 08:39:34  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/idividual/individual/
Succeeded: s/mnht/month/
Succeeded: i/hhalpin: we have/scribenick: wseltzer
Found Scribe: hhalpin
Inferring ScribeNick: hhalpin
Found ScribeNick: wseltzer
ScribeNicks: wseltzer, hhalpin
Present: wseltzer virginie hhalpin jyates Charles_Engelke jimsch markw
Regrets: tim_taubert
Found Date: 22 Feb 2016
Guessing minutes URL: http://www.w3.org/2016/02/22-crypto-minutes.html
People with action items: virginie

[End of scribe.perl diagnostic output]