W3C

- DRAFT -

Web Cryptography Working Group Teleconference

10 Sep 2012

Agenda

See also: IRC log

Attendees

Present
asad, wseltzer, ddahl, virginie, Tony_Nadalin, cjkula, JimD, karen, wtc, rsleevi, hhalpin, +1.707.799.aaaa, emily, [Microsoft], markw, arunranga, Mike_Jones, +1.303.543.aabb, +1.303.661.aacc, vgb, sdurbha?, zooko?
Regrets
Chair
virginie
Scribe
selfissued

Contents


<trackbot> Date: 10 September 2012

<virginie> hi all :)

<ddahl> hello

<ddahl> virginie: we have yelp, you will fail;)

<virginie> who is here?

Mike Jones here

Mike scribing

<wseltzer> scribenick: selfissued

Virginie overviewing agenda

Agenda OK, per Virginie's e-mail

<virginie> http://www.w3.org/2012/09/04-crypto-minutes.html

The minutes of the previous call were approved without objection

Draft API review

<zooko> No, I'm aabb

rsleevi: Only major change addition of examples for key provisioning

<virginie> http://lists.w3.org/Archives/Public/public-webcrypto/2012Sep/0102.html

<zooko> I always wonder who aacc is since they're in my area code.

Karen: Questioned title "out of band key provisioning"

<zooko> sdurbha: awesome. Let's go get coffee together sometime.

Karen: Title does not match use case

<sdurbha> then, I should be the other number that joined at the same time

Karen: Out of band provisioning is out of scope

<sdurbha> sure

Ryan: Use case relies on out of band key provisioning
... Pointed out by NetFlix that keys may not be provisioned at time of use
... Some degree of out of band still occurs within this use case
... Asks if anyone else has concerns with the current text

Karen: Not a major problem, but could cause confusion

Virginie: Suggests we change this for the next version of the next API
... Having a more accurate title helps
... Does not want to delay draft for this issue
... No other comments, after asking for them
... Proposal to go to First Public Working Draft

<virginie> "PROPOSAL: The current editors draft of the Web Crypto API to go forward as FPWD: http://www.w3.org/2012/webcrypto/WebCryptoAPI/"

<sdurbha> +1

<ddahl> +1

<JimD> +1

<wtc> +1

<arunranga> +1

<markw> +1

<emily> +1

<karen_> +1

+1

<rsleevi> +1

<virginie> +1

<asad> +1

<vgb> +1

<cjkula> +1

Harry: We could poll people on the phone explicitly

<zooko> +1

<virginie> RESOLVED: The current editors draft of the Web Crypto API to go forward as FPWD: http://www.w3.org/2012/webcrypto/WebCryptoAPI/"

<wseltzer> +1

Virginie: Because there is no objection, we can go to FPWD

<hhalpin> Note that the current editors draft of the Web Crypto API to go forward as FPWD: http://www.w3.org/2012/webcrypto/WebCryptoAPI/ is 1.46 version

Virginie: Asks editors to produce FPWD
... I'm very happy!
... Thanks to Ryan for your hard work

<hhalpin> ACTION: hhalpin and wseltzer to move the Editors Draft to TR space and communicate to the chairs@w3.org, the Director, and Comms Team over the FPWD publication [recorded in http://www.w3.org/2012/09/10-crypto-minutes.html#action01]

<trackbot> Created ACTION-45 - And wseltzer to move the Editors Draft to TR space and communicate to the chairs@w3.org, the Director, and Comms Team over the FPWD publication [on Harry Halpin - due 2012-09-17].

<hhalpin> congrats everyone!

Review Actions

Virginie: Agenda item: Review of Action Status
... Want to close things that need to be close
... Proposed closing 13, 38, 44, 39, 43

<wseltzer> ACTION-13?

<trackbot> ACTION-13 -- Wan-Teh Chang to and Arun to add missing use-cases -- due 2012-10-15 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/13

<arunranga> Regarding ACTION-13, I think we should poll MitchZ and MarkW as well.

<hhalpin> +1 separate document

<hhalpin> I'm happy to set that up.

Wan-Teh: Action 13 can already be met by use cases section of current draft
... OK to close

<wseltzer> trackbot, close ACTION-13

<trackbot> ACTION-13 And Arun to add missing use-cases closed

<wseltzer> ACTION-38

<wseltzer> ACTION-38?

<trackbot> ACTION-38 -- Mark Watson to write some non-normative text about pre-shared keys -- due 2012-09-03 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/38

Wan-Teh: Can open another action to track use cases document

<wseltzer> trackbot, close ACTION-38

<trackbot> ACTION-38 Write some non-normative text about pre-shared keys closed

Virginie: Closed 38

<wseltzer> ACTION-44?

<trackbot> ACTION-44 -- Ryan Sleevi to addition of 'netflix use cases' in the draft API in section 2 -- due 2012-09-12 -- CLOSED

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/44

<scribe> ... Closed 44

<wseltzer> ACTION-39?

<trackbot> ACTION-39 -- Asad Ali to sample code -- due 2012-09-03 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/39

UNKNOWN_SPEAKER: 39 was related to sample code - closed

<wseltzer> trackbot, close ACTION-39

<trackbot> ACTION-39 Sample code closed

<wseltzer> ACTION-43?

<trackbot> ACTION-43 -- David Dahl to write some sample code -- due 2012-09-13 -- CLOSED

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/43

<scribe> ... Closed 43

UNKNOWN_SPEAKER: Want to spend more time on the issues today

<wseltzer> [open actions: http://www.w3.org/2012/webcrypto/track/actions/open ]

Vijay: Does the owner get to close an issue, or does the opener have to concur?

<wseltzer> ACTION-40?

<trackbot> ACTION-40 -- Asad Ali to propose text for scope section about smart card -- due 2012-09-04 -- OPEN

<trackbot> http://www.w3.org/2012/webcrypto/track/actions/40

Virginie: The owner can close

<wseltzer> trackbot, close ACTION-40

<trackbot> ACTION-40 Propose text for scope section about smart card closed

<vgb> s//Vijay/Asad/

Harry: Wiki area - need clear editor for each document or ideally two
... Does not have to be recommendation track
... Should have a separate document for use cases
... Asking for an editor
... Willing to create new document

<hhalpin> WTC and Channy - are you OK with being editors of the use-case doc?

Virginie: Thought that Channy and Wan-Teh would manage that

<hhalpin> Or Arun?

Wan-Teh: Just the API draft needs a lot of time
... I don't mind editing the document
... But I questino whether taking it out of the main document is a good idea

Harry: Happy with the current document and believe the use cases should stay there
... We'll now fall into the world of secondary features
... A non-normative use case document would be useful
... Could allow a lot of use cases to put it
... Only need a few in the spec
... Separate document could enable more, with more details

<arunranga> OK, I volunteer

Arun: Volunteered to edit use case document

<hhalpin> thinking further down the line :)

<hhalpin> ACTION: hhalpin to create use-case document space for Arun [recorded in http://www.w3.org/2012/09/10-crypto-minutes.html#action02]

<trackbot> Created ACTION-46 - Create use-case document space for Arun [on Harry Halpin - due 2012-09-17].

Issues

Virginie: Agenda item: Issue status and priorities
... Clarify way issues are managed
... We need to finalize description of crypto operations
... Such has how to describe parameters, cloning, access control, origins, user involvement
... Asked editors to work on a specific set of issues
... Choosing one domain that you feel is the most pressing and make progress on it and drive consensus

<Zakim> rsleevi, you wanted to respond

Ryan: A great idea
... Most important to make sure we're happy with the crypto operations (creation, algorithms, parameters, use)
... David and Arun found interesting corner cases when writing examples
... Could block implementers
... Changing this would be much harder later
... Most important issues to work out now

Virginie: Do cloning and transfer fall into this?

Ryan: Cloning, transfer, neutering small parts of this with least impact
... Algorithms, modes, instantiation, most important questions

<arunranga> +1 rsleevi

Ryan: We need to be sure we're happy with this before looking at lesser issues like key management, etc.

<emily> +1

<wtc> +1

Virginie: Who supports focusing in next week on Ryan's topics?

+1

<ddahl> +1

David: Completely agree with Ryan

<JimD> +1

David: Getting word out about FPWD important
... Getting eyes on it from the JavaScript world

<cjkula> +1

David: Getting as much feedback as possible important

Wan-Teh: 2 questions
... In track tool, is there a way to assign priority to issues?

<hhalpin> unforunately WTC is right, no priority features for tracker :(

Wan-Teh: All the issues currently look equally important
... Second, current published editor's draft taken directly from CVS repository
... Is there a way to publish a stable version while we keep making changes to CVS?

Harry: No prioritizion available in tracker
... We could mark them in red/yellow/green or give them 1/2/3 markings
... Actualy process to take an HTML copy and give it a stable URI

<hhalpin> is this URI OK: www.w3.org/TR/webcrypto

Harry: All candidate specs have "TR" in them
... Editor's drafts perpetually change
... There will be a clear differentiation
... W3C will probably do a blog post about the FPWD
... Solicits quotes for blog post
... People could blog and e-mail to their friends
... There will be a little delay in publishing the FPWD
... Expect publication on Thursday or maybe next Tuesday at the latest
... Will be displayed on front page of W3C homepage

<hhalpin> any URI suggestions?

Harry: Asked if people want a different URI to propose them

<hhalpin> www.w3.org/TR/WebCryptoAPI

Virginie: We can continue this topic on the mailing list

<hhalpin> www.w3.org/TR/WebCryptographyAPI

<hhalpin> Any preferences?

Virginie: Need clear priorities for the working group
... Editor's will need to process incoming comments

<hhalpin> If not, lets go for http://www.w3.org/TR/WebCryptoAPI/

<karen_> +1

Virginie: We will not be able to work on discovery, origin definitions, etc. and still process the incoming comments

<rsleevi> hhalpin: I'm less concerned about the /TR/ URL, but I suspect we'll want to figure out the "WIP" URL and "semi-stable" publishing (eg: dvcs.w3.org/WebCrypto/WebCryptoAPI-20120904 )

Virginie: Focusing on the crypto opertions the first priority

<rsleevi> but we can have that discussion on the mailing list

<rsleevi> +1

<ddahl> +1

<JimD> +1

<hhalpin> +1

<asad> +1

<mitchz> +1

<virginie> +1

<emily> +1

<wtc> +1

<arunranga> +1 for the new technology to be dubbed "WebCrypto API"

Name http://www.w3.org/TR/WebCryptoAPI/ chosen

<cjkula> +1

<Anthony> +1

<zooko> \o/

<hhalpin> for semi-stable, we can keep http://www.w3.org/2012/WebCryptoAPI/ and have that redirect to Mercurial, as it seems folks are sick of CVS :)

<hhalpin> Technically, its ECMAScript :)

Seetharam: Isn't it actually more like a JavaScript crypto API?

<ddahl> sdurbha: i would leave JS out of it

<rsleevi> Technically, it's WebIDL :)

<rsleevi> which Ecmascript bindings exist

Seetharam: Rather than a Web crypto API?

<rsleevi> (and other user agents have other bindings) :)

Seetharam: Web has specific connotations

<hhalpin> The W3C tradition is to stick "Web" in front of things :)

Virginie: Have always seen this name

<hhalpin> We could call it CryptoAPI but that might cause confusion with other folks

Jim: My understanding is that other acccess means other than JavaScript can also be used

<Zakim> rsleevi, you wanted to respond to jimd

Ryan: Jim is correct
... We are specifying WebIDL bindings
... Bindings can be specified for other languages other than ECMAScript, such as Java
... Number of ways to take WebIDL and translate into lanaguage specifications
... Numerous concepts borrowed from HTML5
... Not programming-language specific
... Can be adopted for other use cases, such as node.js

Virginie: We will keep the Web Crypto API title

Mike LOL at Arun's comment!

Virginie: Several issues currently open about key management
... Wondering if other participants wouldn't like to work on another domain other than core crypto operations

markw: A number of issues not settled called out in draft
... Considering issues in draft, asking whether Virginia is proposing a different parallel process?

Virginie: We can work on the mailing list, rather than allocating specific time during the conference call
... Wants proposals to be written down
... Wants written comments on proposals
... Then we can consider them during the conference call
... Trying to address different problem areas with different teams

Mark: Are you really just looking for volunteers to take responsibility for open areas?

Ryan: Understand proposal - concern that may end up fragmenting if we have parallel discussions
... Are you proposing sub working group?

Virginie: Trying to make the group realize that we have a set of problems that are dependent
... Want people to take lead on collecting proposals on the mailing list

<hhalpin> its better in general to keep everything just on the WG mailing list

<hhalpin> not to do sub-WGs

Virginie: 400 mails in August
... 100 so far in September
... Not everyone can follow all of that

Ryan: About 3-5 broad issue categories

<hhalpin> it would be better to "order" the categories of ISSUES I think

<vgb> +1 to Harry - the small set of implementers will want to watch all categories in any case

Ryan: Helpful to have clear ownership
... Agree on taking ownership of comments coming in from FPWD

Asad: Not sure how formalized the process is for forming subgroups
... Could tag e-mail thread with a topic
... Will help people follow the topics that are of interest to them

<Zakim> rsleevi, you wanted to respond to Virginie's proposal

Asad: Effectively implicitly forms subgroups based upon interest

<zooko> That sounds great.

<zooko> I have read about 10% of the mailing list traffic recently.

Harry: In general, better to just tag messages than set up separate mailing lists and cause fracturing
... Better to order broad categories
... Although people will of course operate somewhat in parallel

Virginie: There is no final conclusion
... We are out of time to describe the different domains, etc.
... We can do this over the mailing list

Group Life

Virginie: Agenda Item: Group Life
... Do not forget to book your travel and accomidation for the meeting in Lyon
... Can also attend plenary session

<wseltzer> [TPAC info: http://www.w3.org/2012/10/TPAC/ ]

Virginie: Thu & Fri will have our 2-day meeting with Web Security WG

Will be ideal if you can be there last day of October through November 2

scribe: Very interesting and fun also
... Will discuss objectives for F2F in next few calls
... We make a lot of progress in F2F meetings

<hhalpin> trackbot, end meeting

scribe: Can close call - thanks to editors and Mike for scribing

Summary of Action Items

[NEW] ACTION: hhalpin and wseltzer to move the Editors Draft to TR space and communicate to the chairs@w3.org, the Director, and Comms Team over the FPWD publication [recorded in http://www.w3.org/2012/09/10-crypto-minutes.html#action01]
[NEW] ACTION: hhalpin to create use-case document space for Arun [recorded in http://www.w3.org/2012/09/10-crypto-minutes.html#action02]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.136 (CVS log)
$Date: 2012/09/10 20:01:15 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.136  of Date: 2011/05/12 12:01:43  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/Harry/rsleevi/
WARNING: Bad s/// command: s//Vijay/Asad/
Succeeded: s/someone/Channy/
Succeeded: s/Arun/Wan-Teh/
Succeeded: s/Arun:  Just/Wan-Teh:  Just/
Succeeded: s/Ryan/markw/
Succeeded: s/Agenda item:  Draft API review/Topic: Draft API review/
Found ScribeNick: selfissued
Inferring Scribes: selfissued
Default Present: asad, wseltzer, ddahl, virginie, Tony_Nadalin, cjkula, JimD, karen, wtc, rsleevi, hhalpin, +1.707.799.aaaa, emily, [Microsoft], markw, arunranga, Mike_Jones, +1.303.543.aabb, +1.303.661.aacc, vgb, sdurbha?, zooko?
Present: asad wseltzer ddahl virginie Tony_Nadalin cjkula JimD karen wtc rsleevi hhalpin +1.707.799.aaaa emily [Microsoft] markw arunranga Mike_Jones +1.303.543.aabb +1.303.661.aacc vgb sdurbha? zooko?
Agenda: http://lists.w3.org/Archives/Public/public-webcrypto/2012Sep/0107.html
Found Date: 10 Sep 2012
Guessing minutes URL: http://www.w3.org/2012/09/10-crypto-minutes.html
People with action items: hhalpin wseltzer

[End of scribe.perl diagnostic output]