18:54:26 <RRSAgent> RRSAgent has joined #crypto
18:54:26 <RRSAgent> logging to http://www.w3.org/2014/07/07-crypto-irc
18:54:28 <trackbot> RRSAgent, make logs public
18:54:28 <Zakim> Zakim has joined #crypto
18:54:30 <trackbot> Zakim, this will be CRYPT
18:54:30 <Zakim> ok, trackbot; I see SEC_WebCryp()3:00PM scheduled to start in 6 minutes
18:54:31 <trackbot> Meeting: Web Cryptography Working Group Teleconference
18:54:31 <trackbot> Date: 07 July 2014
19:56:31 <virginie> virginie has joined #crypto
20:00:25 <harry> Zakim, what's the code?
20:00:25 <Zakim> the conference code is 27978 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), harry
20:00:58 <Zakim> SEC_WebCryp()3:00PM has now started
20:01:05 <Zakim> +[IPcaller]
20:01:07 <harry> I'll just hang out until others show up
20:01:12 <harry> Zakim, IPcaller is hhalpin
20:01:12 <Zakim> +hhalpin; got it
20:01:56 <Zakim> +Virginie_Galindo
20:03:43 <rsleevi> rsleevi has joined #crypto
20:04:05 <Zakim> +[Google]
20:04:42 <markw> markw has joined #crypto
20:04:49 <Zakim> +[Netflix]
20:04:50 <harry> like a .ics?
20:04:59 <markw> Zakim, [Netflix] is me
20:04:59 <Zakim> +markw; got it
20:05:48 <Zakim> -Virginie_Galindo
20:05:56 <rsleevi> and virginie was lost
20:06:00 <harry> oh dear
20:06:03 <harry> virginie?
20:06:05 <virginie> sooorry
20:06:13 <virginie> new phone :(
20:06:28 <Zakim> +Virginie_Galindo
20:09:18 <Zakim> +Wendy
20:10:05 <Zakim> -markw
20:10:12 <harry> q+
20:10:17 <rsleevi> thanks wendy
20:10:31 <wseltzer> q+
20:10:38 <markw> q+
20:10:52 <Zakim> +[Netflix]
20:10:57 <markw> Zakim, [Netflix] is me
20:10:57 <Zakim> +markw; got it
20:13:33 <rsleevi> @harry: The CFRG does *not* address attacks, based on their current charter. They deal with *protocol* design
20:14:03 <rsleevi> @harry: Rich's list of concerns with algorithms is precisely because he believes that general web developers will be reading the spec and seeing carte blanch to use, which is exactly where webplatform.org is better suited for
20:14:03 <virginie> q?
20:14:07 <wseltzer> q+ to say process, before substance
20:14:15 <Zakim> wseltzer, you wanted to say process, before substance
20:14:23 <harry> I think the main point is almost nothing is carte blanche to use :)
20:15:23 <harry> So, my proposal would be work with Graham to turn his blog post into an informative note either in CFRG or just an IETF Informative Note (this is in the case where Ryan's point about the charter is true).
20:15:38 <harry> And then just reference that.
20:15:59 <harry> It may also be useful to have Rich join a telecon if we have a proposal that he seems not super-unhappy with.
20:21:12 <wseltzer> rsleevi: I don't want to say "good/bad, secure/insecure" because those don't have objective agreement
20:22:02 <wseltzer> ... CFRG discussing attacks, mitigations better
20:22:27 <wseltzer> q+
20:25:53 <wseltzer> Virginie: work with Rich to see if we can address his concerns with a reference to an external document on attacks
20:26:56 <wseltzer> rsleevi: so long as it's not referencing "quality"
20:27:21 <wseltzer> Topic: NIST curves vs safe curves
20:36:03 <terri> terri has joined #crypto
20:36:19 <harry> harry has joined #crypto
20:37:23 <wseltzer> harry: if he's asking for "what can devs expect to find in browsers", we can discuss at end of CR
20:38:58 <rsleevi> rsleevi has joined #crypto
20:39:36 <timeless__> timeless__ has joined #crypto
20:39:37 <slightlyoff__> slightlyoff__ has joined #crypto
20:39:46 <wseltzer> rsleevi: consider, there's user disabling, user choice of platform, hardware, export requirements,
20:39:47 <tobie> tobie has joined #crypto
20:39:52 <harry> q+
20:40:10 <harry> seems like we need some text around either user-agent not implementing or user-disabling
20:41:00 <wseltzer> ... so what happens in the event that something is disabled -- what should webdev expect?
20:41:20 <harry> virginie takes that bug to Henri
20:41:54 <wseltzer> q-
20:43:12 <virginie> virginie has joined #crypto
20:43:34 <wseltzer> harry: keystorage to discussion at workshop, webappsec
20:43:48 <harry> non-NIST curves being handled by Microsoft
20:43:57 <harry> with the "remove all NIST curves" virginie can handle
20:44:11 <harry> its not a formal objection, just a complaint we can principly answer using the same answer we give Rich.
20:45:00 <harry> I think there's no other "objection" level bugs left.
20:46:28 <virginie> q?
20:46:35 <harry> q-
20:47:12 <harry> I'm happy to ping Graham over transforming his blog to some kind of informative note.
20:49:58 <harry> q+
20:52:22 <tantek> tantek has joined #crypto
20:55:07 <wseltzer> harry: propose an informative document, that we link to, link to be decided on bugzilla
20:56:48 <wseltzer> virginie: an external document listing attacks
21:00:10 <wseltzer> rsleevi: look for objective measures, rather than subjective good/bad
21:00:31 <harry> Sounds like a battle plan
21:01:14 <harry> extensibility bug?
21:03:23 <virginie> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618
21:05:27 <Zakim> -[Google]
21:05:28 <Zakim> -markw
21:05:30 <Zakim> -hhalpin
21:05:32 <Zakim> -Virginie_Galindo
21:05:32 <Zakim> SEC_WebCryp()3:00PM has ended
21:05:32 <Zakim> Attendees were hhalpin, Virginie_Galindo, [Google], markw, Wendy
21:05:38 <harry> trackbot, end meeting
21:05:38 <trackbot> Zakim, list attendees
21:05:38 <Zakim> sorry, trackbot, I don't know what conference this is
21:05:44 <harry> RRSAgent, draft minutes
21:05:44 <RRSAgent> I have made the request to generate http://www.w3.org/2014/07/07-crypto-minutes.html harry
21:05:46 <trackbot> RRSAgent, please draft minutes
21:05:46 <RRSAgent> I have made the request to generate http://www.w3.org/2014/07/07-crypto-minutes.html trackbot
21:05:47 <trackbot> RRSAgent, bye
21:05:47 <RRSAgent> I see no action items