19:16:37 RRSAgent has joined #crypto 19:16:37 logging to http://www.w3.org/2014/08/11-crypto-irc 19:16:39 RRSAgent, make logs public 19:16:39 Zakim has joined #crypto 19:16:41 Zakim, this will be CRYPT 19:16:41 ok, trackbot; I see SEC_WebCryp()3:00PM scheduled to start 16 minutes ago 19:16:42 Meeting: Web Cryptography Working Group Teleconference 19:16:42 Date: 11 August 2014 19:35:17 jyates has joined #crypto 19:48:49 virginie has joined #crypto 19:49:51 zakim, agenda ? 19:49:51 I see nothing on the agenda 19:49:59 agenda+ welcome 19:50:40 agenda+ Addition of curves (NUMS and 25519) in Bug 25839 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839 19:51:13 agenda+ Specification extensibility in Bug 25618 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618 19:51:35 agenda+ W3C Process and the Director's consideration of the transition to Candidate Recommendation 19:53:36 bal has joined #crypto 19:53:46 zakim, agenda order 3, 1, 2 19:53:46 ok, virginie 19:53:51 agenda? 19:54:24 zakim, agenda order 1, 4, 2, 3 19:54:24 ok, virginie 19:54:27 agenda? 19:54:29 SEC_WebCryp()3:00PM has now started 19:54:35 +[Microsoft] 19:55:05 +Wendy 19:58:34 +JYates 19:58:37 markw has joined #crypto 19:58:52 +??P3 19:58:56 mdwood has joined #crypto 19:59:06 zakim, ??P3 is me 19:59:06 +virginie; got it 19:59:15 zakim, Microsoft has BAL 19:59:15 +BAL; got it 19:59:16 zakim, who is on the bridge 19:59:17 I don't understand 'who is on the bridge', virginie 19:59:28 zakim, who is on the phone 19:59:28 I don't understand 'who is on the phone', virginie 19:59:38 zakim, who is on the phone ? 19:59:38 On the phone I see [Microsoft], Wendy, JYates, virginie 19:59:39 [Microsoft] has BAL 19:59:56 kodonog has joined #crypto 20:00:01 regrets+ rsleevi 20:00:27 +MarkW 20:00:48 Zakim, MarkW is me 20:00:48 +markw; got it 20:01:08 +[Microsoft.a] 20:01:48 + +1.503.712.aaaa 20:01:53 BAL: Can we invite the submitter of the 25519 curve? 20:02:04 nvdbleek has joined #crypto 20:02:05 Virginie: As chair I'd like to invite Trevor 20:02:06 selfissued has joined #crypto 20:02:17 zakim, code? 20:02:17 the conference code is 27978 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), nvdbleek 20:02:22 zakim, Microsoft.a is selfissued 20:02:22 +selfissued; got it 20:02:41 zakim, aaaa is Matt_Wood 20:02:41 +Matt_Wood; got it 20:02:51 +[IPcaller] 20:02:51 zakim, who is on the phone ? 20:02:52 On the phone I see [Microsoft], Wendy, JYates, virginie, markw, selfissued, Matt_Wood, [IPcaller] 20:02:52 [Microsoft] has BAL 20:02:55 rbarnes has joined #crypto 20:02:59 Zakim, IPcaller is hhalpin 20:02:59 +hhalpin; got it 20:03:28 agenda? 20:04:06 +??P9 20:04:10 +??P8 20:04:27 zakim, ??p9 is rbarnes 20:04:27 +rbarnes; got it 20:04:33 zakim, ??p8 is nvdbleek 20:04:33 +nvdbleek; got it 20:04:43 zakim, who is on the phone 20:04:43 I don't understand 'who is on the phone', nvdbleek 20:04:49 +karen_oDonoghue 20:04:54 zakim, who is on the phone? 20:04:54 On the phone I see [Microsoft], Wendy, JYates, virginie, markw, selfissued, Matt_Wood, hhalpin, rbarnes, nvdbleek, karen_oDonoghue 20:04:54 zakim, who is on the phone? 20:04:56 [Microsoft] has BAL 20:04:56 On the phone I see [Microsoft], Wendy, JYates, virginie, markw, selfissued, Matt_Wood, hhalpin, rbarnes, nvdbleek, karen_oDonoghue 20:04:56 [Microsoft] has BAL 20:04:57 zakim, who is on the phone ? 20:04:58 On the phone I see [Microsoft], Wendy, JYates, virginie, markw, selfissued, Matt_Wood, hhalpin, rbarnes, nvdbleek, karen_oDonoghue 20:04:58 [Microsoft] has BAL 20:05:12 zakim, mute me 20:05:12 nvdbleek should now be muted 20:05:25 agenda? 20:06:21 i can if necessary 20:06:49 scribenick: kodonog 20:07:27 scribe: kodonog 20:08:03 zakim, take up agendum 4 20:08:03 agendum 4. "W3C Process and the Director's consideration of the transition to Candidate Recommendation" taken up [from virginie] 20:08:09 vgb has joined #crypto 20:08:16 Ryan Sleevi unable to make the call, Virginie will send an extract of his email to mailing list 20:08:21 -> http://www.w3.org/2005/10/Process-20051014/tr#cfi 20:08:30 +[Microsoft.a] 20:08:40 zakim, [microsoft.a] is me 20:08:40 +vgb; got it 20:08:42 services.w3.org/xslt?xmlfile=http://www.w3.org/2005/08/01-transitions.html&xslfile=http://www.w3.org/2005/08/transitions.xsl&docstatus=cr-trza 20:09:07 Director = TimBL 20:09:18 Topic: Reminders about W3C process 20:09:26 but also acting COO and CEO act in his place sometimes, i.e. Ralph Swick and Jeff Jaffe 20:09:56 Wendy need to assure W3C management that all the objections raised during Last Call have been addressed. 20:10:37 q+ 20:10:54 Wendy: Need to have in our archive, minutes, and bugzilla the discussions related to questions, sufficient to satisfy the Director 20:11:36 this is far from the most brutal LC process i've seen 20:11:50 Wendy: Not possible to reach perfection, but hopefully a specification that will result in interoperable implementations to satisfy most 20:13:30 virginie: Based on the amount of feedback during LC and our efforts to address that feedback, are you (Harry and Wendy) comfortable that we have sufficient data to satisfy. 20:13:50 [not Jeff Jaffe but Philippe le Hegaret acting as Director's desginee] 20:14:21 harry: What is less clear, is if the resolution is in order based on some of the discussion on some of the bugs. 20:14:43 virginie: Do you see any bugs that have not been properly closed? 20:15:06 harry: we need to wait until all the bugs are closed to properly assess. 20:15:08 So obviously there's been some strong disagreement, and the Director will look more closely at those, in particular one's where formal objections have been filed. 20:15:08 zakim, take up agendum 2 20:15:08 agendum 2. "Addition of curves (NUMS and 25519) in Bug 25839 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839" taken up [from virginie] 20:15:32 ack virginie 20:15:36 I believe there is one Member Formal objection that is in principle resolved, and a non-member objection which is not clearly resolved. 20:15:42 Topic: Addition of curves (bug #25839) 20:17:27 q+ 20:17:29 virginie: Three options detailed in email earlier today. 1) add NUMS as an extension; 2) defer extension work; and 3) start work on a new extension (have editor) 20:17:32 http://lists.w3.org/Archives/Public/public-webcrypto/2014Aug/0083.html 20:17:33 q+ 20:17:33 q+ 20:18:39 virginie: Call of decision over email in the next two weeks 20:18:45 ack markw 20:19:17 q+ 20:19:22 markw: option 1 is not clear, do you mean writing a new specification as a separate document? 20:19:40 virginie: yes, a separate document 20:19:45 acl ba; 20:19:46 q- 20:19:48 acl bal 20:19:51 Zakim who's making noise? 20:19:53 ack bal 20:20:20 bal: would like to add an option 2.5. 20:21:09 bal: given the political situation in the IETF and the CFRG and the Internet at large, the W3C should not publish a spec with only NIST curves at this time 20:21:16 +1 20:21:42 bal: if we are going to publish at this time, we need something besides NIST curves. 20:21:59 The debate is CFRG is quite vigorous 20:22:01 bal: what those curves are exactly is going to be driven by the IETF CFRG process 20:22:33 I think Trevor plans to add Ed25519 20:22:52 bal: move the spec forward with the NUMS curves as a placeholder for whatever the IETF process results in 20:23:12 q? 20:23:18 q+ 20:23:20 bal: if that doesn't get implemented, it can be addressed later in the steps towards Recommendation 20:23:35 bal: put everything in extensions not appropriate at this time 20:24:29 virginie: so, you are proposing to add the additional algorithms to the main spec now 20:24:49 but if W3C does a separate process, we get to have 2x the politics! 20:25:03 other option is : integration of NUMS Non-NIST curves in the main spec as a feature at risk and remove it at Candidate Recommendation, if it happens that no interoperable implementation is demonstrated and aligned with IETF/CFRG recommendations 20:25:08 bal: we should not shovel this off to a parellel extensions spec when the NIST curves are in the main spec 20:25:40 q? 20:25:42 ack selfissued 20:27:01 selfissued: arguing from the point of testing our extensibility models, we need to have the extensions that didn't make the deadline test the extension process 20:27:34 selfissued: 25519 gives us the opportunity to test our mechanism 20:27:41 ack rbarnes 20:27:45 ack nvdbleek 20:27:54 +1 to what Mike says about needing an extension spec to prove out our extensibility points - and needing to do the editing to add the extension points 20:28:10 rbarnes: partially agree with Brian, we do need a path to get away from NIST curves, 20:28:27 rbarnes: I am less concerned that this needs to occur in the base specification 20:29:24 rbarnes: keep the main spec focused on what we have a lot of experience with, but show working group committment to address not-NIST curves 20:29:24 q? 20:29:30 ack harry 20:29:38 zakim, rbarnes is really nvdbleek_ 20:29:38 +nvdbleek_; got it 20:29:46 zakim, nvdbleek is really rbarnes 20:29:46 +rbarnes; got it 20:30:02 zakim, mute nvdbleek 20:30:02 nvdbleek_ should now be muted 20:30:04 q+ 20:31:02 harry: we could add to main spec now and delete at a later stage on the path of publication if there isn't IETF CFRG consensus 20:32:16 harry: agree with Brian that we need something in the main spec, agree with Mike that we need to test the extension mechanism 20:32:45 harry: Ryan is clearly very unhappy with the NUMS curves and doesn't not support their addition 20:33:11 In generally, historically W3C wants to co-operate with IETF and CFRG in this matter. 20:33:21 bal: what is the timeline for going to CR? 20:34:31 We should exit Last Call to CR at end of August (unless we keep getting stucks on bugs) 20:34:35 harry: target 3 months but may take longer, at earliest we will exit CR at the end of November 20:34:44 note we still have few bugs open https://www.w3.org/Bugs/Public/buglist.cgi?quicksearch=web%20crypto&list_id=42092 20:34:48 We should exit CR at earliest end of Nov. 20:34:59 Assuming test suite goes well. 20:35:00 bal: if CFRG can't get a recommendation out by November there probably won't be one soon 20:35:40 bal: as for implementations, we plan to put them in our Java plug=ins 20:35:40 q? 20:35:47 ack rbarnes 20:36:03 bal: it won't be implementation that is the problem, it will be consensus of the cryptographic community 20:36:52 rbarnes: we can write an implementable spec with this feature at risk approach, the real problem is a testable spec 20:37:16 q? 20:37:26 q+ 20:37:29 ack bal 20:37:30 q- 20:37:36 rbarnes: because of this I would prefer to stick with more mature curves in the base spec 20:37:43 q+ 20:38:04 bal: another way to look at this is to take elliptic curves out of the base spec 20:38:23 bal: and create an elliptic curve spec 20:38:38 bal: i offer this for completeness, but i don't think it is the right way to go 20:38:47 rbarnes: there is a baby in that bathwater 20:39:01 q? 20:39:11 q+ 20:39:18 ack selfissued 20:39:22 virginie: ok, lets forget that option 20:39:50 ack harry 20:39:52 selfissued: don't drop the NIST curves because they are in use in embedded environments 20:40:10 no, harry, it is :) 20:40:17 harry: if we are going to be fair, Brian's option makes some sense. 20:40:37 but no one is really supporting it... 20:40:40 q+ 20:40:58 q- 20:41:08 bal, feel free to type it in IRC 20:41:56 I would like to see all options voted for. 20:42:04 virginie: we are going to provide something in the end 20:42:11 Rather than you just choosing one virginie. 20:42:50 In fact, that is the process we should do for each remaining issue. 20:43:10 Option 1 : integration of NUMS curve as an extension to the Web Crypto API specification, based on what was proposed by Brian LaMacchia (potentially removing NIST curves) 20:43:24 where extension == separate doc 20:43:39 PROPOSED: Option 1 from the email. 20:43:40 Option 1 : integration of NUMS curve as an extension to the Web Crypto API specification, based on what was proposed by Brian LaMacchia (potentially removing NIST curve is a separate specs) where extension 20:43:47 Can you clarify the removing NIST curves? 20:44:12 Option 1: addition of NUMS curve as an extension to the Web Crypto API specification, based on what was proposed by Brian LaMacchia 20:44:28 virginie: Option 1: (see Wendy's text) 20:44:30 Option 1 : addition of NUMS curve as an extension to the Web Crypto API specification, based on what was proposed by Brian LaMacchia where extension is a separate document 20:44:49 +1 20:44:52 [+1 agree, -1 object, 0 can live with] 20:44:57 0 20:44:59 +1 20:45:03 -1 20:45:04 +1 (possibly with note in main spec that this work is ongoing) 20:45:07 -1 20:45:15 +1 20:45:27 +1 20:46:03 +1 (obo rsleevi) 20:46:26 as a comment ryan would prefer separate document 20:47:04 PROPOSED: Option 3 from mailing list: put NUMS in main specification with Feature at Risk notation 20:47:24 Option 3 : integration of NUMS Non-NIST curves in the main spec as a feature at risk and remove it at Candidate Recommendation, if it happens that no interoperable implementation is demonstrated, aligning with IETF / CFRG 20:47:24 virginie: with clarification that we would align with IETF CFRG 20:48:42 -1 20:48:44 +1 20:48:47 +1 20:48:48 +1 20:48:51 0 20:48:52 [+1 agree, -1 object, 0 can live with] 20:48:57 0 20:49:07 ryan sleevu might object to this one 20:49:10 -1 (obo rsleevi) 20:49:19 0 ( or -0.5) 20:49:31 Option 2 : agreement as a principle to integrate the NUMS curves into the WG deliverables, but expect Candidate Recommendation to make decision to integrate the algorithm in the main spec or as an extension, final set of algorithm would align with IETF/CFRG recommendations for TLS deployment 20:49:37 q+ 20:49:51 PROPOSED: Option 2 (see Virginie text) 20:49:55 ack harry 20:50:32 harry: Option 2 will probably mean a return to Last Call 20:50:46 rbarnes: doesn't believe that this is the case 20:50:51 it seems like a new LC would be necessary either way 20:50:57 virginiie: Option 3 may also lead to LC 20:51:00 maybe not technically, but it's significant enough 20:51:14 q+ 20:51:25 Which basically means we have to *explicitly* return to this question before exiting CR. 20:51:34 ack16:50 < kodonog> virginiie: Option 3 may also lead to LC 20:51:42 It could go back to extension. 20:51:52 s/ack16:50 < kodonog> virginiie: Option 3 may also lead to LC// 20:51:54 ack bal 20:52:09 bal: if something is a feature at risk and gets dropped during CR, does it get dropped completely or go to an extension 20:52:33 virginie: that would depend on the participants of the working group, could become an extension 20:52:53 bal: I just want to clarify that it doesn't get dropped completely 20:53:16 0 20:53:17 virginie: that is the principal of having a road map that we are committing to doing this work 20:53:19 0 20:53:20 -0.5 20:53:24 0 20:53:29 -0.5 20:53:35 0 20:53:45 as in "0 but it would make me sad" 20:53:57 -0.5 20:53:59 -0 20:54:25 ah, mine was "-1, but I don't feel really strongly" 20:54:39 virginie: I'm going to make a call for consensus over the mailing list 20:54:55 virginie: adding NUMS curves to the main spec is not something that we can agree on 20:54:58 q+ 20:55:13 ack markw 20:55:14 I mean, it is rather important to determine if -0.5 means "I can live with but am unhappy" 20:55:50 markw: it seems possible that we won't get consensus on the mailing... if there is no consensus to make a change, then the spec stays the same 20:55:51 q+ 20:55:58 virginie: that is my understanding as well 20:56:20 You can backoff to votes in exceptional circumstance: http://www.w3.org/2014/Process-20140801/#Votes 20:56:35 wseltzer: that could be a way of the working group making a decision, would the Director agree that this was a reasonable way of making the decision 20:57:12 virginie: if we can't get consensus we will have to raise the issue to the comments, and then the Director will decide 20:57:51 wseltzer: for all comments, we have to go back to the commenter and ask if that satisfies the commenter 20:58:41 harry: we don't want to do voting, but sometimes we have to, and if people aren't happy with the voting, there is a formal objection process 20:59:21 Alot depends on how long CR takes. 20:59:32 virginie: another option is delaying our roadmap by six months to allow maturity 20:59:34 i would object to another 6mo delay 20:59:42 No, more delay will not make everyone happy! 20:59:59 Pulling out all the EC would be better 21:00:00 We could start working on the test-cases regardless of CR and LC, but I'd prefer to go into CR as well. 21:00:01 we'll see! 21:00:09 That's why I proposed "feature at risk" for the non-NIST option 21:00:28 i would totally +1 to adding a deliverable for non-NIST 21:00:35 just on a different timeline 21:00:56 virginie: we might have another call in two weeks because I would really like to see progress 21:01:02 Whether or not timelines sync up is hard to tell at this stage in terms of how messy the test-suite will be and how TLS/CRFG discussion goes. 21:01:16 I agree we should have another call and keep trying to make these decisions until they're decided 21:01:22 I think that (new deliverable) would be a good idea - we can develop that whilst still keeping open the option of later integration into the main specification 21:01:32 When should we do the next call? 21:01:43 -Matt_Wood 21:02:03 [25 August, Virginie proposes for next call] 21:02:05 August 25th 21:02:11 august 25th 21:02:22 virginie: next call 25 aug at the same time 21:02:50 trackbot, end meeting 21:02:50 Zakim, list attendees 21:02:50 As of this point the attendees have been Wendy, JYates, virginie, BAL, markw, [Microsoft], +1.503.712.aaaa, selfissued, Matt_Wood, hhalpin, karen_oDonoghue, vgb, nvdbleek_, rbarnes 21:02:53 -markw 21:02:53 -JYates 21:02:54 -rbarnes 21:02:54 -vgb 21:02:55 -selfissued 21:02:57 -karen_oDonoghue 21:02:58 RRSAgent, please draft minutes 21:02:58 I have made the request to generate http://www.w3.org/2014/08/11-crypto-minutes.html trackbot 21:02:59 RRSAgent, bye 21:02:59 I see no action items 21:02:59 thanks karen for scribing ! 21:03:00 -Wendy