W3C

- DRAFT -

Web Cryptography Working Group Teleconference

18 Aug 2014

See also: IRC log

Attendees

Present
JYates, +1.510.508.aaaa, Wendy, Virginie, karen_oDonoghue, Trevor_Perrin, rbarnes, markw, selfissued, Israel
Regrets
BAL, rsleevi
Chair
Virginie_Galindo
Scribe
wseltzer

Contents


<trackbot> Date: 18 August 2014

<harry> wseltzer, just checking in

<harry> should be fine, the dial-in will still work

<harry> trackbot, start meeting

<trackbot> Meeting: Web Cryptography Working Group Teleconference

<trackbot> Date: 18 August 2014

<scribe> scribenick: wseltzer

Introductions

Trevor: I'm a crypto consultant, working with a bunch of different projects
... many from end-to-end security for person-to-person communications
... many want browser clients
... and to modernize. 25519 is what they're looking at.

Virginie: We're interested in your draft, maintenance, ideas for development
... WG is not yet aligned on which curve(s) to add, and how
... Agendum for this informal call is Q&A
... perhaps you can present your draft

<harry> and thanks for stepping up Trevor and editing the draft!

<rbarnes> has this draft been posted somewhere?

Trevor: Context: lots of person-to-person projects interested in browser extensions
... PGP community, GPG, multi-party OTR
... cryptocat, miniLock
... enscripten, twitNaCL
... speed, code correctness are concerns
... side channels are a bit of a concern
... that's why they;d like direct access, rather than writing in JS
... Approach, add another algorithm to WebCrypto
... specific to this curve
... differently specified by DJB from ANSI
... users want EC-25519
... you could imagine ECDH-NIST, ECDH-NUMS, etc.
... so that's what I did.
... Main difference is key import format.

selfissued: clarification, JOSE is open to new representation when there are new curves using them
... IETF uses registry, so W3C spec can register a key type and use it

Trevor: do we need IANA assignment for registry?

<harry> Trevor's drat is here:

<harry> http://htmlpreview.github.io/?https://github.com/trevp/curve25519_webcrypto/blob/master/Curve25519_WebCrypto.html

<rbarnes> harry: thanks

selfissued: It won't happen until JOSE is finalized

<harry> The registry question is a long one that is the source of controversy :)

<harry> ... however, get meeting you at HOPE and thanks for stepping up! I appreciate it.

rbarnes: Thanks Trevor
... because of the way DJB specified 25519, it's more like a new algo than like parameters for an existing algo
... lots of webcrypto is about exposing crypto libraries to js
... but most libraries don't currently support 25519
... which would delay implementation

Virginie: anything you can share about implementations?

rbarnes: heated debate in IETF
... do you have the sense that your communities are interested in 25519 specifically, or non-NIST more generically?

Trevor: 25519 has been around, it's well specified, it's fast, so it has mindshare.
... those who have committed likely want to stick with it.

rbarnes: Whatever is chosen for TLS will be implemented in browser libraries

Trevor: so easiest if IETF chooses 25519

Virginie: we're also working on extensibility
... What would be needed in main spec to facilitate addition
... Did you find problems?

<rbarnes> +1 to using this as a test case for extensibility

Trevor: Pretty straightforward
... does the WG like this strategy?

<rbarnes> is bal on the call/

<rbarnes> ?

selfissued: When might you have a complete first draft to review?

Trevor: depends what changes people want
... if people like this approach, we could do ED-25519 as well

rbarnes: if we're going to do this, we'd probably also want ED-25519
... but as far as WG process, I'm inclined to hold off for IETF CFRG

selfissued: as a WG member, I would like to see as complete a write-up how to use with WebCrypto
... including key import and export, for which you need JWK
... and to see if core spec has necessary extension points

Virginie: we don't want to ask Trevor to do unnecssary work

rbarnes: I'm proposing hold until November, since then we'll either know CFRG choice or that it can't make a choice
... You probably should define a format for Curve 25519 JWK

Trevor: I should add JWK, so it's a complete rough draft

Virginie: that would be great
... Also consider mode for contribution: IE or non-member contribution
... Thanks, Trevor

trackbot, end teleconf

<scribe> Meeting: WebCrypto WG informal meeting with Trevor Perrin

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.138 (CVS log)
$Date: 2014/08/18 22:12:05 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.138  of Date: 2013-04-25 13:59:11  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/@@/miniLock/
Succeeded: s/input/import/
Succeeded: s/Trevor://
Found ScribeNick: wseltzer
Inferring Scribes: wseltzer
Default Present: JYates, +1.510.508.aaaa, Wendy, Virginie, karen_oDonoghue, Trevor_Perrin, rbarnes, markw, selfissued, Israel
Present: JYates +1.510.508.aaaa Wendy Virginie karen_oDonoghue Trevor_Perrin rbarnes markw selfissued Israel
Regrets: BAL rsleevi
Found Date: 18 Aug 2014
Guessing minutes URL: http://www.w3.org/2014/08/18-crypto-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]