15:18:06 RRSAgent has joined #crypto 15:18:06 logging to http://www.w3.org/2014/10/30-crypto-irc 15:19:08 rrsagent, this meeting spans midnight 15:19:53 meeting : webcrypto 15:20:29 Meeting:webcrypto 15:26:08 Chair: virginie 15:26:21 agenda+ introduction 15:26:25 agenda? 15:28:15 zakim, please clear agenda 15:28:15 agenda cleared 15:28:18 agenda? 15:28:26 agenda+ introduction 15:28:47 agenda+ webcrypto API 15:29:02 agenda+ Test tools/repository/working method 15:29:16 agenda+ Implementation status 15:29:38 jyates has joined #crypto 15:29:50 Charles_Engelke_ has joined #crypto 15:29:50 agenda+ Web Crypto Next Workshop 15:30:05 steph has joined #crypto 15:30:25 agenda+ Re-chartering 15:31:03 agenda+ Roadmap & group life 15:31:14 agenda+ wrap up 15:31:19 agenda? 15:31:32 sboyera has joined #crypto 15:31:32 nvdbleek has joined #crypto 15:32:25 colin has joined #crypto 15:33:13 Allison has joined #crypto 15:34:37 mountie has joined #crypto 15:35:11 Note : slideware to introduce the meeting is available here [pdf] https://www.w3.org/2012/webcrypto/wiki/images/2/2b/Web_Crypto_WG_F2F_Meeting_TPAC_2014_v1.pdf 15:39:21 steph has joined #crypto 15:39:22 Karen has joined #crypto 15:40:13 markw has joined #crypto 15:40:37 keiji has joined #crypto 15:43:34 tantek has joined #crypto 15:44:02 rbarnes has joined #crypto 15:44:24 sangrae has joined #crypto 15:45:05 jin has joined #crypto 15:46:13 kodonog has joined #crypto 15:46:34 jy has joined #crypto 15:46:37 joesteele has joined #crypto 15:47:16 scribe: kodonog 15:47:42 rsleevi has joined #crypto 15:48:06 Virginie: introductions around the room 15:48:15 ... agenda plan 15:48:19 JeffH has joined #crypto 15:48:22 melinda has joined #crypto 15:49:05 harry has joined #crypto 15:49:35 https://www.w3.org/2012/webcrypto/wiki/F2F_santa_clara_Oct2014 15:50:03 Virginie: Objectives for this F2F 15:50:10 ... finalize webcrypto API 15:50:28 ... trigger next phase 15:50:38 ... general discussion (no decision) on next charter 15:52:12 ... News from W3C blog, Jeff Jaffe says security is top priority 15:53:40 .... W3C security activities on a http://www.w3.org/Security/wiki/Main_Page 15:54:20 ... intro slides https://www.w3.org/2012/webcrypto/wiki/images/2/2b/Web_Crypto_WG_F2F_Meeting_TPAC_2014_v1.pdf 15:55:37 ... Web Crypto Discovery API has been unchanged for months, what do we want to do with it (technical note, recommendation, next charter) 15:55:46 q? 15:55:53 markw: I was expecting it to go to Last Call soon 15:56:33 vgb has joined #crypto 15:56:38 ... it doesn't have the same implementation status as laptop browers, but applicable for some devices 15:56:52 s/laptop/desktop/ 15:57:09 Virginie: that finishes my intro, now moving onto the webcrypto api 15:57:46 s/laptop browsers/the main api as it's not applicable to laptop & desktop browsers/ 15:58:22 rsleevi: missing 25973 (secure origin) 15:58:30 25972 15:58:49 lets kill some bugs that we may otherwise forget 15:59:00 markw: the proposed list are the ones that I thought we could make good progress on 15:59:11 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972 15:59:44 s/25973/25972 16:00:34 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25198 16:00:39 JonathanJ1 has joined #crypto 16:01:49 mdwood has joined #crypto 16:01:57 q+ 16:02:12 markw: minor implications either way 16:03:06 rsleevi: historical context, originally working around a promise webidl type of bug, the language has been fixed in the webIDL spec 16:03:16 israelh has joined #crypto 16:03:22 Preasent+ Israel_Hilerio 16:03:39 ... the main argument for doing it as an enum is making it more consistent with webidl 16:03:52 ... if we take it on we are going to be taking on more spec maintenance 16:04:46 ... would anyone be concerned with changing to enum 16:05:08 Israelh: so you are talking about using enums as strings 16:05:10 vkata has joined #crypto 16:05:19 markw: no change as far as the user of the api is concerned 16:05:41 ... may have a minor impact on errors 16:06:25 Virginie: there are no objections so we will change to ENUM, what is the timeframe for this change 16:06:55 markw: minor implications either way 16:07:51 PROPOSAL: Resolve 25198 by changing the things we changed to DOMString back to enums (KeyFormat, KeyType, KeyUsage) 16:07:58 +1 16:08:00 +1 16:08:04 tantek has joined #crypto 16:08:06 wseltzer_ has joined #crypto 16:08:08 +1 16:08:30 https://www.w3.org/Bugs/Public/show_bug.cgi?id=26322 16:08:34 Virginie... 25198 is resolved 16:11:04 rsleevi: explanation: this is messy internal details, issue from tag review, how we expose java script objects without impacting internal processing 16:12:14 ... two solutions under discussion 16:12:17 q? 16:12:25 tantek_ has joined #crypto 16:12:33 ... goal is to not have it be visible 16:12:45 q 16:12:53 juanlang has joined #crypto 16:13:10 q+ 16:13:33 q+ 16:14:01 markw: explained third option 16:14:07 FWIW, in the current Firefox webidl, we have: [Cached, Constant, Frozen] readonly attribute sequence usages; 16:14:34 JonathanJ1 has joined #crypto 16:14:48 Can you see the internal internal slots in the debugger? 16:15:02 You can neither see internal slots nor 'internal' internal slots 16:15:16 markw: what we store in the internal slot be what we expose in the ECMA script 16:15:54 q? 16:16:02 hmm, it is going to be really confusing if you can’t access the ‘real’ internal values 16:16:04 Options 1) Store a frozen JS object in the existing internal slot 16:16:27 Option 2) Store a non-frozen JS object in a new internal slot, this is the one returned to script 16:16:41 Option 3) Store a frozen JS object in a new internal slot 16:16:46 mountie has joined #crypto 16:16:58 thanks mark for option reminder/clarifying 16:17:23 mountie has joined #crypto 16:17:44 IIUC, Mozilla [Cached, Constant, Frozen] annotation is equivalent to option 3 16:18:09 israelh: this doesn't seem unique to us, 16:18:51 rsleevi: two dimensions to discussion, codify the internal slot in the spec and javascript can't mess with that, 16:19:32 ... other dimension is that read only is a lie, frozen more aligns with what you expect from read only 16:20:16 israelh: we are adding more complexity, read only is a bigger problem, 16:21:01 markw: ideally webIDL would have solved this for us and we would use that solution 16:21:06 note : the chair would like to poll : please type your favorite option in the irc in the form of 'I prefer option X' based on markw description 16:21:57 rsleevi: in the presence of this webIDL bug, we need to address it in some way 16:22:22 rsleevi: we should just solve it in the spec, 16:22:36 harry: probably better to do the right thing then to continue a lie 16:22:41 q? 16:23:22 israelh: to the extent that implementators aren't going to change their behavior, how much value is there to put this into the spec 16:23:36 rsleevi: TAG would prefer some discussion in the spec 16:23:51 markw: text problem at the moment is that the text isn't clear 16:24:36 markw: we could modify the existing text, we could also add a note that we are expecting webIDL to codify it in the future 16:25:07 israelh: everybody is modifying the objects 16:25:52 rsleevi: this is not what normal programmers expect but it is what web programmers expect 16:26:26 rsleevi: draft proposal: don't freeze the attributes, ensure that the same ECMAscript object is returned 16:26:28 JMR has joined #crypto 16:27:12 PROPOSAL: 1) Don't freeze the attributes 2) Return the same ECMAscript object each time (aka [Cached]) 16:27:31 Correct, [Cached] but not [Frozen] 16:28:12 Virginie: seeing no objection, we will close the bug 16:29:32 https://www.w3.org/Bugs/Public/show_bug.cgi?id=26741 16:29:32 rsleevi: we should check with the original submitters 16:30:14 markw: summarizing https://www.w3.org/Bugs/Public/show_bug.cgi?id=26741 16:30:34 1+ 16:30:37 q+ 16:30:52 q- 16:30:53 ... this type of operation should be delevated to cryptographic libraries, do the libraries validate on import? 16:31:19 mountie has joined #crypto 16:31:22 ... given that libraries do, we should validate the public keys on import 16:31:24 rsleevi: NSS didn't, but it does now 16:31:26 a/delevated/delegated/ 16:31:37 rsleevi: OpenSSL/BoringSSL do, CNG does. Unclear on Apple 16:31:53 PROPOSAL: Validate EC keys are valid points on the curve during import, and return DataError if not 16:31:58 mountie has joined #crypto 16:32:27 Virginie: no object, bug will be closed, clarification in the spec 16:32:37 https://www.w3.org/Bugs/Public/show_bug.cgi?id=26903 16:32:48 markw: summarizing https://www.w3.org/Bugs/Public/show_bug.cgi?id=26903 16:33:26 ... we don't know what granularity of errors you will get back from various cryptographic libraries, we are trying to normalize the errors 16:33:50 ... distinction between errors where the raw data is wrong, or the web crypto parameters are incorrect values 16:34:05 ... our definition of syntax errors includes out of range 16:34:35 q? 16:34:48 mdwood_ has joined #crypto 16:34:55 JonathanJ1 has joined #crypto 16:34:55 ... question is should we switch to ??? for all these range type of errors 16:35:21 q+ 16:35:41 rsleevi: this is really a debugging aide, 16:35:50 rbarnes: one exception is not supported error 16:36:09 israelh: we struggle with this alot, we don't believe that web developers look at the error types 16:36:10 q+ 16:36:45 israelh: you can get better analysis of how things are failing, we could spend alot of time doing this for very little value 16:36:53 q+ 16:37:10 mountielee has joined #crypto 16:37:31 mountielee has left #crypto 16:37:46 rsleevi: there is one thing that web developers do that reports general errors back to the server 16:37:50 mountielee has joined #crypto 16:37:57 q+ 16:38:19 ... changes to the spec in this area don't affect site compatibility 16:38:44 israelh: this isn't necessarily the case, we are doing things that are borderline 16:39:11 rsleevi: you lie about who else you are, but you are also honest about who you are 16:39:41 markw: our previous decision on enum will have an effect of moving a number of these to type errors 16:40:00 PROPOSAL: Take a sweep through and find any other issues that should be converted to TypeError 16:40:07 bug # ? 16:40:24 to jeffH https://www.w3.org/Bugs/Public/show_bug.cgi?id=26903 16:40:28 PROPOSAL: Take a sweep through and look for out of range issues that were previously SyntaxError and convert to TypeError 16:40:51 Virginie: no objection, resolved by proposal 16:41:04 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25619 16:41:19 markw: summarizing https://www.w3.org/Bugs/Public/show_bug.cgi?id=25619 16:41:47 ... we don't have text on this, we could won't fix this 16:42:09 https://github.com/w3ctag/spec-reviews/issues/3#issuecomment-41521737, second bullet 16:42:36 vijay: why do we have to go around fixing 16:42:57 rsleevi: for implementors and users this is not an essential definition, 16:43:28 https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#scope-operations 16:43:28 "Although the API does not expose the notion of cryptographic providers or modules, each key is internally bound to a cryptographic provider or module, so web applications can rest assured that the right cryptographic provider or module will be used to perform cryptographic operations involving that key." 16:43:29 https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#scope-operations 16:43:32 vijay:maybe we should just remove instances of cryptographic provider, 16:43:58 rsleevi: we added this paragraph on the TAGs request 16:44:09 q? 16:45:29 rsleevi: I'll take the action to delete text 16:45:37 PROPOSAL: rsleevi to reword the section to remove much of the text 16:46:30 Virginie: 25619 closed with Ryan's text 16:46:35 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972 16:47:13 Harry: can someone summarize the discussion 16:47:27 colin has joined #crypto 16:47:54 Virginie: Mark Nottingham could be on a case by case basis 16:48:05 ... no general strategy from W3C 16:48:53 BradHill: in WebAppSec WG we had moved further towards requiring secure origin in more places 16:49:12 q? 16:49:16 BradHill: no consensus yet at the W3C level 16:49:18 rbarnes has joined #crypto 16:49:19 q+ 16:49:41 rsleevi: I will explain our position and rationale 16:50:02 ... from the Chrome side we have restricted this to secure origin, there are at least 2 degrees of restrictions 16:50:30 ... one restrict at the origin of the document or the top level of the origin of the document 16:50:49 JMR has left #crypto 16:51:33 JMR has joined #crypto 16:51:47 q? 16:52:04 ... Chrome has implemented the first scenario, we believe that any web crypto delivered of http won't provide any security guarantees 16:52:10 s/of/over 16:54:07 q? 16:54:13 q+ 16:55:15 rsleevi: What about localhost and protocols different from http(s) (more specfic on mobile where you can have hybrid applications) 16:55:48 virginie: google has an implementation and it would be hard to sum up 16:55:54 q? 16:56:00 nvdbleek: See http://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features for our current context 16:56:40 markw: there are 2 distinct topics: 1) when is it appropriate to require a secure origin as a part of a new feature 16:57:06 rbarnes_ has joined #crypto 16:57:21 ... 2) does it make any sense to use webcrypto over http or are any security benefits that you think you might have just an illusion 16:57:32 q+ 16:57:42 rsleevi: thank you this totally answers my questions and I personally see any problems with the secure origins proposal 16:58:07 ... we (netflix) have derived some security benefits from this 16:58:09 s/see any problems /don’t see any problems / 16:58:20 q+ 16:58:36 q- 16:58:51 q+ 16:59:07 ... test on secure origins, and test on insecure origins (either all pass or all fail) 16:59:20 q+ 17:00:14 q+ 17:00:14 virginie: mark would be willing to have an option in the spec based on the google approach of the restriction is on the document and not the top level document 17:01:56 mountie: for many years i have request exceptions for some options, ihow do we accept exceptions for secure origin 17:02:26 virginie: is this question out of scope 17:02:59 s/have an option in the spec/make it allowed for UAs to restrict to secure origins/ 17:03:02 rsleevi: Same Origins Policy changes are out of scope 17:03:23 That's whats in the charter 17:03:24 but the (Chrome) proposal recognizes https, wss - but also localhost, 127.0.0.0/8, ::1/128, file, extensions, etc 17:03:36 q? 17:03:39 virginie: this is for future discussion 17:04:26 rsleevi: does the current spec allow you to restrict origins today, google's view is "yes" 17:05:53 q+ israelh 17:07:12 ... another dimension, if we require https for algorithms ... 17:08:15 q+ 17:08:15 q+ 17:08:15 ... we could do this on an algorithm by algorithm basis and normatively require secure origin for some algorithms and not others 17:08:50 harry: we are moving towards a strawman consensus 17:09:30 ... do not require normatively but strongly encourage and list some use cases where it might be ok 17:10:09 q+ 17:10:16 ack harry 17:10:47 rbarnes: our implementation does not enforce any secure origins for webcrypto 17:11:05 ... our rationale was that there are some use cases where this makes sense 17:11:11 ... obvious case is digest 17:11:39 rbarnes: If your view is that passive attackers are the concern, webcrypto over HTTP is just fine 17:11:42 ... this helps for the passive attcker case but obvious not MITM 17:11:52 scribenick: rsleevi 17:11:58 tantek has joined #crypto 17:12:10 thanks rsleevi 17:12:24 yes thanks rsleevi 17:12:30 ... it seems that unless you restrict on top level documents, people will work around any restrictions 17:12:53 ... someone could stand up https://webcrypto.io and offer a pass-through that would avoid things like same origin restriction 17:12:54 q? 17:13:05 ... seems like restricting to origin without restricting top level will end up in a worse world 17:13:41 rrsagent, pointer? 17:13:41 See http://www.w3.org/2014/10/30-crypto-irc#T17-13-41 17:13:58 -q 17:13:58 israelh: for us, one of the big concerns of starting to restrict some things in general is enterprises / intranets 17:14:17 ... we do see some people who want to use different capabilities inside of their firewall/organizations, and we want to provide them some flexibility 17:14:21 In my personal opinion, restriction to secure origin makes sense for the 99%. 17:14:45 ... while we see value in this, we think it's up to corporations to set their policies and what sort of environments they want to support 17:14:46 q+ 17:14:55 That being said, making it normative in the spec - I'm not sure how that will change things if at least one or two vendors have real use-cases they will use this API that they won't change. 17:15:06 ... and we see this for some of the adhoc development in enterprises where someone is given a project and told to go implement, it's difficult for them to stand up an HTTPS server 17:15:20 In general, the text should be aimed at Web developers to make sure they do *not* use non-secure origins 17:15:24 ... from our perspective, it's OK to leave it up to the people who use this stuff to understand their policies 17:15:35 Enterprise and the Netflix case is a bit odd. 17:15:39 but they do exist 17:15:46 virginie: Clarification on which you'd prefer 17:15:49 israelh: informative text 17:15:49 q? 17:16:46 vgb: I'm not sure what we would require in a spec to get this 17:17:00 ... we have windows features where only certain hosts can be accessed over IPSec w/ source authentication 17:17:19 ... by the time we're done listening the matrix of what should be done, we're adding lots of complexity 17:18:05 vgb: I'm suggesting there's so much nuance here that we shouldn't try to express the nuance 17:18:07 q? 17:18:21 rbarnes: I think you can put some things in the security considerations 17:19:33 rsleevi: to address israel and vijay, that file origins and chrome extensions are treated as secure origins 17:19:47 ... you've also made choices, e.g. Internet zone 17:19:52 thanks wseltzer 17:20:13 ... and other zoning; these policies already differ from global web-wide 17:20:53 ... regarding concern for developers, that it's hard for a single dev to stand up an HTTPS server, what consititutes a secure origin is left to the browser 17:21:36 ... Browsers already have policies, e.g. webgl limits 17:21:48 q? 17:21:55 ... So browser can have policy "treat this http page as secure origin" 17:22:24 israelh: We tried hard not to continue path we took before, not to separate internet/intranet 17:22:37 ... even to the detriment of intranet sites running on IE7 17:22:38 JeffH_ has joined #crypto 17:22:51 ... we despise the notion of fragmenting the Web Platform at the API level 17:23:05 ... I agree we should enable policies that people and corporations can manage 17:23:19 ... caveat, that doesn't make normative changes to the spec 17:23:38 q+ 17:23:38 q+ 17:23:39 ... maybe a note, that agent should enable global policies to be set 17:23:50 ack rbarnes 17:23:51 q? 17:24:03 rbarnes: I'm gonna catch on the other half 17:24:13 ... where we can say secure origin and wave our hands 17:24:19 ... seems sort of developer hostile 17:24:31 nvdbleek has joined #crypto 17:24:38 rbarnes: it may have loose fringy edges but it needs some solid core for developers 17:24:53 ... I think we're largely thinking in an HTTP/1.1 world 17:25:07 ... where you can deliver HTTP schemed origins over HTTPS connections 17:25:32 ... it seems like you might be able to get more security for origins than you think 17:25:50 virginie: Options: mandate secure origins 17:25:58 ... include in the spec in a normative way as an option 17:26:16 ... option 3: have informative text 17:26:19 ... option 4: do nothing 17:26:42 q? 17:26:47 virginie: Please express preferences in IRC about which options you prefer 17:26:48 3 17:26:50 rsleevi: Option 1 17:26:51 3 or 4 17:26:51 3 17:26:54 3 17:27:48 virginie: Who would object to mandating secure origin? 17:27:51 virginie: Show of hand objection, who would object to Option 1 17:28:09 lurker has joined #crypto 17:29:07 +1 for the reason that it would be hard to precisely define 17:29:13 +1 17:29:14 q? 17:29:31 Same as vgb 17:29:31 can not choose 17:29:46 for the reason that webCrypto is still useful on insecure origins 17:29:48 q+ 17:30:09 rsleevi: We'd have issues; it does no one any favors 17:30:29 ... doesn't give developers a clear expectation 17:30:37 ... a security consideration that shoudl be obvious to the web 17:31:00 ... For implementors, the "MAY" doesn't address any interop concerns 17:31:36 ... vijay raised the concern that it's difficult to express secure origins 17:31:51 ... that convo is happeniing in several groups, eg. svc workers, which has clear security concerns 17:32:05 ... Q: If there was a suitable def of secure origin, woudl you go with option 1? 17:32:17 s/woudl/would/ 17:32:31 keiji has joined #crypto 17:32:32 q? 17:32:37 @@ 17:32:37 q+ 17:32:58 rsleevi: for chrome, svc workers, you don't get it over http unless you open dev tools 17:33:17 ... for developers, expectation you won't be able to throw it on an http site and use it 17:33:25 ... but enterprise policy lets you set an exception 17:34:21 vijay: I see how leaving it to implementers is a cop-out, but don't see how it's worse than policy-based bypass proposal 17:34:39 ... since all the telemetry I've seen, when you give users a prompt, they say "yes, get work done" 17:34:47 q? 17:34:51 israelh: you never see a prompt 17:35:17 q- harry 17:35:25 [10 minute break] 17:46:34 nvdbleek has joined #crypto 17:47:21 mdwood has joined #crypto 17:48:31 markw has joined #crypto 17:48:33 virginie: Based on the discussion, I don't think there's any consensus to go forward with secure origin 17:48:35 rbarnes has joined #crypto 17:48:50 ... I see in other working groups there will be more urgent requests for a definition for secure origin (e.g. service worker) 17:48:59 ... putting a dependency on secure origins may be nonproductive 17:49:14 ... based on that, I'd go with informative text on secure origin 17:49:45 q. 17:49:49 q? 17:49:52 paulj has joined #crypto 17:50:02 melinda has joined #crypto 17:50:21 Allison has joined #crypto 17:50:21 rsleevi: I think it's important for this group to have the technical discussion 17:50:33 mountie has joined #crypto 17:50:37 ... is the objection to option 1 that we don't have a good enough def of secure origin? 17:50:40 ... or aer there other concernce? 17:51:00 ... I'd prefer not to make the decision today without that discussion 17:51:08 s/aer/are/ 17:51:18 virginie: My issue is we're trying to finalize the spec, and we're trying to deliver something 17:51:32 ... I feel like there's no consensus on this new feature, and it would take ages (months) to address the issues 17:51:58 ... and there's only one company requesting for secure origin 17:52:06 jin has joined #crypto 17:52:15 ... which is why I'm cutting the debate. I'm more interested in shipping something 17:52:33 israelh: one thing I'm not even sure if it's in our charter to figure out what this secure origin is 17:52:42 ... I think it's a great thing to do, but I don't think it's necessarily our focus 17:53:00 ... at some point you need to make the best decision based on the knowledge you have 17:53:20 rbarnes: One of the points raised in the pervassive monitoring was that it'd be useful to have a broader perspective on what it means 17:54:00 rsleevi: it will take years to change course, once we ship 17:54:11 q+ 17:54:16 ... look at geolocation, EME 17:54:37 virginie: are you saying we need to stop the web now? 17:54:53 ... or can come to conclusion quickly? 17:55:03 ... 2 weeks vs months? 17:55:11 q- 17:55:20 markw: Broader project to migrate all of web to https, that will take years 17:55:32 slightlyoff: You will continue to get static from the TAG if you make this discussion 17:55:45 s/discussion/decision/ 17:56:02 vgb has joined #crypto 17:56:02 virginie: I discussed with another member from the TAG regarding secure origins and it did not seem like this was consistent with the TAG 17:56:11 ... what would you recommend for the specification? 17:56:45 rsleevi: normative text on secure origin, configurable through policy 17:57:00 ... 2 qs, what to users expect, what do devs expect? 17:57:32 ... if you set a minimum expectation, then that this policy may be extended, enhanced 17:57:45 ... goal, be clear for devs, what user should experience when visiting their site 17:58:02 ... interop concern on algos, if it's not clear to devs what users will have 17:58:25 ... baseline expectation: if a user, frshly installed browser, comes to the site, what should they see 17:58:28 q? 17:58:39 q+ 17:58:49 ... then we can allow for carve-outse, e.g. local sites, developer options 17:58:52 zakim, close queue 17:58:52 ok, virginie, the speaker queue is closed 17:59:02 s/outse/outs/ 17:59:24 virginie: If you can come back in the afternoon as to what the changes to the specification would be 17:59:36 israelh: I think it's clear / we have enough information to know what's proposed 17:59:45 harry has joined #crypto 17:59:47 q? 17:59:52 hhalpin has joined #crypto 18:00:10 q- mdwood 18:00:10 q- 18:00:29 q? 18:00:41 markw: We've heard that this is supposed to be a case by case basis 18:00:48 ... and the rationale here is different than say geolocation 18:01:11 ... and that argument does not apply to webcrypto, since we see there are generally useful things that we can do 18:01:20 ... so this is being used as a stick to push people to HTTPS 18:01:49 Spec text is necessary but not sufficient 18:02:10 rsleevi: I was trying to understand, is this an opposition on definition, or on reasoning? 18:02:23 ... if it's a definitional issue, I can work on the definition 18:02:25 mountielee has joined #crypto 18:02:27 And without necessary improvements, you don't get the outcomes you want 18:02:33 ... if it's a purpose issue, then that's a longer conversation 18:02:47 q? 18:02:47 vijay: it seems to be a purpose issue 18:03:03 last part of my comment was that moving the web to HTTPS is a larger project in which spec mandates of this kind are not helpful 18:03:05 JeffH_ has joined #crypto 18:03:38 vgb: it seems like a statement of philosopical purpose in a normative portion of the spec is not an appropriate thing 18:04:07 Resolution : https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972 to be closed with option 3 or 4 (as decribed earlier) 18:04:22 +1 18:04:30 +1 18:04:30 +1 18:04:33 0 18:04:36 +1 18:04:37 +1 18:04:44 +1 18:04:57 +1 18:05:07 0 18:05:20 selfissued has joined #crypto 18:05:27 virginie: can we get proposed informative text? 18:05:37 ... for discussion this afternoon 18:06:32 rsleevi: @@ the may restrict is unnecessary 18:06:52 ... unclear what option 3 proposes 18:06:59 virginie: Discuss this afternoon 18:07:05 virginie: We will come back and revisit what Option 3 is proposing in the afternoon 18:08:12 rsleevi: (minuting my remarks earlier) saying a UA MAY restrict to a secure origin in the spec is unnecessary, as that's true for all specs. It's unclear whether what is being proposed is that the spec recommends that UAs SHOULD restrict to secure origin, or if it's something else. The spec already lists in security considerations for authors that they 18:08:12 SHOULD _use_ secure origins 18:08:36 It's likely SHOULD for 99% uses 18:08:50 tantek has joined #crypto 18:19:40 mountie has joined #crypto 18:22:06 lurker has joined #crypto 18:24:21 virginie has joined #crypto 18:25:34 zakim, generate minutes 18:25:34 I don't understand 'generate minutes', virginie 18:26:26 rrsagent, generate minutes 18:26:26 I have made the request to generate http://www.w3.org/2014/10/30-crypto-minutes.html virginie 18:27:06 rrsagent, make logs world-visible 18:35:15 steph has joined #crypto 18:39:32 mountie has joined #crypto 18:47:19 Karen has joined #crypto 19:13:33 nvdbleek has joined #crypto 19:24:10 mountie has joined #crypto 20:09:13 rbarnes has joined #crypto 20:21:49 selfissued has joined #crypto 20:32:01 nvdbleek has joined #crypto 20:32:10 JMR has joined #crypto 20:32:38 JMR has left #crypto 20:34:01 rbarnes has joined #crypto 20:36:15 hhalpin has joined #crypto 20:37:10 jyates has joined #crypto 20:42:23 JonathanJ1 has joined #crypto 20:50:41 JMR has joined #crypto 20:54:34 rbarnes has joined #crypto 20:57:02 steph has joined #crypto 20:57:23 nvdbleek has joined #crypto 21:02:43 nvdbleek3 has joined #crypto 21:10:29 schuki has joined #crypto 21:13:33 rbarnes_ has joined #crypto 21:16:14 Karen has joined #crypto 21:21:25 steph has joined #crypto 21:21:54 tantek has joined #crypto 21:25:05 Karen has joined #crypto 21:45:42 npdoty has joined #crypto 21:49:25 melinda has joined #crypto 21:53:11 rsleevi has joined #crypto 21:54:32 rbarnes has joined #crypto 21:59:38 jin has joined #crypto 22:00:42 nvdbleek3 has joined #crypto 22:01:50 virginie has joined #crypto 22:02:02 mountie has joined #crypto 22:03:40 mountie has joined #crypto 22:03:43 allison has joined #crypto 22:03:51 kodonog has joined #crypto 22:04:11 mdwood has joined #crypto 22:04:15 scribenick: npdoty 22:04:25 juanlang has joined #crypto 22:04:38 harry has joined #crypto 22:04:42 Topic: Web Crypto bugs 22:04:49 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25972 22:04:50 hi everyone! 22:04:56 vgb has joined #crypto 22:05:08 virginie: scenario regarding secure origin 22:05:15 ... clarify behavior or recommend usage of a secure origin 22:05:18 ... 2 options: 22:05:25 ... 1) write some text or 2) do nothing 22:05:35 israelh has joined #Crypto 22:05:44 ... already written a requirement for using HTTPS 22:06:24 rsleevi: currently, text is a recommendation to use https in the security considerations 22:06:28 Security consideration text: " 22:06:28 While this API provides important functionality for the development of secure applications, it does not attempt to provide a mitigation for existing threats to the web security model, such as script injection or hostile intermediaries. As such, application developers must take care to ensure applications are secured against common and traditional attacks, such as script injection, by making use of appropriate existing functionality such as Content Security Poli 22:06:29 cy and the use of TLS. " 22:06:32 ... the question is whether to add a requirement for UAs to the specification 22:06:41 as a reminder our morning minutes are : http://www.w3.org/2014/10/30-crypto-minutes.html 22:06:50 thoughts? 22:07:16 harry: what would the text look like? 22:07:28 rsleevi: point to existing specifications, like Service Worker, that normatively require TLS 22:07:51 ... but a recognition that policy always exist in the Web platform, and specs don't address it, because policy is policy 22:07:59 From Service workers: https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#security-considerations 22:08:05 ... say, effectively, that UAs will expose this feature on HTTPS but not on HTTP 22:08:25 Key sentence is "Service workers should be implemented to be HTTPS-only. " 22:08:27 ... already have a number of specifications that don't mention policy 22:08:32 Then there's some discussion: 22:08:41 "The reasons for SSL-only support include: 22:08:44 Better to protect end users from man-in-the-middle attacks 22:08:44 Do good by encouraging HTTPS adoption 22:08:44 Existing "playground" services (e.g. github.io) now work with HTTPS 22:08:44 HTTPS is coming across much more of the web quickly 22:08:44 Devtools can loosen the restriction for development (file://, localhost, etc.) 22:08:45 " 22:08:48 JeffH has joined #crypto 22:08:49 ... and of course policy overrides specifications, because policy is about configuring to do something other than originally expected 22:08:55 q+ 22:09:12 Zakim, open the queue 22:09:12 ok, npdoty, the speaker queue is open 22:09:15 q+ harry 22:09:22 @@: already discussed. what about option 3? 22:09:29 markw has joined #crypto 22:09:34 s/@@/israelh/ 22:09:37 ... like a non-binding note to user agents 22:09:55 virginie: could take the example from service worker, but informative rather than normative 22:09:59 q+ 22:10:09 ack harry 22:10:09 q? 22:10:28 harry: seems like Web Crypto should be implemented to be HTTPS-only in user agents 22:10:43 ... might be different for Web Crypto rather than other api's 22:10:53 ... could have a SHOULD instead of a MUST 22:10:59 ... would be clearer as a note to developers 22:11:35 ... so that the standard web case should be over TLS, but could have some alternative environments 22:11:44 Charles_Engelke_ has joined #crypto 22:11:58 npdoty: I don't have a particular view on the view of normativity 22:12:14 ... it seems like we need to have a better definition, perhaps authenticated origins 22:12:24 ... a term from the Mixed Content Specification 22:12:28 +1 22:12:48 q? 22:13:03 Rather easy to reference that spec 22:13:05 colin has joined #crypto 22:13:13 rsleevi: yes, have a definition in normative language and an algorithm to evaluate it, addresses edge cases 22:13:54 Mixed Content specification: https://w3c.github.io/webappsec/specs/mixedcontent/ 22:14:21 rsleevi: willing to write up the proposal, although I would prefer MUST to SHOULD 22:14:25 virginie: follow up in email 22:14:32 including https://w3c.github.io/webappsec/specs/mixedcontent/#may-document-use-powerful-features 22:15:06 virginie: 16 minutes left before test session 22:15:10 ... list of bugs to address 22:15:36 virginie: more to do on errata extension? 22:15:44 markw: done. 22:16:03 virginie: security recommendations, expecting something from IETF CRFG 22:16:08 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607 22:16:18 harry: received a response, with expectation of decision by early December 22:16:29 ... don't think that actually influences us right now 22:16:33 q? 22:16:38 ... we have a clear errata process if we need to change it later 22:16:53 jgraham has joined #crypto 22:16:59 selfissued has joined #crypto 22:17:00 https://www.w3.org/Bugs/Public/show_bug.cgi?id=2561 22:17:16 @rsleevi, regarding https://w3c.github.io/webappsec/specs/mixedcontent/#may-document-use-powerful-features, I don't think we have agreed that WebCrypto is a "powerful feature" - at least we have not really discussed that 22:17:19 nvdbleek has joined #crypto 22:17:26 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25619 22:17:39 Bert has joined #crypto 22:17:44 rsleevi: addressed this morning. 22:18:31 26322 already addressed 22:18:43 27137 just editorial, has been fixed 22:19:09 24944 pubrules 22:19:21 markw: need to be consistent about reference to normative/informative references 22:20:09 markw: isn't there a bug about interoperability? 22:20:22 rsleevi: we've floated different proposals, but not closed 22:20:26 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25985 22:20:37 harry: we have a game plan 22:20:50 rbarnes: game plan is to see what's implemented and perhaps have a common core 22:21:09 virginie: milestones 22:21:23 ... before the new W3C Process was endorsed, following 2005 Process 22:21:40 ... Candidate Recommendation, Proposed Recommendation and then Recommendation 22:21:55 harry: could have small changes based on a decision we could make after CR 22:22:07 virginie: try to put some dates to these Rec track steps 22:22:32 ... determine when are we going to re-charter? 22:22:40 harry: CR will depend on the test suite situation 22:22:57 ... could be fairly quickly, in a few months 22:23:14 ... PR and Rec are more of a phase about patent commitments more than anything else, little for the WG to do 22:23:35 ... workload for the WG will lighten after CR 22:23:37 nvdbleek3 has joined #crypto 22:24:23 harry: want to finish the test suite, and then re-charter 22:24:41 ... likely to be over the winter, but could be variable so don't need to settle those dates in a new charter right now 22:24:57 virginie: harry to prepare the transition request 22:25:16 ... need the editors to have a very clean response to all bugs. when will bugzilla be empty? 22:25:41 markw: could be early next week 22:26:07 q? 22:26:08 q? 22:26:09 harry: can start pubrules once you send me an email 22:26:16 once all the text is completed. 22:26:28 in terms of substantial comments. 22:26:59 shadow has joined #crypto 22:27:08 Topic: Tests and Tools 22:27:31 harry: for a spec for which you have a few different implementations, can you explain the testing and toolset? 22:27:48 jgraham: basically, there's a certain existing infrastructure for testing 22:27:56 ... a harness for writing tests: testharness.js 22:28:01 ... documented on testthewebforward.org 22:28:15 ... server-side component 22:28:26 ... a repository of web platform tests 22:28:40 ... pull down the server as well as all the tests, a complete locally available test environment 22:29:09 ... a couple of tools for running the tests: in-browser runner, one page after another 22:29:25 ... reports of different implementations, produces JSON output and tables 22:29:46 ... wbtrunner: run the tests externally and run them in various different browsers 22:29:52 ... state of the infrastructure 22:30:14 virginie: don't have any tests yet, but do have implementations, don't have anyone in charge of tests 22:30:25 ... what's your advice for making the testing phase efficient? 22:30:57 jgraham: not sure historically we've been that successful about getting all the tests, but we're getting better 22:31:12 ... some WGs have appointed a czar as responsible for the tests 22:31:27 ... make sure people are actually submitting tests, getting others to review, etc. 22:31:36 ... giving someone responsibility may be quite helpful 22:31:45 berjon: it's work 22:31:50 q+ 22:31:52 q+ 22:32:04 berjon: some groups have had test-oriented meetings 22:32:12 There are some Jasmine tests in the web folder here: https://github.com/Netflix/NfWebCrypto/tree/master/ 22:32:20 ... a f2f meeting where people code, maybe just 5 people all-day for two or three days 22:32:32 ... good for momentum 22:33:00 rsleevi: question on licensing expectations for tests 22:33:35 jgraham: typically dual licensed, W3C Test Suite License, but for all other purposes are BSD licensed 22:34:04 rsleevi: there are a ton of tests in Chromium, which is already BSD licensed 22:34:04 ... just might be a matter of importing them 22:34:14 ... WebKit also has tests, but not sure about translating them or the license 22:34:30 rbarnes: Mozilla has tests that could be moved over as well 22:34:52 jgraham: problem isn't about license, typically, but about time to convert 22:35:04 markw: also have tests we could contribute, and don't have time to convert 22:35:06 the moz tests: http://dxr.mozilla.org/mozilla-central/search?tree=mozilla-central&q=path%3Adom%2Fcrypto%2Ftest&redirect=true 22:35:34 israelh: without a test team/restructuring recently 22:35:35 ack harry 22:35:36 jy has joined #crypto 22:35:54 harry: just wanted to check about MSFT. anyone else with tests? 22:36:12 q? 22:36:17 https://code.google.com/p/chromium/codesearch#chromium/src/content/test/data/webcrypto/ as test data with https://code.google.com/p/chromium/codesearch#chromium/src/content/child/webcrypto/test/ 22:36:20 ... just finding someone to do the conversion of Chrome, Mozilla, Netflix tests 22:36:38 selfissued has joined #crypto 22:37:04 berjon: coordinating test-writing, could have been more efficient to just use the open source testing in Web Platform 22:37:22 rsleevi: but unit tests are easier/closer to run for a particular product during development 22:37:31 virginie: how do we know when we're happy about test coverage? 22:38:11 berjon: we've tried to build heuristics in the past. parse the spec, detect a conformant statement, and then expect a certain number of tests 22:38:41 ... without doing the human work of comparing the spec and the tests 22:38:59 q? 22:39:18 ... job of the test czar 22:39:40 ... never get to Rec without a good test suite 22:40:15 jgraham: looking at the tests posted in IRC. Mozilla tests are something you can start from -- written in JavaScript in the Web browser, not about a specific implementation 22:40:35 markw: Netflix tests also include tests that run in the browser 22:40:45 virginie: who wrote the nice tests? 22:40:50 Apple's is http://trac.webkit.org/browser/trunk/LayoutTests/crypto 22:41:03 which are all JS as well 22:41:10 q? 22:42:30 jgraham: would like to avoid different test formats, which requires maintaining an ever greater number of test formats/harnesses 22:42:41 shadow has joined #crypto 22:43:12 rbarnes has joined #crypto 22:43:21 q+ 22:43:26 virginie: anyway interested in investing in the tests, in order to advance to Recommendation 22:43:27 ack harry 22:43:57 harry: I'll take an action about trying to make a more compelling reason for Test Czar or TTWF event 22:43:59 ... maybe there's funding available for events 22:44:02 ... make it more enticing 22:45:32 berjon: #testing is a friendly channel for getting advice 22:45:38 thanks from and to the testing folks 22:45:46 q? 22:46:01 Topic: Implementations 22:46:07 harry: good with promises? 22:46:09 israelh: yeah 22:46:11 q? 22:46:15 detailed firefox status: https://docs.google.com/spreadsheet/ccc?key=0AiAcidBZRLxndE9LWEs2R1oxZ0xidUVoU3FQbFFobkE&usp=sharing 22:46:25 q+ 22:46:55 virginie: microsoft, google, mozilla, apple, netflix plugin 22:46:56 ack rsleevi 22:47:04 q+ 22:47:12 rsleevi: netflix tests passed in Chrome 22:47:19 ... similar status on algorithms to Firefox 22:47:28 ... not adding new algorithms to NSS-based implementations 22:47:51 ... moving all of our platforms to BoringSSL 22:48:19 ... will have algorithms that appear differently in different versions as we move to BoringSSL 22:48:51 ... a penalty of a decreasing number of cryptographic libraries 22:49:34 ... not planning to implement AES-CMAC or CONCAT 22:49:40 ... if people have use cases, let us know 22:50:07 ... ECC is also going into BoringSSL soon 22:50:19 ... depending on platform 22:50:23 ack rbarnes 22:50:23 q+ 22:50:37 rbarnes: spreadsheet https://docs.google.com/spreadsheet/ccc?key=0AiAcidBZRLxndE9LWEs2R1oxZ0xidUVoU3FQbFFobkE&usp=sharing#gid=1 22:50:48 ... as of Firefox 35 in early January, all algorithms will be there 22:50:56 ... turning on WebCrypto by default in November-ish 22:51:12 ... ECDSA and ECDH, likely to come in January 22:51:27 ... not seeing demand for CFB 22:51:43 q? 22:51:46 ... not planning on CONCAT or HKDF 22:52:17 rsun has joined #crypto 22:52:17 rsleevi: differences in the specification of CONCAT? 22:52:21 vijay: CONCAT is fine 22:52:29 ack virginie 22:52:59 virginie: for the group, how are we going to document? interoperability bugs will require us to describe the implementations and interoperability tests 22:53:16 ... should we keep track of different implementations? 22:53:24 ... level of implementation should be documented 22:53:29 harry: with the test suite 22:53:50 nvdbleek has joined #crypto 22:53:57 rsleevi: focus on the test suite, and answers not just whether the vendor announces support but empirically whether it does 22:53:57 q+ 22:54:19 npdoty: Do we have any site that will tell us the implementation status for different browsers 22:54:35 q- 22:54:46 hhalpin: That's generally covered by tests (Test the web forward) 22:54:51 harry: haven't seen that automated, though maybe it was interest 22:55:00 israelh: behind a flag? 22:55:15 won't be behind a flag or isn't behind a flag 22:55:31 To be clear, there was interest and I think it would be a good idea but doesn't exist yet 22:56:36 Topic: Web Crypto Next Workshop 22:56:37 in safari, it appears to be window.crypto.webkitSubtle 22:57:08 heh webkitSubtle :) 22:57:09 virginie: 70 people, 44 papers, actors from several industries 22:57:15 it's a subtle fad 22:57:33 ... new friends -- lots of w3c non-members 22:57:57 ... discussion of new features: algorithms, key storage/secure storage, etc. 22:58:11 ... authentication and access to services in secure token 22:58:17 please post the link of report 22:58:29 ... secure elements, TPM, trusted execution environment 22:58:43 ... scheme for authentication, similar to FIDO alliance or PKI-based challenge-response 22:58:51 ... discussion of government authentication 22:59:10 ... report available 22:59:37 http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/report.html 22:59:42 ... followed-up on Web Security IG mailing list, a public discussion (not to interrupt Last Call) 22:59:56 ... next step is to find a place for new features to land 23:00:11 ... charter or re-charter as necessary. could be in Web App Sec, or Web Crypto 23:00:18 ... both potentially re-chartering now 23:01:15 ... captured a list of use cases or new features 23:02:13 Authentication API: medium support 23:02:13 Algorithm Discovery: medium support 23:02:14 Key Discovery: high support 23:02:17 Device Discovery: high support 23:02:17 Hardware tokens in scope (including Platform-held keys): unanimous support 23:02:19 Attestation of provenance: high support 23:02:20 Discovery with access control: medium support 23:02:22 Multi-origin support: medium support 23:02:23 User-owned keys: medium support 23:02:24 Origin and attested signatures: medium support 23:02:25 Local authentication binding with key usage: high support 23:03:32 virginie: harry organized a show of hands for rough count 23:04:03 ... high numbers for hardware tokens (lots of those vendors in the room, but interest from others too) 23:04:07 q? 23:04:15 q+ 23:04:19 ... any questions? 23:04:22 ack harry 23:04:52 harry: to clarify, W3C doesn't do workshops just 'cause, but rather because of interest of Members 23:05:32 ... maybe sooner than necessary. heterogeneous group 23:05:42 ... but try to get consensus at least from the members who would be in the WG 23:05:56 q+ 23:06:00 q+ 23:06:13 ... do people show up? do they agree at all? 23:06:21 note : raw notes of the workshop https://www.w3.org/Security/wiki/IG/webcryptonext_workshop 23:06:25 ... capabilities for accessing hardware-bound tokens would be useful 23:06:35 ... not necessarily agreement for a single technical approach 23:06:59 q+ 23:07:04 virginie: if I stay as a chair, don't want work in the charter that people won't contribute to 23:07:06 q+ 23:07:20 ... pushing hardware vendors to join if they want to see that work done 23:07:51 rbarnes: very valuable for me in seeing all the hardware work out there 23:08:07 ... problem of supporting secure hardware, but not a crypto problem 23:08:24 ... might be better in a different WG, rather than just a Crypto approach 23:08:36 ack rbarnes 23:08:43 ... open to discussing other topics 23:08:57 Karen has joined #crypto 23:09:09 rsleevi: have a similar position 23:09:29 ... w/r/t rechartering, likely not interested beyond potential algorithmic changes 23:09:38 q? 23:09:51 ... Google interested in hardware token, part of FIDO, not a crypto problem 23:10:08 q+ 23:10:11 ... not very interested in a general API for hardware tokens 23:10:28 ... unless we see a set of proposals that already look valuable 23:10:45 ... for proposals that want to explore/propose something valuable, could use a Business Group or Interest Group 23:11:15 ... model that FIDO has used is a good example. got a set of use cases and requirements and then an API, and now have a completed set for discussion 23:11:33 ... includes platform-bound keys, which can be privacy-invasive, so will require a lot of discussion 23:12:07 harry: uncomfortable chartering new work unless we have a clear input submission or submissions with agreement 23:12:28 ... having a blank slate in the WG (as we kind of did with this one) makes for more work 23:12:41 ... FIDO work and key discovery would be the non-blank-slate one 23:13:00 ... if people want to look at those sets of drafts here, if we have the time 23:13:22 ... quicker to recharter than to start a new WG, but totally possible to charter new WG if we have committed 23:13:57 ... could try to convince webappsec 23:14:02 virginie: webappsec has a poll for potential features for rechartering 23:14:16 nickv: they already went through their list of ten 23:15:49 selfissued: to take a contrary position on scope of rechartering 23:16:08 ... two of the work items we're considering are about extending/using webcrypto capabilities 23:16:22 ... using webcrypto operations with platform-held keys rather than browser-held keys 23:16:28 ... not a big extension 23:16:36 ... colleagues will present a concrete suggestion on how that could happen 23:16:46 ... very in scope of this group to enable the use of more keys 23:17:01 ... if we decide to take on the BigNum work, it's a clear extension of the WebCrypto work 23:17:08 We have zero interest in the current BigNum proposal. 23:17:13 q? 23:17:20 ... it's not generic BigNum, but for field mathematics for cryptographic applications 23:17:35 vgb: broadly, +1 to rsleevi rbarnes 23:17:36 i also don't have a strong feeling one way or another on bignum 23:17:44 ... shouldn't start with a blank slate, but a clear idea of what to do 23:17:54 ... access to hardware is not primarily a crypto problem 23:18:14 ... if we can break off the crypto part of that problem, if we can do that concretely, that would be good 23:18:22 ... but don't want mission creep, away from our core competency 23:18:36 virginie: if the function is implemented in a hardware token 23:18:50 vgb: what should the interface be at a crypto level, rather than the device driver aspect 23:19:30 vgb_ has joined #crypto 23:19:34 virginie: send to the WG members a poll, as webappsec has done, maybe in a few months 23:19:42 q? 23:19:45 israelh_ has joined #Crypto 23:19:51 juanlang_ has joined #crypto 23:19:51 ack rsleevi 23:20:13 rsleevi: that said, we have been exploring APIs through extensions 23:20:23 ... especially around security concerns regarding the hardware tokens 23:20:38 ... before we would be willing to do that for the Web 23:20:53 ... but have an extensions API, as encouragement for vendors to explore 23:21:12 ... for platforms with extensions, a way to balance the functionality with security concerns 23:21:32 ... in the near term, based on current discussions, not optimistic about a proposal. if there is a really good proposal, we'd support re-chartering 23:21:48 ... work with the same set of people in the room, that might eventually make it into an API proposal 23:21:58 jin_ has joined #crypto 23:22:13 Topic: Certificate & Key Management 23:22:35 israelh: what's the minimum core set of capabilities that extend crypto 23:22:44 ... users to be able to manage their certificates and keys independent of transactions 23:23:11 ... not always associated with the domain of origin 23:23:17 ... hardware-bound certificates or keys 23:23:21 ... user-selection of certs and keys 23:23:37 ... be able to generate new certs and keys as part of their workflow 23:24:04 ... out of scope: dealing with writing certs/keys back to external devices 23:24:31 ... existing capabilities 23:24:49 ... ... provisioning certificates, processing operations, storage 23:24:55 ... ... polyfills already provided 23:25:07 rrsagent, please draft the minutes 23:25:07 I have made the request to generate http://www.w3.org/2014/10/30-crypto-minutes.html npdoty 23:25:24 ... ... server-side, updating and revoking certificates 23:25:52 ... capabilities not already covered: 23:25:55 tantek has joined #crypto 23:25:56 ... ... generating keys 23:26:06 ... ... get a key and sign with that key 23:26:35 ... ... create an API so that a developer can get a key, but from anywhere 23:26:54 ... what are the boundaries where we need to provide an API? 23:27:10 Chrome extension documentation - https://developer.chrome.com/extensions/enterprise_platformKeys 23:27:18 ... using Pre-Provisioned Keys from External Devices 23:27:59 allison has joined #crypto 23:28:25 ... can select a prompt that leads to an OS-provided interface for choosing a key and entering a PIN 23:28:35 ... and only then return the key to the web api 23:28:45 ... acquiring a new key from the Web 23:28:50 jy has joined #crypto 23:29:15 ... going to a Visa site, creating a certificate, and then immediately return to the other page with that key/cert 23:29:31 ... iframe collaboration / postMessage 23:29:41 tantek_ has joined #crypto 23:29:46 oh look, OAuth! 23:30:03 ... proposes two new methods on the SubtleCrypto interface 23:30:11 ... signExt and generatekey 23:30:49 vgb_: origin-bound keys is almost everything, but want to bring in keys that exist but aren't origin-bound, like Smart Cards 23:30:59 ... use user consent as the vehicle 23:31:06 ... newly-generated keys will be origin-bound 23:31:34 ... how do you know that the thing you signed is what the user thought they were signing? 23:31:43 ... show this to the user and bind it together with the hash/signature 23:32:08 ... primitive for a hash that is signed combined with what the user was shown to be signed 23:32:20 ... useful and not a huge addition 23:32:25 markw has joined #crypto 23:32:37 israelh_: key metadata for querying a key at a later time 23:32:39 colin has joined #crypto 23:32:46 Charles_Engelke_ has joined #crypto 23:33:04 ... "issuer" and "subject" for querying certificates later 23:33:58 ... have an aggregated list of keys for the developer, rather than particular URIs 23:33:58 ... always only get one key, the key that the user selected 23:34:02 rbarnes has joined #crypto 23:34:05 ... if the key is domain-bound, don't have to ask the user, already in the circle of trust 23:35:02 vgb_: having a relatively heavy-weight selection process. sites can clone the key, but users can clear with their browsing history 23:35:15 ... preserves at least some of the user expectation of privacy 23:35:58 israelh_: [generate key example] 23:36:04 bhill2 has joined #crypto 23:36:12 ... [getKey example] 23:36:47 ... rely on the user agent to bring up the UI, to look very different, full-screen system UI 23:36:56 ... make it more difficult to be spoofed 23:37:18 questions? 23:37:32 vgb_: an early strawman, not a finished API draft 23:37:49 ... detail of what we think a minimal, concrete proposal would look like 23:37:50 q+ 23:37:58 q+ 23:38:17 virginie has joined #crypto 23:38:21 nvdbleek has joined #crypto 23:38:34 mountie: this covers the multiple topics discussed at the workshop, key discovery, multiple origin support, user provided keys 23:38:41 ... +100 23:38:46 q? 23:38:57 q+ 23:39:13 rsleevi: this is very similar in many ways to the Chrome extension API that we've explored 23:39:23 ... doesn't address all the use cases that people want for smart cards 23:39:36 ... especially for Internet at large 23:39:59 ... biggest concern, security concern 23:40:31 ... exposing hardware tokens of any sort, is that these can be trivially postMessaged off to another origin 23:40:53 ... hard or unlikely to make it not-postMessage-able 23:40:59 ... need a stronger component for authorization 23:41:15 ... FIDO binds in the origin, unspoofable because it comes from the UA 23:41:41 ... scary if possible to get permanent access to a hardware token from an evil site 23:41:49 q? 23:42:35 vgb_: isn't existing also vulnerable to postMessage off the origin? 23:42:44 rsleevi: particularly for hardware tokens 23:43:05 vgb_: mitigated if the sign-with UI is sufficiently good 23:43:06 nvdbleek has joined #crypto 23:43:23 ... if the signature is only valid for the thing you thought you were signing, then you're okay 23:43:23 q+ 23:43:37 ... bad guy gets a signature, but it's not good for anything 23:43:50 to rbarnes, lets finish that exchange, if this is ok with you ... 23:44:03 rsleevi: an early proposal was similar to mozilla window.crypto.sign box 23:44:09 ... down that road lies madness 23:44:33 ... XML DSig or PDF -- the space is messy 23:44:55 ... one suggestion was sign all the resouces on the page (to ensure not XSS) 23:45:05 ack rbarnes 23:45:20 rbarnes: Firefox has had a similar API to this for a while, generate new keypair, enroll a certificate 23:45:34 ... API is disappearing shortly, for security concerns and lack of use 23:45:35 kodonog has joined #crypto 23:45:49 ... would want a more general approach 23:46:03 ㅂ+ 23:46:03 q+ 23:46:15 ... general way of talking to applications on secure hardware, where crypto is just one application 23:46:24 JeffH has joined #crypto 23:46:29 ... access-control story, including these sharing issues 23:46:53 ack nvdbleek 23:47:00 nvdbleek: for our use cases, the proposal looks very promising 23:47:05 q+ 23:47:18 ... regarding keys moving to different origins. for lots of hardware tokens, have to add an extra PIN for every operation 23:47:35 ... so the key is unlikely to be stolen, because it requires that PIN every time 23:47:46 rsleevi: the experience is that PINs don't at all mitigate that concern 23:47:56 ... FIDO has a user interactivity requirement, but even that is insufficient 23:48:14 ... a PIN prompt when you have 20 tabs open .... 23:48:24 vgb_: should have a richer conversation offline 23:48:39 ack mountie 23:49:01 q+ 23:49:02 mountie: for TLS, a certificate is the baseline of security on the Internet, 23:49:06 q- 23:49:16 ... we already need the certificate at the application-layer 23:49:40 ... many things we need to touch at the application-layer, like key discovery 23:49:50 ack JeffH 23:50:02 JeffH: some looks very similar to what we've done in FIDO 23:50:15 Notes regarding hardware access APIs my previous presentation from the Lyon F2F - http://lists.w3.org/Archives/Public/public-webcrypto/2012Nov/att-0022/Web_Crypto_Introduction.pdf 23:50:16 ... addressed issues that rsleevi is raising 23:50:45 ... token-binding which is presumed that wasn't discussed 23:51:25 ... a layered approach: discussing the Crypto API by itself, may create problems when trying to address the cohesive whole 23:51:45 ... the app id and facet stuff, aluded to, is aimed at preventing misuse of the signing operation by other entities 23:51:49 q+ 23:51:51 ... doesn't necessarily fit in web crypto 23:52:02 ... token-binding stuff already in IETF 23:52:22 vgb_: a single more holistic discussion? 23:52:47 q+ 23:52:52 JeffH: scary, sharp security problems might be more present when looking at a piece in isolation 23:53:06 bhill2: Brad Hill, Facebook, Web App Sec 23:53:18 ... paper co-authored with JeffH and some FIDO folks 23:53:31 ... key-usage and origin-binding 23:53:37 ... people want to use them from mobile applications as well 23:54:02 ... how do we build keys that can be used, generally, in the browser but also Android, iOS, Windows Phone 23:54:24 ... keep that as a high-level use case to keep in mind 23:54:35 http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/papers/webcrypto2014_submission_44.pdf 23:54:38 vgb_: Web Crypto has always been about web interfaces to platform capabilities 23:54:54 ... what would be the platform capability to which this would correspond? 23:54:56 the position paper hillbrad was referring to: http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/papers/webcrypto2014_submission_44.pdf 23:55:50 bhill2: existing Smart Card systems or PKI systems aren't already built around origin concepts 23:56:03 rsleevi: tension between Extensible Web Manifesto and low-level primitives 23:56:15 ... and this holistic view 23:56:25 ... platform-keys have historically had bad security properties 23:56:46 ... emergent properties vs. high-level, FIDO-like API 23:57:00 ... desire and pressure to move existing systems to the Web 23:57:17 ... Web has changed in the past two years 23:57:54 ... have an extension / USB API 23:58:13 ... low-level prmiitive, scoped to signed applications, add low-level interfaces to experiment with 23:58:59 ... bringing platform keys into web crypto can't deal with the holistic security issues, because Smart Cards alone can't do so 23:59:11 ... slides from Lyon still relevant 23:59:59 israelh: not a secure model, in that the extension can be across origins and doesn't have the guarantees that we're worried about 00:00:13 rsleevi: not inherently more secure, but allows for experimentation 00:00:46 ... that's a good way to iterate and implement in order to get a more firm proposal 00:00:50 jyates_ has joined #crypto 00:01:04 q? 00:01:21 scribenick: rsleevi 00:01:51 virginie: so this story of new features and rechartering will happen in a few months 00:02:06 ... few things about the WG life 00:02:21 ... our current operation method is we don't have calls anymore, we treat stuff over the mailing list 00:02:35 ... we do ad-hoc calls if necessary, and then any resolutions on the calls have two weeks on the mailing list 00:02:50 sangrae has joined #crypto 00:02:58 ... we meet once a year on average 00:03:09 more meetings in Lyon! 00:03:22 virginie: Wanted to confirm that this WG method is still workable 00:03:26 q? 00:03:35 ping 00:03:36 q? 00:04:10 virginie: Next steps: We will be working over the mailing list to clean the Web Crypto API 00:04:22 ... specifically editors / chair / staff contacts to deal with progressing on the rec track 00:04:37 ... question raised by @@ on whether we want to have a day for testing 00:04:58 virginie: Would the WG be willing to spend a day or two F2F to integrate testing 00:05:26 ... is there AOB to address before we close? 00:05:46 @@: The Web Payments IG has started this week 00:06:23 ... the web payments is only an IG at the moment. Our plan is to start collecting use cases, authentication, access to a secure element 00:06:31 ... in time we'll look for a WG that can handle this work 00:07:16 virginie: I think we can now close the meeting. Thanks to everyone for the very hard work 00:07:32 ... thanks to everyone for coming and have a great end of the week 00:07:39 I'm logging. I don't understand 'prepare the minutes', rsleevi. Try /msg RRSAgent help 00:08:01 RRSAgent, please draft the minutes 00:08:01 I have made the request to generate http://www.w3.org/2014/10/30-crypto-minutes.html rsleevi 00:08:08 bhill2 has joined #crypto 00:16:53 rbarnes has joined #crypto 00:26:34 nvdbleek has joined #crypto 00:31:41 mountie has joined #crypto 00:44:54 steph has joined #crypto 01:58:00 harry has joined #crypto 02:29:08 bhill2 has joined #crypto 03:02:20 bhill2 has joined #crypto 04:53:51 rrsagent, make minutes 04:53:51 I have made the request to generate http://www.w3.org/2014/10/30-crypto-minutes.html bhill2 04:53:55 rrsagent, set logs public-visible 04:54:00 bhill2 has left #crypto 04:57:17 nvdbleek has joined #crypto 06:01:16 rbarnes has joined #crypto 06:08:55 Bert has left #crypto 06:36:28 tantek has joined #crypto 07:28:11 mountie has joined #crypto 08:32:24 mountie has joined #crypto