See also: IRC log
<hhalpin> great work engelke!
<engelke_> thanks, harry
<hhalpin> trackbot, start meeting
<trackbot> Meeting: Web Cryptography Working Group Teleconference
<markw> Can someone post the dial-in details ?
<virginie> to markw webex +1-617-324-0000 643 244 026
<hhalpin> +1-617-324-0000 Access Code: 643 244 026 (Member-protected password) WebEx Link IRC irc.w3.org:6665 #crypto
<scribe> scribenick: wseltzer
virginie: reviewing agenda
ryan: we should talk about ASN.1 encoding issues, status
<hhalpin> In detail, I hope we have a proposal over this Ryan :)
virginie: Status update on
testing?
... I've seen some updates from Charles
charles: started writing tests
for generateKey
... figured out the platform, wrote tests for all the combos of
parameters that should work
... and then ran through all the combinations of bad parameters
to make sure they throw the right error
... in the order the spec describes
... from preliminary run, these tests take a long time
... generating RSA keys is slow, and lots of tests being
run
... FF and Chrome both do well on success tests, less
consistent on failure test
<jimsch> +1 to errors returned on tests not being what is specified
charles: expect to be done with
complete set of tests on generateKey this week
... for review
... will test what browsers say the support, not whether they
do it correctly
virginie: Thanks!
... next step for others to review the tests
... browsers should review them
<hhalpin> ryan_hurst - thats much better!
ryan: I've started a list of
tests based on the spec
... intend to share with the list this week
... then look at what tests Charles and ohters have written,
what gaps exist
... re reviewing findings, I'll make sure to get a date when
Google can get back to you
... have to coordinate internally
virginie: Thank you
jimsch: I've been working on tests too, working with Charles on merge strategy
ttaubert: I'll take a look by next meeting, talk with team
markw: With the generateKey
tests, looks as though it's testing every possible combo of
name, parameter, key usage
... is it necessary to test every permutation?
... testing independently rather than matrix might be
sufficent
ryan_hurst: I think it's
important that we have the negative tests
... from implementation experience, most often, success modes
interoperate, but failure modes and flexible modes don't
... so I'd hate to lose the testing of failures
markw: are you talking about problems that might come from specific combos, more likely in failures?
jimsch: yes
markw: maybe the failures run more quickly?
charles: but there are many more of the failure tests
markw: how long does it take to run full generatekey?
charles: maybe 5min for each of
success and failure
... failure one isn't completing in FF on linux. Too many
promises queued
ryan_hurst: is it really a problem if the test takes 5min?
markw: agree, err on the side of completeness
jimsch: I'd like to refactor
tests so they're more algorithm-centric
... e.g., to enable people to run all the tests that match a
pattern
<engelke_> I agree.
jimsch: help people for using the tests in development
virginie: ok, who's going to do that?
jimsch: ryan, charles, and I can work on that
ryan_hurst: looking forward to working with Jim and Charles
virginie: good coverage, tests anyone can use and improve, is a good target. Thanks to the three of you.
hhalpin: tests serve a dual
purpose: get us out of CR to Proposed Rec
... for that, prioritize coverage
... then, we can get into PR, refactor tests and integrate in
WebPlatform Test suite
... can invite PLH to talk further
... re timing issues
virginie: anything else on testing?
<hhalpin> notice that we can keep refactoring the tests even after we've left PR, as long as the first version has the right coverage
virginie: Implementations and
incompatibilities between implementations
... Ryan mentioned ASN.1
<engelke_> pbkdf2 keyGeneration?
Ryan: thread we just had on PBKDF2, removing derivation?
jimsch: yes, I think we heard consensus to remove that
virginie: any comment on removing PBKDF2?
PROPOSED: Remove PBKDF2
virginie: removing a feature with no impact
ryan: yes, no UAs implement
<engelke_> Still keeping other operations for it.
PROPOSED: Remove PBKDF2 derivation
<engelke_> +1
<jimsch> +1
<virginie> +1
<engelke_> Section 32.4 - remove Key Generation option
<ttaubert> +1
<jimsch> Proposed: Remove the generate key functionality from PBKDF2, but allow for Import Key
ttaubert: I support removing generateKey for PBKDF2
RESOLUTION: Remove the generate key functionality from PBKDF2, but allow for Import Key
Ryan: whether it makes sense to
specify a profile of ASN.1 that implementations would
support
... beneficial to be explicit, rather than leaving it
unspecified up to underlying libraries
... Jim and I should sit down to come up with proposal to
socialize on-list, review with implementers
... non-ambiguous with regard to data structure
expectations
virginie: happy to see more
clarity in the spec to promote interop
... can you socialize on the list for our next call in
2weeks?
ryan: that's probably too
aggressive; it's non-trivial
... lean on Jim's experience here.
virginie: Let's review in one
month, discuss on-list in meantime
... anything else on which you'd like decision or path?
jimsch: I raised an issue on
HKDF
... changing set of parameters passed in. Would people review
for decision?
ryan: could you re-send that to the list?
<jimsch> subject: Renaming of HKDF-CTR to HKDF converstaion starts on 3/7/16
virginie: bug review
... let's have a formal bug review on the next call in 2
weeks
markw: I have a backlog of editing; bugs to move from bugzilla. I'll start on the simpler ones there
virginie: Thanks!
-> https://lists.w3.org/Archives/Public/public-webcrypto/2016Mar/0027.html Renaming of HKDF-CTR to HKDF (start of jimsch's thread)
virginie: I sent milestones that
were too aggressive
... we need to make effort so we're not continually asking for
extensions
... keep up the intensive work
... of course good work is better than rushed work
... so keep the calls every 2 weeks for the WG
... and testers are meeting informally
... still need to resolve implementation divergence
... in a month, if possible
... thanks to those who are participating. Do we need to do
anything to bring others in?
ryan: 1.5 months isn't realistic
for PR transition
... it's not a question of people so much as of time
... we have engagement from all the UAs we need to take it to
last call
... need to go through the tasks one by one
wseltzer: good to have evidence
of real work on the testing and progress on the interop
questions
... if we need another extension
jimsch: I'm less worried about
the testing than about getting decisions where there are
interop problems
... we need to get decisions made and into the draft
virginie: in terms of decisions,
we have the right people on the call
... if we can't make decision, we might have to remove
features
... in terms of editing, it's all on MarkW's shoulders
... he might like some additional help
ryan: Mark, if you have a queue and need help, let me know
markw: working to get it all into github
hhalpin: We have great momemtum; let's keep the progress up.
virginie: thanks, good to see progress
ryan: just released XML-DSIG implementation on top of WebCrypto
Charles: in production use with WebCrypto, signing and verifying documents
virginie: please share
information on usage of WebCrypto
... Also wanted to note last week's workshop, Hardware Based
Secure Services CG meeting
... we talked about extending WebCrypto, giving option for keys
backed by secure element or TEE
... in discussion
ryan: you may be interested in
polyfill I released for WebCrypto PKCS11 in node
... personal projects on the side
virginie: Our next call for WG will be in two weeks
hhalpin: do testers want intermediate calls?
Charles: maybe Ryan, Jim, and I could coordinate among ourselves rather than standing call
jimsch: we probably want to talk before Monday
hhalpin: the call is available if you need it Monday
virginie: Next official call, May
16, same call-in
... thanks for the dynamic work. Great progress.
This is scribe.perl Revision: 1.144 of Date: 2015/11/17 08:39:34 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/jimsch/ryan_hurst/ Succeeded: s/jimsch/ryan_hurst/ Succeeded: s/@@/ryan/ Found ScribeNick: wseltzer Inferring Scribes: wseltzer Default Present: virginie, wseltzer, jimsch, engelke, ttaubert, markw, ryan_hurst, hhalpin Present: virginie wseltzer jimsch engelke ttaubert markw ryan_hurst hhalpin WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Found Date: 02 May 2016 Guessing minutes URL: http://www.w3.org/2016/05/02-crypto-minutes.html People with action items:[End of scribe.perl diagnostic output]