W3C

- DRAFT -

WebCrypto

02 May 2016

See also: IRC log

Attendees

Present
virginie, wseltzer, jimsch, engelke, ttaubert, markw, ryan_hurst, hhalpin
Regrets
Chair
SV_MEETING_CHAIR
Scribe
wseltzer

Contents

<hhalpin> great work engelke!

<engelke_> thanks, harry

<hhalpin> trackbot, start meeting

<trackbot> Meeting: Web Cryptography Working Group Teleconference

<markw> Can someone post the dial-in details ?

<virginie> to markw webex +1-617-324-0000 643 244 026

<hhalpin> +1-617-324-0000 Access Code: 643 244 026 (Member-protected password) WebEx Link IRC irc.w3.org:6665 #crypto

<scribe> scribenick: wseltzer

welcome

virginie: reviewing agenda

ryan: we should talk about ASN.1 encoding issues, status

<hhalpin> In detail, I hope we have a proposal over this Ryan :)

test status and related clarifications

virginie: Status update on testing?
... I've seen some updates from Charles

charles: started writing tests for generateKey
... figured out the platform, wrote tests for all the combos of parameters that should work
... and then ran through all the combinations of bad parameters to make sure they throw the right error
... in the order the spec describes
... from preliminary run, these tests take a long time
... generating RSA keys is slow, and lots of tests being run
... FF and Chrome both do well on success tests, less consistent on failure test

<jimsch> +1 to errors returned on tests not being what is specified

charles: expect to be done with complete set of tests on generateKey this week
... for review
... will test what browsers say the support, not whether they do it correctly

virginie: Thanks!
... next step for others to review the tests
... browsers should review them

<hhalpin> ryan_hurst - thats much better!

ryan: I've started a list of tests based on the spec
... intend to share with the list this week
... then look at what tests Charles and ohters have written, what gaps exist
... re reviewing findings, I'll make sure to get a date when Google can get back to you
... have to coordinate internally

virginie: Thank you

jimsch: I've been working on tests too, working with Charles on merge strategy

ttaubert: I'll take a look by next meeting, talk with team

markw: With the generateKey tests, looks as though it's testing every possible combo of name, parameter, key usage
... is it necessary to test every permutation?
... testing independently rather than matrix might be sufficent

ryan_hurst: I think it's important that we have the negative tests
... from implementation experience, most often, success modes interoperate, but failure modes and flexible modes don't
... so I'd hate to lose the testing of failures

markw: are you talking about problems that might come from specific combos, more likely in failures?

jimsch: yes

markw: maybe the failures run more quickly?

charles: but there are many more of the failure tests

markw: how long does it take to run full generatekey?

charles: maybe 5min for each of success and failure
... failure one isn't completing in FF on linux. Too many promises queued

ryan_hurst: is it really a problem if the test takes 5min?

markw: agree, err on the side of completeness

jimsch: I'd like to refactor tests so they're more algorithm-centric
... e.g., to enable people to run all the tests that match a pattern

<engelke_> I agree.

jimsch: help people for using the tests in development

virginie: ok, who's going to do that?

jimsch: ryan, charles, and I can work on that

ryan_hurst: looking forward to working with Jim and Charles

virginie: good coverage, tests anyone can use and improve, is a good target. Thanks to the three of you.

hhalpin: tests serve a dual purpose: get us out of CR to Proposed Rec
... for that, prioritize coverage
... then, we can get into PR, refactor tests and integrate in WebPlatform Test suite
... can invite PLH to talk further
... re timing issues

virginie: anything else on testing?

<hhalpin> notice that we can keep refactoring the tests even after we've left PR, as long as the first version has the right coverage

status on implementations

virginie: Implementations and incompatibilities between implementations
... Ryan mentioned ASN.1

<engelke_> pbkdf2 keyGeneration?

Ryan: thread we just had on PBKDF2, removing derivation?

jimsch: yes, I think we heard consensus to remove that

virginie: any comment on removing PBKDF2?

PROPOSED: Remove PBKDF2

virginie: removing a feature with no impact

ryan: yes, no UAs implement

<engelke_> Still keeping other operations for it.

PROPOSED: Remove PBKDF2 derivation

<engelke_> +1

<jimsch> +1

<virginie> +1

<engelke_> Section 32.4 - remove Key Generation option

<ttaubert> +1

<jimsch> Proposed: Remove the generate key functionality from PBKDF2, but allow for Import Key

ttaubert: I support removing generateKey for PBKDF2

RESOLUTION: Remove the generate key functionality from PBKDF2, but allow for Import Key

Ryan: whether it makes sense to specify a profile of ASN.1 that implementations would support
... beneficial to be explicit, rather than leaving it unspecified up to underlying libraries
... Jim and I should sit down to come up with proposal to socialize on-list, review with implementers
... non-ambiguous with regard to data structure expectations

virginie: happy to see more clarity in the spec to promote interop
... can you socialize on the list for our next call in 2weeks?

ryan: that's probably too aggressive; it's non-trivial
... lean on Jim's experience here.

virginie: Let's review in one month, discuss on-list in meantime
... anything else on which you'd like decision or path?

jimsch: I raised an issue on HKDF
... changing set of parameters passed in. Would people review for decision?

ryan: could you re-send that to the list?

<jimsch> subject: Renaming of HKDF-CTR to HKDF converstaion starts on 3/7/16

virginie: bug review
... let's have a formal bug review on the next call in 2 weeks

markw: I have a backlog of editing; bugs to move from bugzilla. I'll start on the simpler ones there

virginie: Thanks!

-> https://lists.w3.org/Archives/Public/public-webcrypto/2016Mar/0027.html Renaming of HKDF-CTR to HKDF (start of jimsch's thread)

milestones

virginie: I sent milestones that were too aggressive
... we need to make effort so we're not continually asking for extensions
... keep up the intensive work
... of course good work is better than rushed work
... so keep the calls every 2 weeks for the WG
... and testers are meeting informally
... still need to resolve implementation divergence
... in a month, if possible
... thanks to those who are participating. Do we need to do anything to bring others in?

ryan: 1.5 months isn't realistic for PR transition
... it's not a question of people so much as of time
... we have engagement from all the UAs we need to take it to last call
... need to go through the tasks one by one

wseltzer: good to have evidence of real work on the testing and progress on the interop questions
... if we need another extension

jimsch: I'm less worried about the testing than about getting decisions where there are interop problems
... we need to get decisions made and into the draft

virginie: in terms of decisions, we have the right people on the call
... if we can't make decision, we might have to remove features
... in terms of editing, it's all on MarkW's shoulders
... he might like some additional help

ryan: Mark, if you have a queue and need help, let me know

markw: working to get it all into github

hhalpin: We have great momemtum; let's keep the progress up.

virginie: thanks, good to see progress

AOB

ryan: just released XML-DSIG implementation on top of WebCrypto

Charles: in production use with WebCrypto, signing and verifying documents

virginie: please share information on usage of WebCrypto
... Also wanted to note last week's workshop, Hardware Based Secure Services CG meeting
... we talked about extending WebCrypto, giving option for keys backed by secure element or TEE
... in discussion

ryan: you may be interested in polyfill I released for WebCrypto PKCS11 in node
... personal projects on the side

virginie: Our next call for WG will be in two weeks

hhalpin: do testers want intermediate calls?

Charles: maybe Ryan, Jim, and I could coordinate among ourselves rather than standing call

jimsch: we probably want to talk before Monday

hhalpin: the call is available if you need it Monday

virginie: Next official call, May 16, same call-in
... thanks for the dynamic work. Great progress.

Summary of Action Items

Summary of Resolutions

  1. Remove the generate key functionality from PBKDF2, but allow for Import Key
[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.144 (CVS log)
$Date: 2016/05/02 20:48:55 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.144  of Date: 2015/11/17 08:39:34  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/jimsch/ryan_hurst/
Succeeded: s/jimsch/ryan_hurst/
Succeeded: s/@@/ryan/
Found ScribeNick: wseltzer
Inferring Scribes: wseltzer
Default Present: virginie, wseltzer, jimsch, engelke, ttaubert, markw, ryan_hurst, hhalpin
Present: virginie wseltzer jimsch engelke ttaubert markw ryan_hurst hhalpin

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 02 May 2016
Guessing minutes URL: http://www.w3.org/2016/05/02-crypto-minutes.html
People with action items:
[End of scribe.perl diagnostic output]