19:56:15 <RRSAgent> RRSAgent has joined #crypto
19:56:15 <RRSAgent> logging to http://www.w3.org/2016/08/01-crypto-irc
19:57:14 <virginie> Meeting: WebCrypto
19:58:10 <virginie> Chair: virginie
19:58:27 <virginie> agenda ?
19:58:33 <virginie> agenda?
19:58:48 <virginie> agenda+ welcome
19:59:49 <engelke> engelke has joined #crypto
20:00:36 <ttaubert> ttaubert has joined #crypto
20:00:41 <markw> markw has joined #crypto
20:01:17 <markw> Could someone post the call details
20:01:29 <virginie> +1-617-324-0000 Access Code: 643 244 026
20:02:06 <virginie> agenda : https://lists.w3.org/Archives/Public/public-webcrypto/2016Jul/0028.html
20:04:32 <hhalpin_> hhalpin_ has joined #crypto
20:04:40 <hhalpin_> hhalpin_ has changed the topic to: August 1st meeting
20:04:50 <hhalpin_> trackbot, start meeting
20:04:52 <trackbot> RRSAgent, make logs public
20:04:52 <Zakim> Zakim has joined #crypto
20:04:54 <trackbot> Zakim, this will be CRYPT
20:04:54 <Zakim> ok, trackbot
20:04:55 <trackbot> Meeting: Web Cryptography Working Group Teleconference
20:04:55 <trackbot> Date: 01 August 2016
20:05:18 <virginie> agenda?
20:05:24 <virginie> agenda+ introduction
20:05:29 <virginie> agenda+ test status
20:05:52 <virginie> agenda+ web crypto API major issues (secure context and format)
20:06:07 <virginie> agenda+ web crypto API issues for review
20:06:17 <virginie> agenda+ timeline
20:06:44 <virginie> present  : harry, charles, tim, mark, virginie
20:06:57 <virginie> agenda?
20:07:19 <hhalpin_> scribe: hhalpin
20:07:23 <hhalpin_> chair: virginie
20:07:38 <hhalpin_> topic: Introduction
20:07:53 <hhalpin_> virginie: major issues are the two open CfCs
20:08:10 <hhalpin_> agenda+ CR->PR review
20:08:20 <hhalpin_> topic: test status
20:08:24 <wseltzer> present+
20:08:31 <hhalpin_> engelke: Nothing new
20:08:36 <hhalpin_> ... that what I've added before
20:08:41 <hhalpin_> q+
20:08:52 <wseltzer> zakim, this is
20:08:52 <Zakim> I don't understand 'this is', wseltzer
20:09:05 <wseltzer> zakim, this is +1-617-324-0000 643 244 026
20:09:05 <Zakim> got it, wseltzer
20:09:13 <hhalpin_> wrapkey and exportkey should be with ourselves
20:09:28 <hhalpin_> good if those tests were done by end of August
20:09:38 <hhalpin_> is that realistic?
20:09:51 <tantek> tantek has joined #crypto
20:09:53 <hhalpin_> engelke: Not really not sure if I can take those on
20:10:02 <hhalpin_> ... I'd be starting from scratch
20:10:09 <hhalpin_> q+
20:10:19 <hhalpin_> ack q+
20:10:23 <hhalpin_> ack hhalpin_
20:10:35 <hhalpin_> wseltzer: He's just busy and then traveling again
20:11:03 <hhalpin_> hhalpin: We'll see if we can get some more resources on this
20:11:11 <virginie> q+
20:11:22 <hhalpin_> ... also we're waiting for jimsch to review some of my tests, but someone else can do the review that would be great
20:12:35 <hhalpin_> virginie: I'll work on getting more contact from Jim and anyone else interested in testing
20:13:20 <hhalpin_> topic: major issues
20:13:43 <hhalpin_> virginie: Secure Contexts, only question is the localhost
20:14:02 <hhalpin_> markw: I should be fine should simply be to add that tag to the IDL, so straightforward
20:15:37 <hhalpin_> hhalpin: It's OK, there was no disagreement so we should go forward and let the Editor make the changes
20:16:12 <hhalpin_> virginie: There seemed to be some difference over key formats
20:16:20 <virginie> q-
20:16:53 <hhalpin_> engelke: I'd prefer it be left normative, but the responses from Ryan that the same problem go to JWK
20:17:00 <hhalpin_> ... we shouldn't make any changes
20:17:06 <wseltzer> q+
20:17:14 <hhalpin_> virginie: We will not have two interoperable implemenations?
20:18:11 <hhalpin_> engelke: I think we have these issues
20:18:19 <hhalpin_> ... but my test suites use pkcs8 and spki
20:18:20 <wseltzer> q-
20:18:23 <hhalpin_> ... without bugs
20:18:26 <virginie> see ryan answer on JWK https://lists.w3.org/Archives/Public/public-webcrypto/2016Aug/0007.html
20:18:46 <hhalpin_> wselzter: For normative, we need two interoperable implementations
20:19:06 <hhalpin_> ... the tests I have work on both browsers
20:19:14 <hhalpin_> markw: I tend to agree with this approach
20:19:46 <hhalpin_> ... if ryan has tests that show that various corner cases don't work across browsers, then we can change our opinion, or we can say those particular aspects that fail should not be relied on
20:20:04 <wseltzer> s/this approach/this approach, that if tests pass, leave it normative/
20:20:05 <hhalpin_> ... it's reasonable for us to say 'there are some corner cases'
20:20:12 <hhalpin_> ... and 'we can't solve those with this spec.'
20:20:13 <hhalpin_> q+
20:21:06 <wseltzer> hhalpin_: we're leaving them normative where they interoperate; add a warning that there may be some corner cases
20:21:23 <virginie> harry suggests that we add an informative text on corner cases, reminding that what is in the test is interoperable
20:21:35 <wseltzer> ... proposal: keep all usages of keys as normative where interop has been shown by test suite
20:22:09 <hhalpin_> PROPOSAL: We keep all usages of keys as normative where interop has been shown in the test-suite but warn specifically in the Rec on any parts of the Rec where this isn't interop and put a general informative warning that this Rec does not throughly define interop between all key formats in the spec.
20:22:12 <wseltzer> ... but warn in rec about possible edge cases; general informative warning that the rec does not define interop between all key formats
20:23:13 <hhalpin_> engelke: I believe the problem is when prime orders are reversed, and there may a lot of cases to check
20:23:15 <ale> ale has joined #crypto
20:23:32 <hhalpin_> ... its possible that some of the stuff that Jim is checking on is why it's difficult to test key import/export thoroughly
20:24:28 <wseltzer> hhalpin_: generate works; the problem is import and export
20:24:57 <wseltzer> engelke: I've written some import and export in my tests, and it interoperates
20:25:07 <wseltzer> ... though that wasn't the primary focus of my tests
20:25:22 <hhalpin_> we hvaen't tested the entire space of possible keys
20:25:26 <hhalpin_> (obviously!)
20:27:19 <hhalpin_> virginie: it's ok to add informative note?
20:27:45 <hhalpin_> PROPOSAL: Add informative text to spec around key testing and then note that everything is normative that is tested by the test-suite.
20:28:46 <hhalpin_> engelke: I can live with it
20:28:49 <virginie> +1
20:29:00 <markw> +1
20:29:03 <hhalpin_> hhalpin: It does seem fine for most developers, but some warning that we aren't requiring underlying library interop seems sensible
20:29:03 <hhalpin_> +1
20:30:04 <hhalpin_> topic: Reviews
20:30:10 <hhalpin_> virginie: Any reviews?
20:30:20 <virginie> https://github.com/w3c/webcrypto/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aopen%20label%3A%22needs%20review%22%20-label%3A%22needs%20input%22
20:30:20 <hhalpin_> markw: I haven't checked too deeply, I've been working on EME test-cases
20:30:25 <hhalpin_> ... against deadline of tomorrow
20:31:21 <hhalpin_> its only 6 issues
20:31:51 <hhalpin_> topic: CR->PR
20:31:59 <hhalpin_> 1) test-suite for all normative features
20:32:08 <hhalpin_> 2) the fact that all formal objections been dealt with
20:32:20 <hhalpin_> 3) All open issues from CR entrance are closed
20:32:50 <wseltzer> hhalpin_: working on a revision to the CFRG crypto considerations doc
20:32:51 <hhalpin_> IETF doc expired, were going to review with Karthik (he gave it a good review it all)
20:33:02 <hhalpin_> add a note to that in the spec, and then I think that's the main formal objection
20:33:10 <virginie> https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00
20:33:13 <hhalpin_> request to CR, requires Virginie meeting with the Director
20:33:14 <hhalpin_> and discussing
20:33:51 <hhalpin_> have another meetin August 15th and close all issues and hit repub on the CFRG doc
20:34:04 <wseltzer> hhalpin_: charter expires end of September
20:34:04 <hhalpin_> August 30th
20:34:44 <wseltzer> hhalpin_: if we go to PR by end of Septmber, then we'd need an extension to get the PR->REC
20:35:05 <wseltzer> virginie: we have 13 open issues
20:35:18 <virginie> s/13/30
20:35:31 <wseltzer> hhalpin_: Eric Roman has been opening issues
20:35:44 <wseltzer> ... should we review them now?
20:36:18 <wseltzer> markw: I haven't reviewed the most recently raised issues
20:36:26 <wseltzer> hhalpin_: aim to close them out by August 15
20:36:39 <wseltzer> ... or Aug 30
20:36:52 <wseltzer> markw: this week is encrypted media, next week vacation
20:37:06 <hhalpin_> August 22nd?
20:37:27 <wseltzer> virginie: meet August 22 to review issues
20:37:32 <hhalpin_> virginie: issue review on August 22nd
20:38:04 <hhalpin_> viginie: Hopefully on August 29th we can then review going to Director
20:38:11 <hhalpin_> RESOLUTION: Meeting on August 22nd
20:38:16 <hhalpin_> and the other on August 29th
20:38:36 <hhalpin_> virginie: AOB?
20:39:24 <hhalpin_> ... it does seem the browser vendors are following, but let's try to get them to review the last remaining opening issues
20:39:32 <hhalpin_> ... thanks for attending call
20:39:43 <hhalpin_> trackbot, end meeting
20:39:43 <trackbot> Zakim, list attendees
20:39:43 <Zakim> As of this point the attendees have been wseltzer
20:39:51 <trackbot> RRSAgent, please draft minutes
20:39:51 <RRSAgent> I have made the request to generate http://www.w3.org/2016/08/01-crypto-minutes.html trackbot
20:39:52 <trackbot> RRSAgent, bye
20:39:52 <RRSAgent> I see no action items