16:43:38 RRSAgent has joined #webauthn 16:43:38 logging to http://www.w3.org/2017/08/02-webauthn-irc 16:43:40 RRSAgent, make logs public 16:43:40 Zakim has joined #webauthn 16:43:42 Zakim, this will be 16:43:42 I don't understand 'this will be', trackbot 16:43:43 Meeting: Web Authentication Working Group Teleconference 16:43:43 Date: 02 August 2017 16:43:55 present+ weiler 16:44:45 weiler has changed the topic to: agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Aug/0004.html 16:44:49 agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Aug/0004.html 16:47:17 jfontana has joined #webauthn 16:57:40 present+ jfontana 16:57:50 chair: jfontana, nadalin 16:59:29 Rolf has joined #webauthn 17:00:35 present+ jcj_moz 17:01:54 present+ nadalin, christiaan, dirk, kim, selfissued, AkshayKumar 17:02:19 selfissued has joined #webauthn 17:02:29 present+ 17:02:41 present+ Rolf 17:04:49 present+ jeffh 17:05:42 John_Bradley has joined #webauthn 17:06:02 kpaulh has joined #webauthn 17:06:07 +present 17:06:22 present+ angelo 17:06:42 present+ kpaulh 17:06:49 ah, thanks :) 17:07:28 angelo has joined #webauthn 17:08:15 scribenick: angelo 17:08:20 I will scribe until 10:30 17:10:27 We are discussing https://github.com/w3c/webauthn/pull/379 17:11:10 Tony: if Mike does the change and Jeff approves, can we possibly merge the PR? 17:11:15 JeffH: sure 17:11:50 Angelo: since the idea originally came from Google (Kim), it'd be great if someone from Google can look at it 17:11:56 Kim: I can take a look at it 17:12:34 https://github.com/w3c/webauthn/pull/460 17:12:57 There's a slight issue that bit 1 is reserved by Google. 17:13:14 The bit is used by Google to determine if the info comes from wireless protocol or not 17:13:38 jeffh has joined #webauthn 17:13:42 present+ jeffh 17:14:19 Alexei: we at google find values in it. We are fine with documenting the bit but we aren't sure if others are interested 17:14:32 Tony: what are the use cases? 17:15:19 Alexei: a lot of traffic comes from shared IP. In those shared IP environment, we may think of them as less trust worthy 17:15:44 MikeJ: what if statement would the RP write for this? 17:16:34 Alexei: most RPs these days have a risk engine. So it's not exactly one if statement. 17:16:40 How does that relate to the "wireless" aspect as mentioned before? 17:16:51 JeffH: so this is a data point to be used by the risk engine 17:17:15 JeffH: we should really document it 17:19:01 It'd be great if Alexei can add a PR for it 17:20:33 Alexei: what I am concerned is a human dense environment 17:20:59 So essentially: wireless means more risky. If that is used in internet café then it is a bad combination? 17:21:18 Christiaan: android HID is a higher priority 17:21:38 JeffH: has Yubico implemented this bit? 17:22:52 Alexei: google has its own applet so that's how we implemented it 17:23:56 Wireless means wireless, bluetooth, and NFC 17:24:12 Wireless means wifi, bluetooth, and NFC 17:25:02 present- kim 17:25:25 present+ John_Bradley 17:25:27 weiler kim may be on speaker phone with other googlers 17:25:57 doh! 17:26:09 When the authenticator sends the credentials, it would add the bit in there 17:26:40 Christiaan: it'd be up to the vendor to decide how they want to treat bit 1 17:27:55 present- present 17:29:00 alexei-goog has joined #webauthn 17:29:03 present+ 17:30:38 decision: leave the bit as bit 2 for now. JeffH has more comments on it. 17:31:28 MikeJ will address the comments from jeff 17:32:08 No objections from my side. 17:32:37 The word 'user verification' is really long. MikeJ: is it ok if I add a comment that when it is transmitted over the wire, the word is 'UV' 17:33:48 Changing on the wire is better to do now 17:34:31 Do that fix now. It is little work. 17:34:37 My later meeting is pushed to a later date. I can continue scribing for now 17:35:04 Mke: I will add changes to change 3 names 17:35:30 https://github.com/w3c/webauthn/pull/514 17:35:56 514 does what we discussed in March 17:36:36 514 changes from our key data structure from our current ad-hoc structure 17:37:31 514 gives us a standard alg representation 17:38:09 Back in the call in March, we agreed to do this 17:38:42 JeffH: it'd be problematic for U2F backward compat 17:39:13 JC: not really. we already had to convert things to do U2F backward compat 17:39:45 JC: this would solve other underlying issues 17:40:18 JC: how much did the cdd actually change? 17:40:45 JC: how much would the cdd actually change? 17:41:16 JC: i will go through the PR and add comments on them 17:42:32 https://github.com/w3c/webauthn/pull/515 17:43:24 valid domain is a defined term in the whatwg html world 17:43:39 JeffH: I will have to chase down the spec to make sure I am right 17:44:34 jeffh: I would like to review the PR 17:45:03 JeffH: we just wanted to make sure what is merged is good 17:45:35 all pull requests cover all the issues 17:45:49 379 is not quite ready yet 17:45:52 rrsagent, draft minutes 17:45:52 I have made the request to generate http://www.w3.org/2017/08/02-webauthn-minutes.html weiler 17:47:46 After all the pull requests that cover the issues are merged, we can publish the new WD-06 17:48:28 yes, there seems to be group agreement to the above. 17:49:23 Sam wants to have a few minutes to talk about WebEX 17:50:11 If you're joining over call, webex may be more aggressive at kicking you out 17:50:22 The new link and passwords will be changed 17:50:45 The chair needs to make sure to close the call if sam is not there 17:51:24 The agenda mail will no longer include the link to webex 17:52:17 Another trivia is that we are in the process of rechartering until we go to the AC 17:52:49 John is working on the rechartering and has submitted the application 17:53:12 Question: after CR is submitted, new change will require new tests written 17:53:28 Question: after CR is submitted, new change will require new explicit tests written 17:53:47 JC: it sounds like a good idea 17:54:30 Sam: maybe we are close to a time to invite others to read this spec 17:55:01 the privacy interest group is particularly interested 17:56:27 Tony: I will respond to his 11 points. But I don't think there's any action item for us. It's probably because there's some confusion 17:56:59 Maybe next week, we will have a WD06 published 17:58:15 MikeJ: unless someone knows how to change Travis CI, I will make the references to IETF as just text 17:58:40 rrsagent, draft minutes 17:58:40 I have made the request to generate http://www.w3.org/2017/08/02-webauthn-minutes.html weiler 17:58:44 adios :) 17:58:46 zakim, list participants 17:58:46 As of this point the attendees have been weiler, jfontana, jcj_moz, nadalin, christiaan, dirk, kim, selfissued, AkshayKumar, Rolf, jeffh, present, angelo, kpaulh, John_Bradley, 17:58:49 rrsagent, draft minutes 17:58:49 I have made the request to generate http://www.w3.org/2017/08/02-webauthn-minutes.html weiler 17:58:49 ... alexei-goog 17:58:59 rrsagent, make logs public 18:11:08 jfontana has left #webauthn 18:15:31 trackbot, end meeting 18:15:31 Zakim, list attendees 18:15:31 As of this point the attendees have been weiler, jfontana, jcj_moz, nadalin, christiaan, dirk, kim, selfissued, AkshayKumar, Rolf, jeffh, present, angelo, kpaulh, John_Bradley, 18:15:34 ... alexei-goog 18:15:39 RRSAgent, please draft minutes 18:15:39 I have made the request to generate http://www.w3.org/2017/08/02-webauthn-minutes.html trackbot 18:15:40 RRSAgent, bye 18:15:40 I see no action items