16:48:22 <RRSAgent> RRSAgent has joined #webauthn
16:48:22 <RRSAgent> logging to http://www.w3.org/2017/08/30-webauthn-irc
16:48:24 <trackbot> RRSAgent, make logs public
16:48:24 <Zakim> Zakim has joined #webauthn
16:48:26 <trackbot> Meeting: Web Authentication Working Group Teleconference
16:48:26 <trackbot> Date: 30 August 2017
16:48:34 <weiler> agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Aug/0250.html
16:48:41 <weiler> weiler has changed the topic to: agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Aug/0250.html
16:56:01 <jfontana> jfontana has joined #webauthn
16:56:08 <jfontana> test
17:02:03 <jeffh> jeffh has joined #webauthn
17:02:07 <Rolf> Rolf has joined #webauthn
17:02:26 <Rolf> present+
17:02:56 <jeffh> present+ jeffh
17:04:19 <WD07> WD07 has joined #webauthn
17:05:18 <gmandyam> gmandyam has joined #webauthn
17:05:20 <weiler> zakim, pick a victim
17:05:20 <Zakim> Not knowing who is chairing or who scribed recently, I propose Rolf
17:05:32 <gmandyam> present+
17:05:57 <jcj_moz> present+
17:06:04 <weiler> present+
17:06:08 <WD07> present+
17:06:34 <jeffh> scribenick jeffh
17:07:35 <jeffh> tony: pls reg for tpac. webauthn is thur, webappsec is mon  &  tue
17:08:03 <weiler> present+ AkshayKumar, battre, Ibrahim
17:08:32 <jeffh> https://www.w3.org/2017/11/TPAC/#registration
17:08:37 <weiler> present+ jfontana, angelo
17:08:52 <jeffh> tony: WD07 Open PR #498 ?
17:10:30 <kpaulh> kpaulh has joined #webauthn
17:10:33 <kpaulh> present+
17:10:41 <Rolf> wait for @domenic to review
17:10:51 <kpaulh> I'm here with Christiaan
17:10:54 <jfontana> Tony : 539 which is Rolf's
17:11:02 <weiler> present+ Christiaan
17:11:04 <jeffh> topic: https://github.com/w3c/webauthn/pull/539
17:11:50 <jeffh> rolf: describes how sig counter ought to be handled by RP
17:12:50 <jeffh> ... suggests further polishing that could be done
17:13:26 <jfontana> rolf: not ready to be merged, needs one more round. I will clean up
17:13:43 <jeffh> ... this is not ready to be merged, needs another round of editing and reviewing.  read lines 2521 & before. changes after that are not stable as yet
17:15:02 <jeffh> s/read/review/
17:16:35 <Rolf> decision to be made: where to handle U2F compatibility (1) in WebAuthn spec or (2) in CTAP spec.  At this time my changes reflect (1).  But (2) will likely be better.
17:16:42 <jeffh> topic: https://github.com/w3c/webauthn/milestone/13
17:17:18 <jeffh> jeffh: all the issues I'm assigned to are "on the stack" - several will be closed by pr #498, then need to just do the others
17:17:38 <jcj_moz> jcj_moz: 507 probably covered by PR 539
17:17:45 <jcj_moz> jcj_moz: I need to still review it
17:17:58 <Rolf> PR 539 is intended to cover 507.
17:18:03 <jeffh> s/507/issue #507/
17:18:20 <jeffh> tony: issue #292
17:18:30 <Rolf> PR 539 is intended to cover 125 as well
17:18:35 <jeffh> jeffh: that's part of the "cancel" hairball...
17:18:43 <jeffh> angelo: yes, am working on that...
17:20:05 <jeffh> topic: the "cancel" hairball -- issues #292, #380, #537, another?
17:21:16 <jeffh> angelo: yes, there's a way to do this in whatwg specs but there's a couple aspects of this am trying to figure out....
17:21:55 <jfontana> Tony: ....we have #316
17:22:04 <jfontana> jeffH part of the cancel hairball
17:22:09 <jeffh> s/another ?/ #316, another?/
17:23:12 <jfontana> tony: #453....suppose to go ahead and close this one; on Rolf's suggestion
17:23:36 <jeffh> rolf entered a comment on it yesterday: https://github.com/w3c/webauthn/issues/453#issuecomment-325582425
17:24:29 <jeffh> jyasskin: ok, so discussion in PR #539 supersedes the discussion in this issue. all decisions are getting made in #539.
17:26:44 <jeffh> s/changes/notes/
17:27:16 <jeffh> topic: https://github.com/w3c/webauthn/issues/538
17:27:41 <jeffh> angelo: yes, we did discuss this but it doesnt seem to be in notes anywhere.
17:27:56 <jeffh> ... suggests we can close this.
17:29:03 <jeffh> jyasskin: there is probably a subtle difference in the order things get checked, some chance for error msg refering to incorrect dict member, so it would be a little cleaner to mark as 'required' in IDL dictionary, but it is not big deal.
17:30:22 <jeffh> gmandyam: wonders about usefulness of the RP displayname....
17:31:09 <gmandyam> displayName cannot be definitively matched to ID by the user agent, so what is the point of it?
17:31:13 <jeffh> angelo: believes we have adequately discussed this, will add comment to issue, and will close this
17:32:04 <jeffh> gmandyam: for RP to provide friendly name in addition to RP ID (hostname) on display controlled by authenticator, if any
17:33:14 <jeffh> topic: https://github.com/w3c/webauthn/pull/539
17:34:13 <jeffh> jyasskin: AGL is arguing that the sig counter is a priv leak.  some authnrs will not support it cuz it reqs root.  suggests the sig counter could just be a random field as long as RPs know to ignore it.
17:35:07 <jeffh> ... rolf suggests that if we want authnr-supplied nonce, should have sep field rather than repurpose this counter field. if want RP to ignore this field, simply make all zero.
17:36:27 <jeffh> rolf: have lots of authnrs already fielded that support sig counter.  sig counter is effective clone detection for RPs.. there is a way to protect against the priv leak by maintaining sig cntr per RP.
17:36:47 <jeffh> ... good reasons to create nonce on every createCred
17:37:21 <jeffh> ...if attacker can control the to-be-signed data, can then aid a diff pwr analysis attack -- there's a paper about this
17:37:56 <jeffh> ... if authnr adds random # to tbs data, it fouls up the diff pwr analysis.
17:38:22 <jeffh> ... for registration, it is the attestation key at risk, for getAssn, its the user public key at risk
17:39:17 <jeffh> gmandyam: argues that there is some way for RP to figure out if the sig cntr is being used as counter or a nonce
17:43:17 <jeffh> rolf: argues that there is not a backwards compatibility issue because fielded authnrs are largely un-patchable, and we "are free" to add an authnr nonce field to webauthn/CTAP2 authnrs
17:44:29 <jeffh> ... we can add the nonce to the end of the authenticatorData.
17:45:13 <jeffh> jyasskin: need to verify that adding the nonce actually fixes the sec problem, the issue being whether it is added to the beginning or end of authnrData
17:46:05 <jeffh> rolf: notes that we cant add it to the very begining because it would break the bkwards compat with U2F
17:47:14 <jeffh> jyasskin: subtopic per AGL: sign counter issue
17:47:22 <jeffh> rolf: <missed it>
17:47:44 <jeffh> jyasskin: thinks AGL not convinced by Rolf's argument
17:48:27 <jeffh> gmandyam:  <questions aspects of usefulness of sign cntr>
17:48:54 <jeffh> rolf:  <explains how cloned-detection alg works based on the sign cntr>
17:50:51 <jeffh> gmandyam: <again questions value of sign cntr and the alg for detecting cloning>
17:51:59 <jeffh> cbrand: is the sign cntr worth the potential priv leak?
17:52:12 <jeffh> ... at this point, yes, goog will continue to use the sign cntr
17:52:36 <jeffh> ...ie if the authnr supports it, we will factor it in
17:52:49 <angelo> angelo has joined #webauthn
17:54:45 <jeffh> topic: https://github.com/w3c/webauthn/milestone/3
17:55:04 <jeffh> issue https://github.com/w3c/webauthn/issues/199
17:55:26 <gmandyam> Sign. counter that increments across RP
17:55:35 <gmandyam> Sign. counter that increments across RP
17:55:36 <jeffh> tony: that is for Level 2 for now -- if folks disagree they can push back
17:56:44 <gmandyam> Sign. counter that increments across RP's can be used to mask a cloned authenticator from a given RP.  RP A could detect sign. counter increment that occurred due to RP B assertion, even though sig counter did not increment for RP A's assertion
17:57:11 <jeffh> topic: https://github.com/w3c/webauthn/issues/204
17:57:17 <gmandyam> Sign. counter is only one indication of authenticator cloning, and a weak one at best
17:58:02 <jeffh> angelo and jcj_moz yes, this is a concern and we need to discuss
18:01:11 <jeffh> topic: https://github.com/w3c/webauthn/issues/210
18:01:26 <jeffh> internationalization checklist and self-review thereof
18:03:35 <jeffh> jyasskin: thinks the issues here are for user-visible text items. the implication that we might need to add fields for text direction et al, but such additions would be (largely) bkwards compatible, except for things that are sent to the authnr.... this needs someone to sit down and analyze the spec
18:04:01 <weiler> New charter is out for AC review.  Please have AC reps approve it.
18:04:08 <weiler> rrsagent, make logs public
18:04:13 <weiler> rrsagent, draft minutes
18:04:13 <RRSAgent> I have made the request to generate http://www.w3.org/2017/08/30-webauthn-minutes.html weiler
18:04:31 <weiler> rrsagent, make logs public
18:04:47 <weiler> present+ nadalin
18:04:52 <weiler> chair: nadalin, jfontana
18:04:54 <weiler> rrsagent, make logs public
18:04:57 <weiler> rrsagent, draft minutes
18:04:57 <RRSAgent> I have made the request to generate http://www.w3.org/2017/08/30-webauthn-minutes.html weiler
18:13:07 <weiler> trackbot, end meeting
18:13:07 <trackbot> Zakim, list attendees
18:13:07 <Zakim> As of this point the attendees have been Rolf, jeffh, gmandyam, jcj_moz, weiler, WD, AkshayKumar, battre, Ibrahim, jfontana, angelo, kpaulh, Christiaan, nadalin
18:13:15 <trackbot> RRSAgent, please draft minutes
18:13:15 <RRSAgent> I have made the request to generate http://www.w3.org/2017/08/30-webauthn-minutes.html trackbot
18:13:16 <trackbot> RRSAgent, bye
18:13:16 <RRSAgent> I see no action items