<wseltzer> https://www.w3.org/2019/09/TPAC/
<wseltzer> https://www.w3.org/2019/09/TPAC/schedule.html
<wseltzer> nadalin: WebAuthn meets Friday of TPAC
<wseltzer> (Sept. 20, 2019, in Fukuoka, Japan)
https://github.com/w3c/webauthn/pull/909
tony: still have not completed , need to work on the CTAP 2 side
https://github.com/w3c/webauthn/pull/966
tony: akshay is not on the call. will report next week
https://github.com/w3c/webauthn/pull/1219
agl: there are lots of comments.
tony: akshay will get back to pull requests.
jeffH: plus issue on the TAG
agl: we don't see any strong
opinions
... just sad.
https://github.com/w3c/webauthn/pull/1222
elundberg: this is ready to go
jeffH: agree
elundberg: I will merge
https://github.com/w3c/webauthn/pull/1223
elundberg: need to point this to
master
... merge 1223 as well
https://github.com/w3c/webauthn/pull/1230
tony: ready to go
elundberg: one more comment from
JeffH
... I have not linked the extensions
jeffH: not a big deal
agl: on chromium list some said we can't create or choose ... you can't exclude U2F credentials
elundberg: means you could have an existing u2f cred and at registration and could end up creating a credential even if you did not want.
agl: this is motivation to me to fix this
jcj_moz: not sure confusion is
bad enough to add U2f credential
... I think we might need separate discussion for that
... this can be confusing, but not problematic
... think this can be covered by UX
agl: you are making sense. saying this is just a transition is the least amount of work
elundberg: would changing affect
authenticators.
... I don't think so. It would only be issue for duo-protocol
authenticators.
agl: aren't all ctap authenticators duo
elunberg: it might not be worth the problem.
dwaite: users will have to figure
out which keys and UI.
... other thing would be to have built in support.
... thinking more of a migration detail
... would correlation be an issue?
agl: wwe want to move the U2f interface eventually, but not in the next 5 years
jeffH: is there an issue to submit here.
agl: I could fire one so it is on
the list somewhere.
... we could address in web authn and add an extension if we
wanted to
elunberg: on #1230 I will make
changes
... and should I merge
jeffH: i agree
... agl will submit an issue.
https://github.com/w3c/webauthn/pull/1232
rtony: this is the pass through
assertion formats.
... there is lot of negative toward this.
rolf: I don't have update yet. need one more week
Moving to issues
https://github.com/w3c/webauthn/issues/334
tony: akshay is out
jeffH: we probably need to refine
some of this.
... understanding of this has been evolving.
https://github.com/w3c/webauthn/issues/863
tony: was kim going to update
jeffH: or I will
elundberg: some looking to close this
tony: Kim was going to create the
PR.
... akshay this is not needed.
jbradley: does not think this is needed.
jeffh: maybe this is guidance for UI
tony: this is something you and Kim should work on
jeffH: yes.
https://github.com/w3c/webauthn/issues/465
jeffH: punt. back to discussion with Rolf
https://github.com/w3c/webauthn/issues/872
jeffh: I am working on this right
now.
... I am half done already.
https://github.com/w3c/webauthn/issues/1039
elundberg: I'll take a stab at
this
... I don't think it needs to make WD 02
tony: when closer to WD-02 we could punt this one.
jcj_moz: this is nice to have,
but it is huge
... can we work collaborative on this.
... we can talk offline.
jeffH: put that comment in the issue
https://github.com/w3c/webauthn/issues/1004
jeffH: jc was going to take a look at that.
elundberg: on this topic. the
spec is under assumption that browsers do some generic
translation, but no browsers are doing that
... so should we update spec?
agl: I don't want that world
selfissue: it is not that black
and white
... it references transformation and we should not ignore
that
... many of the extensions use this.
eludnberg: ok
selfissue: i will try to put a comment in it. ,
jcj_moz: I had meant to look at it.
https://github.com/w3c/webauthn/issues/1099
jeffH: just editorial to clean up
tony: can we skip over this next time.
jcj_moz: this has come up
before
... maybe need a cross reference to people's compliants.
jeffH: not sure what you said applies to #1099
jcj_moz: i'll make not for future reference.
jeffH: excellent
https://github.com/w3c/webauthn/issues/1100
jeffH: editorial cleanup
https://github.com/w3c/webauthn/issues/1101
jeffH: editorial cleanup
https://github.com/w3c/webauthn/issues/1105
jeffh: we should do this. doesn't have to be lots of work
jcj_moz: yes. I can't do PR in near term.
jeffH: assign to me.
https://github.com/w3c/webauthn/issues/1133
jeffH: these are ones that I intend to do - those that are not marked on-going
https://github.com/w3c/webauthn/issues/1147
agl: same as ever
tony: still waiting for some stuff from FIDO land
https://github.com/w3c/webauthn/issues/1149
agl: I will close this one. I don't know who has been agitating on this
shane: it was Christiaan
agl: maybe we should wait.
tony: close?
... wait another week.
https://github.com/w3c/webauthn/issues/1162
elundberg: I intend to do this one
https://github.com/w3c/webauthn/issues/1174
agl: I asked martin to fill in what we do here
tony: i will ask akshay.
https://github.com/w3c/webauthn/issues/1188
jeffH: on my list
https://github.com/w3c/webauthn/issues/1196
jeffH: assigned to Rolf
tony: is this still needed
rolf: you can argue it is needed
more than ever.
... giving reasons why certain algorithms are there or not.
tony: is that appropriate?
rolf: we should support algorithms.
tony: let them do their own
rolf: that's what I would say.
tony: what to do?
rolf: there is not a lot of meat here. do we give a public statement?
tony: we don't want to go into detail why each algorithm is used.
rolf: not our decision in the end.
tony: do we just close
rolf: yes.
... our basic attestation is not the best decision from a
security perspective.
... this issue is about telling people how to look at
algorithms
tony: i think they are looking
for cryptographic guidance here
... so close or open
rolf: I vote for close no action.
jcj_moz: i could see a separate doc.
tony: not in the spec
jcj_moz: in spec the move would
be to pull algorithms.
... i support closing if we could start planning an "explainer"
for implementors
... and also best practices around the algorithms.
selfissue: make that comment and close it.
jcj_moz: OK
https://github.com/w3c/webauthn/issues/1197
https://github.com/w3c/webauthn/issues/1199
jeffH: there is PR open
https://github.com/w3c/webauthn/issues/1200
agl: no plausible action.
tony: so you want to close
agl: i don't think we are going to do anything about it any time soon
alexei: maybe just add a recommendation
agl: lets close it
jeffH: or punt to future
tony: or level 3
https://github.com/w3c/webauthn/issues/1201
tony: jeffH
jeffH: correct'
https://github.com/w3c/webauthn/issues/1202
no comment
https://github.com/w3c/webauthn/issues/1204
tony: jeffH will do
jeffH: I think what we are trying
to convince Giri, we don't need to do this.
... we should not do this.
... he has come back with some arguments.
tony: let him look at this one again.
https://github.com/w3c/webauthn/issues/1206
assigned JeffH
https://github.com/w3c/webauthn/issues/1207
jeffH assigned
https://github.com/w3c/webauthn/issues/1208
jeffH: need to assign someone on this one.
https://github.com/w3c/webauthn/issues/1215
tony: more jeffh
https://github.com/w3c/webauthn/issues/1229
tony: this one should go away soon
https://github.com/w3c/webauthn/issues/1233
jeffH: editorial clean up.
james: I can take that one.
tony: james needs to be on the github list
wseltzer: link w3c account to github account
james: I will dol
https://github.com/w3c/webauthn/issues/1211
tony: do we think this is going to happen
agl: no one has implemented that I am aware.
alexei: so far we have been against such things
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Present: jfontana elundberg davidwaite jcj_moz jbarclay_ nadalin Rolf sbweeden christiaan jeffh agl selfissued No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019Jun/0069.html WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]