12:03:23 RRSAgent has joined #wot-sec 12:03:23 logging to https://www.w3.org/2021/05/17-wot-sec-irc 12:03:53 meeting: WoT Security 12:04:18 Chair: McCool 12:04:39 present+ Kaz_Ashimura, Michael_McCool, Oliver_Pfaff, Philipp_Blum 12:06:39 Scribe: Oliver 12:07:30 Mizushima has joined #wot-sec 12:08:14 zkis2 has joined #wot-sec 12:08:25 Review meeting minutes 2021-05-10: wording change needed for TD Issue 940 12:09:25 for example, LDS might choose to use full URLs for JSON-LD canonical form, which would be problematic for us 12:13:07 Review meeting minutes 2021-05-10: wording change needed in Signature section (attribute comment about Lagally action to OAuth) 12:13:43 change "Michael Lagally will look into those points" to "Regarding moving the detailed OAuth2 description and recommendations to the security best practices document, I will follow up with Michael Lagally" 12:15:39 Review meeting minutes 2021-05-10: change for Signature section was reconsidered: remove the line about the above mentioned action 12:15:40 (will be removed in the end since it's rather confusing) 12:15:49 s/(will be removed in the end since it's rather confusing)// 12:16:49 Review meeting minutes 2021-05-10: one more wording change needed for TD Issue 940 12:17:23 Review meeting minutes 2021-05-10: minutes approved with the mentioned changes 12:18:41 https://github.com/w3c/wot-thing-description/issues/940: review of this issue 12:19:09 i/940/topic: Issue 940/ 12:19:18 i/https/-> https/ 12:20:37 s/: review of this issue/ wot-thing-description issue 940 - Add optional proof section to TDs/ 12:20:50 i/topic: Issue 940/topic: TD Issue 940/ 12:24:21 -> https://github.com/w3c/strategy/issues/262#issuecomment-834479963 McCool's comment to the strategy issue 262 12:24:58 https://github.com/w3c/wot-thing-description/issues/940: W3C LDS WG adoption was considered and likely to happen 12:25:28 i|940|-> https://github.com/w3c/lds-wg-charter/issues/78 McCool's issue on lds-wg-charter - W3C Web of Things (WoT) WG supports the W3C LDS WG| 12:26:06 https://github.com/w3c/wot-thing-description/issues/940: timeline is an issue. W3C LDS WG probably needs 2 years; TD signatures can probably not wait 2 years 12:31:02 https://github.com/w3c/wot-security/issues/166: discussion about ciphers. current proposal: SHA256 and ECDSA 12:32:01 present+ Tomoaki_Mizushima 12:33:57 https://github.com/w3c/wot-security/issues/166: "ECDSA" was meant in sense of the NIST curves (secp) 12:38:40 https://github.com/w3c/wot-security/issues/166: NIST curves enjoy broad support (SW/FW/HW) but are subject of some concerns. Not all communities are equally happy with the NIST curves 12:41:12 An alternative is Curve25519 aka x25519. See https://ianix.com/pub/curve25519-deployment.html for "Things that use Curve25519" 12:47:07 https://github.com/w3c/wot-security/issues/166: likely starting points for elliptic curves for digital signatures: NIST P-256 and x25519 12:50:41 https://github.com/w3c/wot-security/issues/168: Use case questionaire status review 12:52:26 zkis2 has joined #wot-sec 12:52:32 https://github.com/w3c/wot-security/issues/166: review and comments by all particpants is invited 12:54:45 https://github.com/w3c/wot-security-best-practices/pulls 12:55:32 WoT security best practices: discussed a PR "Move OAuth2 flows from Use Cases to Best Practices" 12:59:17 A merger shall be made to cover this PR 13:01:16 https://github.com/w3c/wot-security-best-practices/issues/11 13:01:27 Meeting closed 13:01:43 rrsagent, make log public 13:01:47 rrsagent, draft minutes 13:01:47 I have made the request to generate https://www.w3.org/2021/05/17-wot-sec-minutes.html kaz 14:18:33 kaz has joined #wot-sec 14:55:59 zkis3 has joined #wot-sec 14:59:38 Zakim has left #wot-sec 15:00:06 zkis3 has joined #wot-sec 15:28:40 zkis2 has joined #wot-sec