Meeting minutes
meeting minutes
https://
McCool makes a summary of things discussed during the last meeting
McCool: any objections to publishing the minutes?
no objections, minutes accepted
Fixing wot security best practices doc
McCool: we have a number of issues that needs fixing - can see in github issues. I have volunteered for some issues, others need more volunteers
<kaz> wot-security-best-practices Issue 14 - TD Signatures and Object Security
McCool will do an initial cleanup for this issue and then Oliver can continue in July
Issue: Update secure transport section https://
McCool is explaining the issue based on comments
McCool: if someone volunteers to help with this would be great or be a reviewer
Philipp can probably help with secure transport issue
McCool: if you can try to do a first draft for this
Philipp agrees to try
PR for TD signatures
McCool: we need to have a proper security review for this one
<McCool> https://
McCool: I did a first draft for this
McCool marking in the comments the parts that have been addressed via PR
McCool: I picked enveloped signature type because it is local to this document that it covers, it is also optional.
McCool: need to understand how to do canonicalization and name references
discussing the signature crypto algorithms
Elena was proposing to include stronger cryptography options and making them defaults
Oliver was saying that there is no interest in the 384 versions, it is either 256-based on 512
at the end having a catalog of options and choices should be the best
McCool: does it make a difference to have hash and signature algorithm separately?
Elena: usually they are used together as a pair of similar security strength algorithms
McCool: please review this PR and raise issues
McCool: next meeting lets discuss F2F planning, please take a look and suggest topic
<kaz> [adjourned]