WoT Security

19 July 2021


Kaz_Ashimura, Michael_McCool, Oliver_Pfaff, Philipp_Blum, Tomoaki_Mizushima

Meeting minutes

Minutes review

<kaz> Jul-12

McCool: Any objections?
… no objections

Best practices document

McCool: Added a couple of PRs to fix up some things. It is a work in progress.

McCool: I suggest we go through the easy ones first.

PR 17

McCool: Any objections to merge?
… no objections. merged.

PR 18

McCool: I commented out the summary. Any objections to merge?
… no objections. merged.

PR 19

McCool: We agreed on adding an editors note to the section. Oliver wants to work on it.

McCool: Any objections to merge this?
… no objections. Merged.

PR 20

McCool: Isn't ready to merge yet. Some rendering issues.

McCool: Respec looks for MUST, SHOULD etc. Since this isn't a formative document, I have to rewrite it.

McCool: Any objections to merge it when it is fixed?
… no objections.

<McCool> https://github.com/w3c/wot-security-best-practices/pull/21

Philipp: It is pretty straight forward. TLS 1.3 makes it also possible to use Raw Public Keys. So, I added that to the spec with the references to it.

Oliver: TLS 1.3 is still the exception. 1.2 is still mostly used.

McCool: Firefox and Chrome support it. That is good. Some mobile browser don't.

Philipp: tbf, you can use a customized app for it which supports 1.3.

McCool: iPhone might be an issue here though. They force you to use webkit.

McCool: Should we add an editors note here?

Philipp: I think that is a good idea.

mm adds a comment to issue 13

issue 13

Oliver: We have a much more mature ecosystem for netconf/yang WG in the IETF.

McCool: Any objections to merge 21?
… no objections.

<McCool> https://github.com/w3c/wot-security/issues/201

McCool: The scripting people have some issues we should address.

McCool: Maybe we can look into DID to distribute keys.

<kaz> [adjourned]

Minutes manually created (not a transcript), formatted by scribe.perl version 136 (Thu May 27 13:50:24 2021 UTC).