19:55:54 RRSAgent has joined #crypto 19:55:54 logging to http://www.w3.org/2013/01/07-crypto-irc 19:56:23 mountie has joined #crypto 19:56:54 asad has joined #crypto 19:57:45 wseltzer has changed the topic to: Meeting: Monday at 2000 UTC 19:58:07 Zakim has joined #crypto 19:58:53 trackbot, prepare teleconf 19:58:55 RRSAgent, make logs public 19:58:57 Zakim, this will be SEC_WebCryp 19:58:57 ok, trackbot, I see SEC_WebCryp()3:00PM already started 19:58:58 Meeting: Web Cryptography Working Group Teleconference 19:58:58 Date: 07 January 2013 19:59:18 + +1.410.290.aacc 19:59:34 + +1.512.257.aadd 19:59:37 markw has joined #crypto 19:59:50 Zakim, what is the conference code? 19:59:50 the conference code is 27978 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), virginie 19:59:53 rbarnes has joined #crypto 20:00:02 + +1.408.540.aaee 20:00:03 hello world! 20:00:10 zakim, who is on the phone? 20:00:10 On the phone I see +1.720.357.aaaa, +82.22.14.0.aabb, +1.410.290.aacc, +1.512.257.aadd, +1.408.540.aaee 20:00:10 Zakim, aaee is markw 20:00:13 +markw; got it 20:00:24 zakim, aacc is rbarnes 20:00:24 +rbarnes; got it 20:00:28 zakim, aadd is asad 20:00:28 +asad; got it 20:00:30 ddahl has joined #crypto 20:00:40 asad: zakim almost got your name right! 20:00:56 + +1.512.257.aaff 20:01:15 zakim, who is on the phone? 20:01:15 On the phone I see +1.720.357.aaaa, +82.22.14.0.aabb, rbarnes, asad, markw, +1.512.257.aaff 20:01:24 + +1.512.257.aagg 20:01:32 Zakim, aaff is me 20:01:32 +virginie; got it 20:01:34 Zakim, what's the code? 20:01:34 the conference code is 27978 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), hhalpin 20:01:41 zakim, who is on the phone? 20:01:41 On the phone I see +1.720.357.aaaa, +82.22.14.0.aabb, rbarnes, asad, markw, virginie, +1.512.257.aagg 20:01:49 +ddahl 20:01:52 + +1.408.458.aahh 20:02:00 +Wendy 20:02:02 +[IPcaller] 20:02:08 Zakim, IPcaller is hhalpin 20:02:08 +hhalpin; got it 20:02:14 zakim, who is on the phone? 20:02:14 On the phone I see +1.720.357.aaaa, +82.22.14.0.aabb, rbarnes, asad, markw, virginie, +1.512.257.aagg, ddahl, +1.408.458.aahh, Wendy, hhalpin 20:02:20 +??P14 20:02:31 karen has joined #crypto 20:02:56 zakim, Google has rsleevi 20:02:56 +rsleevi; got it 20:03:09 agenda+ Welcome 20:03:14 Zakim, aaaa is mountie 20:03:14 +mountie; got it 20:03:25 agenda+ implementations plan for our APIs 20:03:39 zakim, mountie is aaaa 20:03:39 +aaaa; got it 20:03:39 agenda F2F meeting date and location 20:03:45 Zakim, aabb is mountie 20:03:45 +mountie; got it 20:03:47 agenda+ AOB 20:03:51 zakim, aabb is mountie 20:03:51 sorry, wseltzer, I do not recognize a party named 'aabb' 20:03:53 agenda? 20:04:07 zakim, who is on the phone? 20:04:07 On the phone I see aaaa, mountie, rbarnes, asad, markw, virginie, +1.512.257.aagg, ddahl, +1.408.458.aahh, Wendy, hhalpin, Google 20:04:09 Google has rsleevi 20:04:10 agenda+ F2F meeting date and location 20:04:15 agenda? 20:04:50 zakim, aaaa is Zooko 20:04:50 +Zooko; got it 20:04:56 aagg is Karen 20:05:01 zakim, aagg is Karen 20:05:01 +Karen; got it 20:06:12 +Mike_Jones 20:06:47 selfissued has joined #crypto 20:06:53 I can scribe 20:07:04 scribenick: rsleevi 20:07:36 minutes http://www.w3.org/2012/12/17-crypto-minutes.html 20:07:40 Zakim, take up agendum 1 20:07:40 agendum 1. "Welcome" taken up [from virginie] 20:08:09 RESOLVED: Minutes from previous call are accepted 20:08:23 virginie: Status of documents in publication 20:08:47 ...: Our decision was reached on Dec 17. However, that was when publication of specifications were frozen. 20:08:58 Everything is fine except the use-cases 20:09:19 ... current drafts are working through publication. WebCrypto & Key Discovery were PubRules clean, so will be published tomorrow 20:09:24 Worse case, use-cases can come out a bit later... 20:09:32 ... use cases still needs a few editorial tweaks for pubrules 20:10:00 ?? Question about origin and why definition was removed 20:10:07 s/??/mountie 20:10:38 rsleevi: Not sure I understand the question 20:11:04 mountie: Differences make note about multi-origin support 20:12:31 q+ 20:13:17 rsleevi: There was some discussion about multi-origin related to key discovery, that was removed during the key discovery separation. Not fully sure I understand the question, but that may have been the reason for removal 20:13:34 q+ 20:13:43 ack hhalpin 20:13:46 zooko has joined #crypto 20:13:56 q- 20:14:27 hhalpin: Multi-origin may have a use case. Should send the use case. It may be possible to do things for the Korean banking use case while respecting the same-origin policy 20:14:40 i.e. by using digital signatures 20:14:55 + +1.303.661.aaii 20:15:01 sdurbha has joined #crypto 20:15:09 i.e. a certificate (token) can be given and have its signature verified 20:15:09 zakim, aaii is sdurbha 20:15:09 +sdurbha; got it 20:15:16 agenda? 20:15:31 even if the user is not currently "visiting" the site with a key from the same-origin as the origin that signed the token. 20:15:41 + +1.303.543.aajj 20:15:48 Zakim: aajj is zooko 20:15:50 virginie: Status of high level API - ddahl, markw, et al need more time to work on it 20:15:56 -Zooko 20:16:12 Zakim, next agendum 20:16:12 agendum 2. "implementations plan for our APIs" taken up [from virginie] 20:16:38 q+ 20:16:43 virginie: Question is "When are we going to have implementations" and "When are we going to get feedback about the API and the issues highlighted" 20:16:46 q? 20:16:53 q- 20:17:07 ... Question impacts timing of LC and schedule of WG 20:17:09 Yes, I was just going to note we need to tell W3C when we hope to go to Last Call. 20:17:13 q+ 20:17:34 +1 rbarnes!!! 20:17:38 rbarnes: Has just this afternoon pushed a polyfill out to github 20:17:39 http://polycrypt.net 20:17:57 ... This version implements several different algorithms, most of the API. 20:18:02 ... missing some of export key 20:18:13 ... Test cases driven by test vectors 20:18:40 ... Grep through the source for XXX spec for spec issues 20:18:51 grep -R "XXX-SPEC" * 20:19:02 q? 20:19:06 q- 20:19:24 rbarnes: While implementing, came across a few inconsistencies (eg: key usage vs key usageS ) 20:19:40 ... will be providing feedback on the spec, and looking for feedback on the implementation 20:20:27 ddahl: Ongoing work, mostly infrastructural. Still trying to work out resources and timelines, not sure when he'll have details 20:20:33 we'll need info on updating the charter within 2 weeks, BTW 20:21:12 selfissued: No implementation to report at this time 20:21:16 +Zooko 20:21:25 we want to make the roadmap realistic for all parties! 20:21:26 - +1.303.543.aajj 20:21:29 virginie: Any information we should request of Microsoft before we establish our roadmap? 20:21:40 q+ 20:21:45 selfissued: Ask that question again in two weeks 20:22:39 q+ 20:22:57 rsleevi: Not sure I can comment on timing. Have portions of the API (such as random) implemented in WK already, still working on resources and timing 20:23:40 markw: We have an implementation of a subset of the API, in the form of a plugin at the moment. Question about when we plan to have this aligned with the API, will get back 20:24:26 hhalpin: Not asking for anyone to reveal anything confidential. 20:24:43 ... Mostly trying to get an idea of the WG and when we as a WG expect to enter LC with all of our issues closed 20:25:05 ... when we chartered, we set a timeframe. We can realistically ask for one extension of timing 20:25:37 ... we have ourselves entering LC in February 20:25:40 q+ 20:25:50 ack hhalpin 20:26:02 q- 20:27:00 q+ 20:27:10 I can respond if I do it now, but I have to go in about 2 minutes 20:27:25 q+ 20:27:36 ack rsleevi 20:27:39 ack selfissued 20:27:52 rsleevi: An area of concern is key import/export and key wrap/unwrap and the timing and deliverables of those 20:28:18 rsleevi: Options include 1) Drop the feature 2) Do our own thing 3) Do the JOSE thing if it's ready 20:28:48 selfissued: JOSE has taken it up, and has progressed on something based on JWE, and is being responsive 20:29:02 -Mike_Jones 20:29:48 markw: Sense was use JOSE as the base, but if for any reason it wasn't ready, we cut & paste into our own 20:30:09 ... What are the next steps for key wrapping / unwrapping? 20:30:22 q- 20:31:06 virginie: We will need to make a decision and better understand the timing of decision. We can't delay it past LC 20:31:23 ... Regarding key wrapping / unwrapping, have it as an item for the next call 20:32:07 markw: Ideally we could have some progress before then 20:32:15 I'm trying to remember what open issues were with MarkW's key wrapping proposal. 20:32:31 virginie: We can't force people to work on that part of the spec. By adding it to the agenda we can discuss it 20:32:31 I think we still wanted the feature... 20:33:24 markw: Will update the proposal based on the new API, will go from there 20:33:44 q? 20:33:50 q+ 20:34:44 acl rsleevi 20:34:50 @hhalpin: yes ... I can't remember what the issues were either ;-) But at least the proposal needs to be updated for the API changes. There were also two versions: overloading import/export vs explicit wrap/unwrap & I think the group feeling was towards the latter 20:35:02 rsleevi: Reminder to think about cloning cryptographic operations and whether we accept or drop the feature 20:35:04 ack rsleevi 20:35:45 Zakim, take up agendum 4 20:35:45 agendum 4. "F2F meeting date and location" taken up [from virginie] 20:36:00 March 26/27/28 20:36:07 Most favourable dates were the end of March - 26/27/28 20:36:30 virginie: Question raised was "End of March - will we have enough feedback to sustain a F2F" 20:37:00 ... As a chair, feeling is meeting is always good, but people have budgets and timing concerns 20:37:09 ... Was thinking two F2F - one in march and one some time in summer 20:37:17 http://doodle.com/x958bvheya5rvi8q 20:38:04 q+ 20:38:27 hhalpin: Some feeling from the editors was that delaying it may help 20:38:35 ... delaying a month or a little more won't hurt 20:39:15 ... options for a meeting in Korea was raised. W3C meeting is having a fall meeting in China. Spec may still be in LC or CR phase 20:39:26 ... not sure if the China location would be suitably proximate 20:39:42 TPAC 2013 is in china 20:40:05 virginie: For me, because we only have a few members in the WG in Korea, but we have many in the US, it may make more sense to have this meeting in the US 20:40:34 and in the fall we could arrange a visit to Korea as well after or before TPAC 20:40:38 virginie: Very likely that the next meeting is in the US 20:41:16 mountie: Want to have the next meeting in Korea in order to show why there is interest in this API 20:42:42 ack hhalpin 20:42:53 hhalpin: Mentioning of China was to explore the possibility to have meeting in Korea before/after. 20:43:09 ... We may still have time for flexibility in the API at that time 20:43:31 ... we may be better served by waiting for the spec to be more mature 20:43:41 but would that be too late to influence stuff in Korea? 20:44:50 q+ 20:45:01 ack rsleevi 20:45:17 That's why I'm thinking the overlap will be clearer by the fall in 2013 20:45:38 rsleevi: As an implementor, while we value the problem, it's not a high point for us or our users. We've studied this problem for quite a bit of time, and with quite a bit of depth, and think this problem is much larger 20:45:56 ... as an editor, fully happy to reflect the consensus from the WG, but it's not likely something we'd rush to implement 20:46:23 ... would recommend this problem be postponed until we've furthered the current work 20:47:14 hhalpin: If we do it at TPAC, we'll have more contributors available 20:47:29 virginie: Other possibilities include a "roadshow" to demonstrate the API and how it fits in with the use case 20:47:37 ... back to the topic of dates 20:47:45 q+ 20:47:57 ack virginie 20:49:13 There is a distinct lack of proposals (except from Netflix!!) 20:49:25 rsleevi: Main concern is making we have enough issues and agenda for discussion 20:49:30 q+ 20:49:39 q- 20:49:55 virginie: We have lots of specs at the moment - we have use cases, key discovery, and (hopefully soon) high level API 20:50:00 I'd say we could also aim for April 2nd. 20:50:05 That would give us more time. 20:50:28 That is in the Doodle. 20:50:31 ... goal is to make sure we have people willing to travel and discuss the issues for these related specs 20:51:36 mountie: My expectation of the next F2F meeting was that we could begin setting priorities for the list of secondary features 20:51:58 ... our preferences are for secondary features. We should set priorities for secondary features 20:52:04 I agree with Mountie re prioritizing secondary features 20:52:57 virginie: Some of the secondary features may have dependencies on the primary dependency 20:53:15 ... we really have to balance on making sure we don't focus on our secondary features before focusing on our primary features 20:53:29 i am willing to travel, especially in US 20:53:35 +1 20:53:35 +1 20:53:37 +1 20:53:39 +1 20:53:40 +1 20:53:42 +1 in US 20:53:50 virginie: Question is who is willing and has the budget to travel 20:53:57 virginie: Reminder: Another F2F possibly in the summer 20:53:58 +1 20:55:39 virginie: Within the next two weeks, proposals for WHERE and WHEN the next F2F will be. As mentioned, will be US based 20:55:52 virginie: Possibility of Boston or DC as one options 20:56:06 ddahl: Possibility of Mountain View/Vancouver/Toronto 20:56:46 Zakim, take up agendum 3 20:56:46 agendum 3. "AOB" taken up [from virginie] 20:57:07 Thanks folks! 20:57:17 q+ 20:57:26 zooko - I'll look into the disposition of comments point I brought up. 20:57:29 ack mountie 20:57:31 ack mountie 20:57:32 q- 20:57:34 ack rsleevi 20:57:46 I'm going to the Stanford Real World Crypto workshop! 20:57:55 If folks can go and present the API at that workshop, that would be great!! 20:57:56 Can we have a WebCrypto dinner/lunch/beer ? 20:58:27 Who is it that *might* be presenting something related to WebCrypto there? 20:58:30 @hhalpin: No presentation 20:58:41 @zooko: ben adida. ddahl was supposed to figure out the details ;) 20:59:07 I see: https://crypto.stanford.edu/RealWorldCrypto/program.php 20:59:08 rsleevi: Mentioned the Stanford Real World Crypto Workshop, opportunity to get feedback and discuss with crypto community 20:59:43 virginie: Next call topic will include getting feedback from more companies and communities 20:59:44 rsleevi: you should just ping ben, he will let you know what is going on 20:59:48 Okay! Let's discuss it on this IRC channel after the call? 20:59:48 Get Terrence to look at it. 20:59:57 -sdurbha 21:00:01 - +1.408.458.aahh 21:00:02 -Zooko 21:00:03 -ddahl 21:00:03 -Wendy 21:00:05 -rbarnes 21:00:05 -Karen 21:00:06 -virginie 21:00:07 -hhalpin 21:00:08 -markw 21:00:09 -asad 21:00:15 -mountie 21:00:29 Zakim, draft minutes 21:00:29 I don't understand 'draft minutes', rsleevi 21:00:47 -Google 21:00:48 SEC_WebCryp()3:00PM has ended 21:00:48 Attendees were +1.720.357.aaaa, +82.22.14.0.aabb, +1.410.290.aacc, +1.512.257.aadd, +1.408.540.aaee, markw, rbarnes, asad, +1.512.257.aaff, +1.512.257.aagg, virginie, ddahl, 21:00:48 ... +1.408.458.aahh, Wendy, hhalpin, rsleevi, mountie, Zooko, Karen, Mike_Jones, +1.303.661.aaii, sdurbha, +1.303.543.aajj 21:00:51 rrsagent, make minutes 21:00:51 I have made the request to generate http://www.w3.org/2013/01/07-crypto-minutes.html wseltzer 21:01:24 Actually... I need to take a break. I'll look for rsleevi et al. on this IRC channel, twitter, email, etc. and talk about when we could meet up. 21:01:32 Yes, thanks rsleevi for scribing! 21:01:37 I hate that job... 21:01:43 Bye for now. 21:23:39 mountie has left #crypto 21:42:40 trackbot has joined #crypto 21:46:00 trackbot has joined #crypto