IRC log of webauthn on 2017-09-13

Timestamps are in UTC.

16:48:03 [RRSAgent]
RRSAgent has joined #webauthn
16:48:03 [RRSAgent]
logging to http://www.w3.org/2017/09/13-webauthn-irc
16:48:05 [trackbot]
RRSAgent, make logs public
16:48:05 [Zakim]
Zakim has joined #webauthn
16:48:07 [trackbot]
Meeting: Web Authentication Working Group Teleconference
16:48:07 [trackbot]
Date: 13 September 2017
16:49:29 [weiler]
agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Sep/0211.html
16:49:44 [weiler]
weiler has changed the topic to: agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Sep/0211.html
16:50:00 [weiler]
present+ weiler
17:02:25 [Rolf]
Rolf has joined #webauthn
17:04:34 [WD07]
WD07 has joined #webauthn
17:05:15 [jfontana]
jfontana has joined #webauthn
17:06:10 [kpaulh]
kpaulh has joined #webauthn
17:09:22 [jfontana]
I will contribute
17:09:37 [weiler]
scribenick: jfontana
17:09:59 [jfontana]
No issues on 498
17:10:11 [jfontana]
Topic: 593
17:11:20 [wseltzer]
present+
17:11:58 [jfontana]
topic: 544
17:12:05 [ketan]
ketan has joined #webauthn
17:12:15 [jfontana]
https://github.com/w3c/webauthn/pull/544
17:12:18 [weiler]
present+ AkshayKumar, Alexei, kpaulh, battre, jfontana, ketan, Rolf, nadalin, ChristiaanBrand
17:12:41 [jfontana]
topic: 545. Angelo thinks it is ready to go. JC has a question posted.
17:12:54 [jfontana]
https://github.com/w3c/webauthn/pull/545
17:13:17 [jfontana]
JCJ_moz is not present
17:14:10 [weiler]
regrets: jcj_moz
17:14:20 [jfontana]
Angelo: it's ready. But let's wait til jeffH can look at it and merge it
17:14:38 [jfontana]
topic 546 https://github.com/w3c/webauthn/pull/546
17:14:46 [weiler]
rrsagent, draft minutes
17:14:46 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/09/13-webauthn-minutes.html weiler
17:15:01 [weiler]
rrsagent, make log public
17:15:26 [jfontana]
Christiaan: suggests to merge this PR. No disagreement
17:15:40 [jfontana]
Angelo: it does not break anything
17:16:17 [dmitriz]
dmitriz has joined #webauthn
17:17:18 [jfontana]
Alexei: there are some typos. I will fix and merge in.
17:17:45 [jfontana]
topic: https://github.com/w3c/webauthn/pull/553
17:17:58 [jfontana]
tony. this is not a big issue right?
17:18:19 [jfontana]
Alexei: it is not a big issue if everyone agrees to merge this in.
17:18:26 [jfontana]
Alexei; merging
17:18:50 [jfontana]
topic: https://github.com/w3c/webauthn/pull/555
17:19:10 [jfontana]
dirk, we are not sending this over the wire
17:19:41 [jfontana]
alexei: updated and merged.
17:19:58 [jfontana]
topic: https://github.com/w3c/webauthn/pull/558
17:22:58 [jfontana]
direK: think the concern if someone put PII in the field
17:24:56 [jfontana]
dirk: wa yI see this, we have to clean up some of things that fell through the cracks and one thing is that we are forgetting to pass ID back to RP
17:25:07 [weiler]
present+ dmitriz
17:26:44 [jfontana]
dirk: PII has many definitions
17:26:51 [wseltzer]
q+
17:27:51 [weiler]
ack ws
17:28:03 [jfontana]
dirk: we could in the spec say when you pass in this value make sure it is not one of those things that can be user identified.
17:28:27 [jfontana]
wseltzer: offering a legal point of view
17:28:48 [jfontana]
wseltzer: question will you be sharing PII with someone you were not expecting
17:29:10 [jfontana]
christiaan: only one who will see info. is RP. the wire is not in scope here
17:29:36 [jyasskin]
q+
17:30:08 [jfontana]
akshay: is the solution that we can put anything in here?
17:31:43 [weiler]
present+ jyasskin
17:31:49 [weiler]
ack jy
17:32:18 [jfontana]
JYasskin: we need to alert RP to this issue and let them choose accordingly.
17:32:50 [jfontana]
rolf: how is this solved in u2f today
17:33:00 [jfontana]
christiaan: u2f does not have this issue
17:34:12 [jfontana]
Jyasskin: if userID is PII, then credential name is PII. RP can treat it that way.
17:34:39 [jfontana]
wseltzer: some RPs would rather not see PII
17:35:15 [jfontana]
tony: put note in there to say privacy consideration section should be updated. with note about sharing PII with some you were not expecting to share it with
17:37:08 [jfontana]
tony: we still are pending the FIDO thing to finish before we merge this one. lets hold off and get the FIDO issue resolved
17:37:15 [jfontana]
Christiaan: that sounds perfect.
17:37:25 [jfontana]
some open issues hanging around
17:38:23 [jfontana]
tony: tryign to triage some issues. i'm moving editorial, non-normative to public recommendation
17:39:16 [jfontana]
tony: trying to get us to CR and not worrying so much about editorial, non-normative
17:39:22 [jfontana]
tony: want to make you aware
17:40:08 [jfontana]
topic: https://github.com/w3c/webauthn/issues/507
17:40:16 [jfontana]
topic: https://github.com/w3c/webauthn/issues/506
17:40:28 [jfontana]
these are both about u2f attestation
17:40:41 [jfontana]
Rolf: they are good to go in my opinon
17:41:51 [jfontana]
topic: https://github.com/w3c/webauthn/issues/506
17:42:09 [jfontana]
tony: these are the cancel and about issues. #383 is part of that
17:42:41 [jfontana]
about should be "abort"
17:44:15 [jfontana]
topic: 125 addressed by 507 and 579
17:44:25 [jfontana]
Rolf: ready to be merged
17:46:22 [jfontana]
topic: 548. mjones is looking at this one.
17:46:54 [jfontana]
tony: Dirk opened up 544. asked mjones to look at this one
17:47:38 [jfontana]
topic: 557. can dirk explain
17:47:42 [jfontana]
dirk dropped off
17:48:01 [jfontana]
current topic is https://github.com/w3c/webauthn/issues/557
17:49:39 [jfontana]
Alexei: dirk's comment shouldn't public key be at top of attestation. that is what the first statement on 557 is.
17:51:13 [jfontana]
alexei will clear up incorrect language to clarify. Will verify with Dirk.
17:51:24 [jfontana]
tony: so no issue with this if we clear up the language?
17:51:36 [jfontana]
tony: can someone create a PR for this one.
17:51:41 [jfontana]
alexei: yes.
17:52:15 [jfontana]
akshay: authenticators don't need to change.
17:52:21 [jfontana]
alexei: correct
17:53:26 [weiler]
present+ angelo
17:53:54 [weiler]
rrsagent, draft minutes
17:53:54 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/09/13-webauthn-minutes.html weiler
17:57:37 [weiler]
chair: nadalin
18:01:12 [jfontana]
tony: no call the week of Sept. 25
18:01:19 [jfontana]
adjourn
18:01:30 [weiler]
tony: remember to have AC reps vote on the re-charter. John will chair next week, 20 Sept. No call 27 Sept.
18:01:34 [weiler]
rrsagent, draft minutes
18:01:34 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/09/13-webauthn-minutes.html weiler