Meeting minutes
Tony: does L2 supersede or does L1 stay around
agl: yes.
tony: supersede means depricate
agl: there are no users for the extensions, L1
selfissue: we should deprecate
… normal part of process.
tony: we don't change the L1 spec, we don't have a pointer
<wseltzer> PROPOSED: L2 Supersedes L1
Resolution: L2 Supersedes L1
tony: so we want to go supersede.
wendy: the patent policies for L1 remain in place.
bradley: reference in IANA registry.
tony: nothing left for CR
… some open issues for L3,
… I have not finished the charter.
… a draft will be posted.
… we are not merging any pull requests, just sorting out what we have.
… https://
https://
elundberg: if we do this, we should keep in the RP updates
selfissue: for this to work you would have to update all Web authn clients to do this
agl: agents and servers, yes
selfissue: close and say will not do
agl: needs more explaining, justification
tony: nick will you do this and close it?
nickS: yes
nickS: I don't know if Rolf has any interest in taking this on
tony: he can re-open if he wants.
https://
elundberg: no updates right now.
https://
jeffH: still interested
https://
tony: talking about payments in general.
URL correction: https://
https://
agl: we have a whole series of issues on github. boil down to re-auth does not work
tony: shold re-auth be in level 3
agl: it does not work, but might want to address in L3
tony: can we get a generic issue on this one.
jeffH: we could add something to the charter.
… a blanket issue to cover all of them
bradley: we support re-auth, it is about improving or streamlining
agl: it's a bad UX
https://
akshay: we need #1569 #1567 #1559 all of these
bradley; need to look at #554. what to do now that token binding is dead
#1554
https://
JeffH: HSTS was a patch, we are defaulting to secure connections
https://
agl: multiple keys, yes, interested
selfissue: MSFT supports as well
… could be used for recovery or migration
tony: non modal UI
jeffH: yes.
https://
tony: does anyone not support going ahead with this
silence
https://
mattM: I guess I can take this one.
… sure
NickS: will help coordinate.
https://
tony: this was a google one originally
shane: thought platform authenticators are device bound
agl: I think we can close this.
tony: agl can you close
https://
jeffH: close it
… clear out PR and issue
tony: this covers all the major enhancements we want to do.
… anything else.
bradley: https://
… don't think it needs to be in charter.
… a new version of CTAP will catch up to it.
selfissues: fine for charter to include new algorithm work and it does not get done.
agl: should not happen by charter
tony: what do we say in charter; additional curves
bradley: additional work on algorithm agility
tony: this is all I have.
tony: should we pause until PR is done
… take next week off and meet the following.
… so meet again on the 17th
… ?
… concerns?
… skips the 10th and meet on the 17th
jeffH: sounds fine as proposed.
tony: adjourn