March 26, 2014 Meeting Minutes
- Approved 9 April 2014.
Bob Griffin performed roll call, we have quorum. This will be an official meeting.
1 Opening remarks (co-chairs)
2 Roll call
3 Review / approval of the agenda
4 Review of previous meeting minutes
5 Old Business
- Status of V2.40 second public review
- Moving forward with v3.0
- Topics for next call
6 New Business
7 Review Action Items
- Tim: Interop
- Valerie: Wiki discussion
- Sven: Required additional details introduction for his 3.0 proposals.
Motion to accept agenda
- Tim moves to accept the agenda, Chris seconds. No objections or abstentions or discussions. Approved.
1. Approve Previous Meeting Minutes
Minutes up for approval: March 12, 2014
- Tim moved, Chris seconded. No objections or abstentions or discussions. Approved.
2. Status on 2.40 second review
Tim moves that the OASIS PKCS 11 TC issue:
1. “OASIS PKCS # 11 Cryptographic Token Interface Base Specification Version 2.40 Working Draft 08”, located at https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/52352/pkcs11-base-v2%2040-wd08.doc, as “OASIS PKCS # 11 Cryptographic Token Interface Base Specification Version 2.40 Committee Specification Draft”;
2. “OASIS PKCS # 11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Working Draft 09”, located at https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/52491/PKCS#11-Current-wd09.doc , as “OASIS PKCS # 11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Committee Specification Draft”;
3. “OASIS PKCS # 11 Cryptographic Token Interface Historical Mechanisms Specification Version 2.40 Working Draft 06”, located at https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/52357/pkcs11-hist-v2.40-wd06.doc , as “OASIS PKCS # 11 Cryptographic Token Interface Historical Mechanisms Specification Version 2.40 Committee Specification Draft”;
4. “OASIS PKCS # 11 Cryptographic Token Interface Profiles Version 2.40 Working Draft 05”, located at https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/52326/pkcs11-profiles-v2.40-wd05.doc , as “OASIS PKCS # 11 Cryptographic Token Interface Profiles Specification Version 2.40 Committee Specification Draft”;
5. “OASIS PKCS # 11 Cryptographic Token Interface Usage Guide Version 2.40 Working Draft 07”, located at https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/52229/pkcs11-ug-v2.40-wd07.doc , as “OASIS PKCS # 11 Cryptographic Token Interface Usage Version 2.40 Committee Note Draft”;
and further directs the Chairs to perform any actions required by the TC Administrator to accomplish that issuance as soon as practicable. We further direct that the MS-WORD version of each of these specifications is authoritative.
- Chris Seconds. No objections or abstentions or discussions. Approved.
- Bob will double check to make sure that if anyone should be a voting member is promoted before this ballot goes out. Valerie did this last week, so we should be pretty current. If there are any questions about your member status, please send a note to Bob and Valerie. Verified with Chet that we can take this as the motion to move the documents through. Bob hopes to get the request out before our next meeting. (AI)
- Tim noted that we won't have the right wording in the document at the vote time to say committee spec draft. Bob noted that last time when he changed the document, Chet made him back out the changes. Chet then later changed the wording. Tim is concerned these document may not be accepted without the adding the correct wording or to allow Chet to modify the the documents after a vote to move them forward. Tim wonders if we should change the wording of our motion. Bob thinks we're okay and will confirm with Chet. (AI for Bob to confirm with Chet)
Moving forward with v3.0
- Wan-Teh created a smaller document that contained only the issue with message decryption - do we need another function, or can we use an existing function name. Wan-Teh uploaded this as well as a short presentation to show clearly what is proposed.
- Bob: Let's make sure we dig into this in the call in 2 weeks. Hopefully Mike can be there, but if not we'll make sure he has plenty of time to review Wan-Teh's proposal. Any questions? none heard.
- Sven: Jan and will work on this further, and he will be on the call in 2 weeks to give people an opportunity to ask questions. The document has been split into 3 different sections: what we think the goal of 3.0, then a list of functions or features, including security gaps - where other APIs are handling a little better, and then some architectural things we have to consider from the beginning that may impact how we look at the specification.
- Bob: Let's include this on the agenda in 2 weeks. Does that sound okay to you?
- Sven: Sure, but motivating people to provide feedback on the new features. What is the time frame of the next release? that is a discussion we have to consider. Give some feedback before our next meeting to help come up with priorities. All the features I listed are already listed in one form or another in other APIs. So, if we decrease what's on that list, we'll have missing features.
- Sven: wants to talk about next version name and discuss timeline.
- Bob: we already have so many suggestions that it seems it has to be 3.0
- Sven: there is communication and coordination we need to do, beyond the technical level.
- Tim: I think a lot of this will become clear once we see the list of proposals, what our version should be
- Sven: maybe this isn't the right place, but we will have to discuss this with OASIS people. We have to show more than just new features. We are cross-platform and that's important.
- Bob: I'm not sure I agree with that. I suspect 2 weeks is not soon enough to understand all of the features that are targeting to decide how to move forward. I'd like to point out that OASIS has not been involved in marketing decisions in the past, but I'd be happy to reach out to them if you want.
- Sven: It's more than just having a stand at RSA to talk about what we do with PKCS11. There is more to do. We need a marketing initiative - newsletters, etc. Maybe this is not the right forum, so who could help us?
- BOb: let's make this a topic in the future: visibility of our work that we're doing here in the committee.
- Valerie: Tim sent us a sample of how the KMIP team keeps track of proposals on the wiki, keep track of what's active or what's missing owners. Reviewing this on a regular basis in our meetings will help us know what things are still pending owners. We come up with a lot of great ideas in our meetings, but without an owner or champion we know that it will not turn into a formal proposal and then will not get into the final standard.
- Tim: Helps people to know how they can contribute. Keep things linked so people can find the most recent proposals.
- Valerie: also, there are a lot of old 2.40 suggestions on there. I don't want to throw them away, can someone help review them? I think most of them have already been done.
- Tim: Move them all over to 3.0 and mark whomever created them as the owner with unknown status. If they aren't prepared to clean them up, they will drop.
- Valerie: I will do that. (AI)
- Valerie: let's add it to the agenda to review as we get more proposals on there or find there are items with no owners.
- Bob agrees.
- Sven: can Valerie or Bob remove the old version of his suggestions for 3.0?
- Bob: generally we should not remove things from the document repository unless the document is very problematic.
- Tim gave an update on 2015 Interop
- Tim: Jane is looking for some more vendors still, but we seem close to reaching the minimum. If anyone is interested, you need to get back to Jane this week.
- None tracked to review at this time. Valerie will try to collect recent AIs and make sure they are in the agenda for next time.
Motion to Adjourn
- Tim moved, Chris seconded. No objections or abstentions or discussions. Adjourned 1:42PM PT.