The JOSE working group met on 13 March 2012 from 9:00 to 11:30

Richard Barnes gave a presentation on the use cases document.  In the following discussion it was noted that we need to make clear that WebCrypto is not just about browsers.

John Bradley followed with a presentation on the current set of core documents in the working group.  The presentation went through the list of the current open issues in the data tracker.

John first reported on a compromise that had been reached on the issue of criticality of members for the various documents.  Richard suggested that we go forward on the first 4 items and continue the discussion of the application data portion.

Data tracker issue #3 - Discussion started by Richard saying that pointing to David McGrew's draft would resolve this issue.  However John pointed out that there is more in that document than just the Key Derivation Function (KDF) changes.  In the end the chairs decided that there was not sufficient clarity and consensus on the list of changes to close the tracker issue.  The chairs will attempt to develop a full set of questions to be discussed on this issue.

Data tracker issue #2 - will be closed by the chairs

Data tracker issue #4 - Discussion started by Richard about the question of the security analysis - Does the wrapped key need to be included in the integrity check or not.  The question will be referred to CFRG but a request for possible attack modes being sent to the list is requested

Data tracker issue #5 -Tony Nadalin agreed to contribute a use case via the list.

Data tracker issue #6 - Richard stated that he would like to see a statement on what fields must be present depending on the mode.  Mike Jones said he believe this could be made in a non-normative way and would propose a this list to the group for debate.

Data tracker issue #7 - Richard worries about the fact that the names for algorithms is not the same between WebCrypto and JOSE.  Joe Hildebrant said that if the differences are gratuitous then we should agree, otherwise it i not an issue.  The chair said that the WebCrypto people are scheduled to review the specs.  Final resolution is to keep it open until we hear back from them

Data tracker issue #8 - The chairs ask who should do the security analysis.  Richard suggested CFRG.  The chairs then ask for a pleminary analysis for them to look at.  Richard said he could do that.  Mike said they he could have a Microsoft crypto board do an analysis within a smal number of weeks.

Draft tracker issue #9 - John claims that "spi" affects the SHOULD/MUST statements about the contents of the header.  Mike says that the issue has not yet been clearly spelled out.  Richard agreed to create an ID to detail the use case and how it would work.

Draft tracker issue #10 - There was a lively discussion on the issue of having mandatory to implement (MTI) algorithms in the JOSE base specifications.  This included a split opinion from current members of the IESG with Sean Turner saying it is required and Richard Barnes wanting to remove the MTI from the document. As part of the discussion it was noted that MTI for the library does imply that these are the mandatory algorithms for applications.  Applications can specify their own mandatory to use algorithms.

Draft tracker issue #11 - The issue is related to issue #3 and will be addressed as part of it.

Draft tracker issue #12 - Mike Jones and John Bradley promised get new text to deal with the issue.

Additionally, it was brought up from the floor that there is no place currently where a list of the available toolkits that exist and their status.  It was suggested that the group Wiki page could be used to coordinate such a list.

Nat Sakimura then gave a presentation on the two JSON serialization drafts.  Richard called for folding these documents into the base specification.  Joe wanted to know if this would cause problems with future serialization methods.  After a discussion it was decided that should another serialization be proposed it could be dealt with at the time.  There was therefore consensus to combine these documents into the base specifications.

Mike Jones gave a presentation on the private and symmetric key member additions to the JWK specification.  There was consensus in the room for folding this document into the current JWA draft.  The consensus will need to be confirmed on the list.

Matt Miller and Richard Barnes then gave somewhat competing proposals on the way to encrypt private and symmetric keys.  The outcome of the discussion was that Richard would create an draft that would deal with question 1 B in his presentation, but the question of different encoding methods would be tabled for the present.

Finally Brian Campbell gave a presentation on a method of placing certificates within a JWK object as an alternate way of carrying the public key to the JSON member fields.  While Matt thought that the proposal should be rolled into the JWK document, Tony was did not feel that the proposal had been sufficiently thought out.  No decision on a progression path for the document was made.

ACTION ITEMS:
* Chairs - Create a WIKI with a list of implementions and pointers
* Chairs - AES+HMAC Issue list development
* Chairs - close tracker issue #2
* Mike Jones - List of which fields depend on which mode to the mailing list. (Tracker Issue #6)
* Richard Barnes - Prelimary analysis for issue #8 to be sent to CFRG
* Mike Jones - Msft crypto board analysis of issue #8
* Richard Barnes - New ID for SPI
* Mike Jones - Fold serialization drafts into the base documents.
* Chairs - confirm concensus on folding private key/secret into the JWA draft