Present: Mark Nottingham, Philippe Le Hegaret, Wendy Seltzer
## webauthn and webcrypto progress
Wendy: Webcrypto is in candidate rec phase and testing phase. Web Authentication is building on token binding and FIDO. Rapid progess. Setting up an IANA registry for authenticator registration.
Mark: we set up a registry for Mike West for CSP extensions. Nice to see W3C creating registries.
Wendy: we're doing the Web API for athenticator through the client for the party.
Mark any cross participation?
Wendy: Yes, Dirk Balfanz comes to mind (also Tony Nadalin, Jeff Hodges)
## webauthn authenticator extension registry
Wendy: Jeff Hodges took the action to take that started.
Mark: if he needs help, I'm happy to help.
Wendy: also aiming to beat W3C record from charter to REC.
plh: work at W3C stopped a year ago. Lack of interest from implementers to go and fix their bugs. They were satisfied enough with what they had.
plh: Work ongoing at WHATWG. There may be some interest from server side.
mnot: We ask for errata. There's a place for API for URLs, algorithm for parsing a string into a URL.
plh: I saw you raising performance issues for HTTP/2
mnot: pretty good implementation, best practices and extensions emerging. cache-digest, server authentication, connection reuse. QUIC drumbeat increasing, proposed WG-forming BOF in Berlin. Proposed charter starting from QUIC, with
18-month window (faster than HTTP/2).
Mark: W3C doesn't need to be involved more. They're not changing semantics but it's leaking a bit.
plh: SRI went to PR with a normative reference to Fetch. TimBL still has concerns about the security model embodied in Fetch but no one knows how to do better.
Wendy: We have more WebAppSec dependencies, so we're looking for ways to make the reference more acceptable.
Mark: we're confortable with it at the moment. keeping an eye on it.
## IETF 96 & W3C TPAC 2016
Mark isn't sure he can be in Lisbon. Wendy will be in Berlin.
Mark: we're waiting on Chris on the new draft. Next step will be to publish, get confirmation from mailing list, then send to IESG if no objection.
Mark: anything specific there?
Plh: didn't check with Dom. No news on our front.
Mark: I think we're good.
Mark: HTTP WG is going to open up the cookies spec and revise. Solliciting proposals, looking for implementers interest before moving forward. We adopted 3 drafts so far, 2 more are in play.
same-site cookies, cookie prefixes; considering: cookie priorities