PQUIP - IETF 117

Hybrid terminology document - 15 min

https://datatracker.ietf.org/doc/draft-ietf-pquip-pqt-hybrid-terminology/

Florence Driscoll (FD) - (UK NCSC) speaking

Jonathan Hoyland (JGH) - Are we going to refer to this like RFC 2119?
FD - Only if people want to. (i.e. it's opt-in only.)

Phillip Hallam-Baker (PHB) - Keep this together as it'll be out at the
earliest

Mike Ounsworth (MO) - Britta Hale (BH) wrote a paper about the
properties you might actually want. This draft might be a good place to
put those things.

Paul Hoffman (PH) - MO - as you are one of the people who would have a
dependency of this draft, would you object to this being a blocker.
MO - Sure

SPT - Don't make work for yourself (i.e. keep it together), we'll keep
our drafts in lockstep.

Rohan Mahy (RM) - In response to PHB. There’s a difference between ‘here
are all the hybrid terms’ vs ‘here are the terms we want to use now’.
This draft is the latter. Let’s get the draft moving, so we can get
experience with hybrid KEMs. Don’t want terms defined in other
documents.

Aron Wussler (AW) - We also have a draft that would use this, we're
happy for this to stay together even if takes a while

Sofía Celi (SC) - RE MO: What this draft aims to do is to define what
the common terminology means, rather than any cryptographic /
mathematical properties.

Michael Prorock (MP) - I don't mind the draft taking a while, and whilst
I don't really like hybrid stuff I don't mind us having it, and if we do
have it let's at least make sure we're all using the same terminology.
We should advertise it to other groups.

PQC for Engineers document - 30 min

https://datatracker.ietf.org/doc/draft-ar-pquip-pqc-engineers/
Aritra Banerjee (Nokia) presents an overview of the content in the
draft.

PH (as chair) - This is one of the key outputs of this WG because it's
less technical than a lot of what we produce in the IETF. Therefore it's
useful for others who need to understand PQC. This doesn't need to be
accessible to completely non-technical people, but it should be
accessible for the technical-ish people around them. Please look at it,
do reviews, have others do reviews.

PHB - It might be useful to talk in terms of risk. We do not know when
somebody is going to build a CRQC but if they build it they bring down
the banking system.
PH - Please propose wording.

Tim Hollebeek (TH) - Please do read this and engage. If you're at the
IETF you're probably an engineer, this document is for you. We want to
know what this document reads like for someone who is new. We need more
help.

John Gray (JG) - Thank you for putting this document together. Is this
adopted? If not let's adopt it.
PH - We will do an adoption call soon, I can't imagine we won't adopt
it.
Action: Start adoption call after the IETF.

Grand list of WGs and protocols looking at PQC algorithms - 10 minutes

https://github.com/ietf-wg-pquip/state-of-protocols-and-pqc

Sofia Celi presents.

Paul Hoffman - This will be a WG document as long as we exist. Part of
our charter is to help other WGs in the IETF coordinate, this is useful
for that.

RM - I made a pull request to add work being done in MLS, which is a PQ
hybrid key exchange mechanism.

JG - If we want to add to the list do we do a pull request?
PH - A pull request is great, but you can also say something on the list
if you want the WG to see what you're doing.

MO - At the bottom of this document there's a list of IETF protocols
that do not require any action.

Deployment of Post-Quantum Cryptography, Sophie Schmieg

Sophie Schmieg presents, on experience of, and learning from, PQC
deployment at Google.

LAMPS update on PQC

Tim Hollebeek presents on what's happening and has been happening on PQC
in LAMPS.

All other WG business

There will be last call for the PQ for Engineers draft

MP - We need to talk about test vectors for PQC.

PH - propose adding them to the catch all document (list of WGs and
protocols) on Github.
ST - Could you update the about page for this group to list the Github.

Roman Danyliw - We have a PQC related draft coming up in Secdispatch
later.
Yoav Nir - This is a draft that's an amendment to Mike Ounsworth's
hybrid signature draft, with slightly different security properties.

Russ Housley - We need to work out how to ensure that one crypto library
will work with different protocols and formats. I don't see that
happening.
PH - Could you start a document on this?
Russ - No.
PH - Propose Peter Guttman.

MP -

Thom Wiggers - Want to remind people that the NIST on-ramp for
signatures is going on. I'll plug the tool I built to look at the
signatures, as well as the talk I'm doing at TLS later in the week on
how to evaluate the list of submissions.

JG - Want to plug the PQ and X.509 hackathon. We're doing a lot of work
on implementing these newer drafts. We're planning to have an interim
hackathon in September (virtual). This could be a WG interim.