[{"author": "Christian Veenman", "text": "

Good morning/afternoon everyone

", "time": "2022-07-26T14:03:39Z"}, {"author": "Sofia Celi", "text": "

morning all!

", "time": "2022-07-26T14:04:51Z"}, {"author": "Jim Fenton", "text": "

front speaker audience-right seems not to be working

", "time": "2022-07-26T14:05:39Z"}, {"author": "Benjamin Kaduk", "text": "

Richard's mic gain is louder than Kathleen's

", "time": "2022-07-26T14:08:19Z"}, {"author": "Benjamin Kaduk", "text": "

:applause: for Mohit!

", "time": "2022-07-26T14:08:29Z"}, {"author": "Christian Veenman", "text": "

Thanks Mohit!

", "time": "2022-07-26T14:08:38Z"}, {"author": "Carsten Bormann", "text": "

Is anybody using https://notes.ietf.org/notes-ietf-114-secdispatch ?

", "time": "2022-07-26T14:08:55Z"}, {"author": "Benjamin Kaduk", "text": "

Well clearly you are, Carsten :wink:

", "time": "2022-07-26T14:09:16Z"}, {"author": "Kathleen Moriarty", "text": "

Do we have minute takers?

", "time": "2022-07-26T14:09:23Z"}, {"author": "Carsten Bormann", "text": "

s/using/staring at an empty/

", "time": "2022-07-26T14:09:33Z"}, {"author": "Richard Barnes", "text": "

cabo: If you could take some notes in there, would really appreciate it

", "time": "2022-07-26T14:10:19Z"}, {"author": "Carsten Bormann", "text": "

Ich spreche kein Quantum

", "time": "2022-07-26T14:10:30Z"}, {"author": "Carsten Bormann", "text": "

But I'll try...

", "time": "2022-07-26T14:10:40Z"}, {"author": "Richard Barnes", "text": "

doch, es ist so einfach!

", "time": "2022-07-26T14:10:47Z"}, {"author": "Jabber", "text": "

sftcd: do we need a term for \"combining PW+classical algs in a vastly overcomplicated manner\"? :-)

", "time": "2022-07-26T14:11:04Z"}, {"author": "Jabber", "text": "

sftcd: s/PW/PQ/

", "time": "2022-07-26T14:11:12Z"}, {"author": "Roman Danyliw", "text": "

Thanks Carsten

", "time": "2022-07-26T14:12:06Z"}, {"author": "Richard Barnes", "text": "

cabo: most important thing is the DISPATCH outcomes. i'll have an eye on that as well.

", "time": "2022-07-26T14:12:11Z"}, {"author": "Phillip Hallam-Baker", "text": "

My use of PQC in the early stages is going to be limited to establishing a shared secret and fingerprint of a signature verification key for use as an emergency backup in case of need. Which isn't hybrid in the normal sense of the term.

", "time": "2022-07-26T14:13:46Z"}, {"author": "Christopher Patton", "text": "

FWIW, CFRG is considering adopting a draft for standardizing Kyber.

", "time": "2022-07-26T14:15:37Z"}, {"author": "Jabber", "text": "

dkg: i'd second paul -- having separate drafts for signing vs. key encapsulation makes sense to me. these are significantly different contexts

", "time": "2022-07-26T14:17:26Z"}, {"author": "Panos Kampanakis", "text": "

+1 on working on the PQ terminology draft in a new PQ WG.

", "time": "2022-07-26T14:18:56Z"}, {"author": "Benjamin Kaduk", "text": "

Is Barry proposing a terminology WG or a PQ WG?

", "time": "2022-07-26T14:19:34Z"}, {"author": "Richard Barnes", "text": "

audio seems to be broken

", "time": "2022-07-26T14:19:41Z"}, {"author": "Roman Danyliw", "text": "

As process check, we can suggest CFRG but we can't dispatch to them. They are IRTF.

", "time": "2022-07-26T14:19:45Z"}, {"author": "Melinda Shore", "text": "

Terminology

", "time": "2022-07-26T14:19:51Z"}, {"author": "Jabber", "text": "

dkg: we can't hear you richard

", "time": "2022-07-26T14:19:55Z"}, {"author": "Alexey Melnikov", "text": "

CFRG would be fine (as one of CFRG co-chairs, without consulting with my co-chairs). But a new WG is fine too.

", "time": "2022-07-26T14:20:05Z"}, {"author": "Joey Salazar", "text": "

I also think a new WG probably makes sense

", "time": "2022-07-26T14:20:25Z"}, {"author": "John Preu\u00df Mattsson", "text": "

Starting a new group just for PQC terminology seems overkill. CFRG seems like the right palce for this.

", "time": "2022-07-26T14:20:32Z"}, {"author": "Richard Barnes", "text": "

i was going to say that it seems like there's also some work do defining the desired security properties of hybrids, which also points toward CFRG

", "time": "2022-07-26T14:20:46Z"}, {"author": "Andrew Campling", "text": "

+1 for a new wg (Secterm?)

", "time": "2022-07-26T14:20:56Z"}, {"author": "Mike Ounsworth", "text": "

John Preu\u00df Mattsson said:

\n
\n

Starting a new group just for PQC terminology seems overkill. CFRG seems like the right palce for this.

\n
\n

What about a new WG for \"Cross-cutting PQ Migration Issues\" ?

", "time": "2022-07-26T14:21:11Z"}, {"author": "Jabber", "text": "

sftcd: cfrg would be a bad choice; ad sponsor would be fine if limited to key exchange as paul H suggested, otherwise I'd suggest living with the issue for a while until we figure out more about how to not do signature stuff in an overcomplex manner that might get deployed

", "time": "2022-07-26T14:21:29Z"}, {"author": "Richard Barnes", "text": "

Mike: .... if we have such issues

", "time": "2022-07-26T14:21:32Z"}, {"author": "Sofia Celi", "text": "

Mike Ounsworth said:

\n
\n

John Preu\u00df Mattsson said:

\n
\n

Starting a new group just for PQC terminology seems overkill. CFRG seems like the right palce for this.

\n
\n

What about a new WG for \"Cross-cutting PQ Migration Issues\" ?

\n
\n

That sounds very nice

", "time": "2022-07-26T14:21:58Z"}, {"author": "Roman Danyliw", "text": "

This is pointer to the prior discussions on a PQ migration group -- https://github.com/rdanyliw/ietf-pq-maintenance/blob/main/pqm-charter.md

", "time": "2022-07-26T14:22:06Z"}, {"author": "Henk Birkholz", "text": "

Does Key Encapsulation also need a separate space?

", "time": "2022-07-26T14:22:40Z"}, {"author": "Panos Kampanakis", "text": "

PQ SSH in this WG... Plus more later,,,

", "time": "2022-07-26T14:22:44Z"}, {"author": "Jabber", "text": "

sftcd: so given we have a pq discussion list, let this be noodled on there 'till there's an outcome maybe

", "time": "2022-07-26T14:22:54Z"}, {"author": "Sofia Celi", "text": "

The charter can also include the migration of different protocols, which will be a lot of work

", "time": "2022-07-26T14:22:57Z"}, {"author": "Jim Fenton", "text": "

I wonder if IETF has enough cred in the terminology area to lead on this, or if the rest of the community will be looking elsewhere.

", "time": "2022-07-26T14:22:58Z"}, {"author": "Joey Salazar", "text": "

+1 \"Cross-cutting PQ Migration Issues\"

", "time": "2022-07-26T14:23:09Z"}, {"author": "Yoav Nir", "text": "

Sofia Celi said:

\n
\n

Mike Ounsworth said:

\n
\n

John Preu\u00df Mattsson said:

\n
\n

Starting a new group just for PQC terminology seems overkill. CFRG seems like the right palce for this.

\n
\n

What about a new WG for \"Cross-cutting PQ Migration Issues\" ?

\n
\n

That sounds very nice

\n
\n

All good, as long as we have more content to assign to this group

", "time": "2022-07-26T14:23:47Z"}, {"author": "Massimiliano Pala", "text": "

I fear that a new WG would take quite a long time and we are building things today ... maybe can we try with two I-Ds first ?

", "time": "2022-07-26T14:23:51Z"}, {"author": "Jabber", "text": "

dkg: massimiliano: we can make the I-Ds as the WG is being formed. this doesn't need to be a blocker

", "time": "2022-07-26T14:24:42Z"}, {"author": "Yoav Nir", "text": "

Jim Fenton said:

\n
\n

I wonder if IETF has enough cred in the terminology area to lead on this, or if the rest of the community will be looking elsewhere.

\n
\n

We set the terminology that we use in our documents. Others may or may not adopt our terminology

", "time": "2022-07-26T14:24:49Z"}, {"author": "Martin Thomson", "text": "

Yoav Nir said:

\n
\n

Sofia Celi said:

\n
\n

Mike Ounsworth said:

\n
\n

John Preu\u00df Mattsson said:

\n
\n

Starting a new group just for PQC terminology seems overkill. CFRG seems like the right palce for this.

\n
\n

What about a new WG for \"Cross-cutting PQ Migration Issues\" ?

\n
\n

That sounds very nice

\n
\n

All good, as long as we have more content to assign to this group

\n
\n

How many replies can you have before you end up with something breaking?

", "time": "2022-07-26T14:24:51Z"}, {"author": "Henk Birkholz", "text": "

I-D work shall not be stopped by finding a place for I-D, right?

", "time": "2022-07-26T14:25:00Z"}, {"author": "Jabber", "text": "

sftcd: to re-iterate: i think asking cfrg to do this terminology stuff is a pretty bad plan - we'd end up with lots of terms for things the IETF doesn't need is my guess

", "time": "2022-07-26T14:25:05Z"}, {"author": "Sofia Celi", "text": "

yeah, CFRG might not be ideal as it is not only cryptography but how to fit it in the protocols

", "time": "2022-07-26T14:25:10Z"}, {"author": "Jabber", "text": "

MichaelRichardson: https://datatracker.ietf.org/doc/draft-richardson-saag-onpath-attacker/ maybe could go into some new group.

", "time": "2022-07-26T14:25:28Z"}, {"author": "Jabber", "text": "

dkg: someone has a threading fetish :stuck_out_tongue:

", "time": "2022-07-26T14:25:32Z"}, {"author": "Yoav Nir", "text": "

Martin Thomson said:

\n
\n

Yoav Nir said:

\n
\n

Sofia Celi said:

\n
\n

Mike Ounsworth said:

\n
\n

John Preu\u00df Mattsson said:

\n
\n

Starting a new group just for PQC terminology seems overkill. CFRG seems like the right palce for this.

\n
\n

What about a new WG for \"Cross-cutting PQ Migration Issues\" ?

\n
\n

That sounds very nice

\n
\n

All good, as long as we have more content to assign to this group

\n
\n

How many replies can you have before you end up with something breaking?

\n
\n

Working on finding out...
\nAnd does it depend on the browser?

", "time": "2022-07-26T14:25:34Z"}, {"author": "Jabber", "text": "

dkg: i'm viewing this through irssi via the XMPP/jabber gateway. these threaded messages are unreadable

", "time": "2022-07-26T14:26:21Z"}, {"author": "Jabber", "text": "

MichaelRichardson: yeah @dkg, it's a fail for me too.

", "time": "2022-07-26T14:26:37Z"}, {"author": "Jabber", "text": "

sftcd: fwiw, the quoting also gets as garbled after the xmpp and then matrix.org g/w:-)

", "time": "2022-07-26T14:26:48Z"}, {"author": "Benjamin Kaduk", "text": "

Yoav Nir said:

\n
\n

Martin Thomson said:

\n
\n

Yoav Nir said:

\n
\n

Sofia Celi said:

\n
\n

Mike Ounsworth said:

\n
\n

John Preu\u00df Mattsson said:

\n
\n

Starting a new group just for PQC terminology seems overkill. CFRG seems like the right palce for this.

\n
\n

What about a new WG for \"Cross-cutting PQ Migration Issues\" ?

\n
\n

That sounds very nice

\n
\n

All good, as long as we have more content to assign to this group

\n
\n

How many replies can you have before you end up with something breaking?

\n
\n

Working on finding out...
\nAnd does it depend on the browser?

\n
\n

There is a \"view source\" button that shows you the internal representation, if you want to get an estimate of what limits might be getting approached. (I am not convinced there are any that are close by.)

", "time": "2022-07-26T14:27:06Z"}, {"author": "Yoav Nir", "text": "

Looks fine on IE6.

\n

j/k

", "time": "2022-07-26T14:28:42Z"}, {"author": "Richard Barnes", "text": "

this is like hosts.txt for mutual TLS

", "time": "2022-07-26T14:29:17Z"}, {"author": "Roman Danyliw", "text": "

Given this discussion on PQC agility, we'll do a real-time agenda bash on SAAG to ask the informal question -- \"is there interest to create a pqc WG to initially work on terminology\" + and open the floor for other scope. A non-binding temperature check.

", "time": "2022-07-26T14:29:31Z"}, {"author": "Brendan Moran", "text": "

Did I hear both \"JSON\" and \"machine to machine\"?

", "time": "2022-07-26T14:29:37Z"}, {"author": "Daniel Gillmor", "text": "
", "time": "2022-07-26T14:29:40Z"}, {"author": "Roman Danyliw", "text": "

@meetecho -- can you please reduce the volume on the remote speaker. All of the remote participants are coming in very loud.

", "time": "2022-07-26T14:30:02Z"}, {"author": "Yoav Nir", "text": "

It's a federation of CAs plus some JSON for key pinning

", "time": "2022-07-26T14:30:11Z"}, {"author": "Carsten Bormann", "text": "

Is just my audio from Stefan hard to understand?

", "time": "2022-07-26T14:30:40Z"}, {"author": "Christian Veenman", "text": "

I have the same. It's a bit low on volume I guess?

", "time": "2022-07-26T14:31:01Z"}, {"author": "Jim Fenton", "text": "

Stefan's audio is hard for me in the meeting room as well

", "time": "2022-07-26T14:31:09Z"}, {"author": "Benjamin Kaduk", "text": "

My question is not really related to the dispatch process...

", "time": "2022-07-26T14:31:14Z"}, {"author": "Brendan Moran", "text": "

Do the machines in machine-to-machine need to parse this?

", "time": "2022-07-26T14:31:25Z"}, {"author": "Roman Danyliw", "text": "

The feedback was to use CBOR and not JSON.

", "time": "2022-07-26T14:33:07Z"}, {"author": "Kathleen Moriarty", "text": "

@Ben would it help decide if work is needed here?

", "time": "2022-07-26T14:33:51Z"}, {"author": "Jabber", "text": "

MichaelRichardson: What I heard is that the health entities that want to use this need a specification against which they can procure.

", "time": "2022-07-26T14:34:15Z"}, {"author": "Massimiliano Pala", "text": "

Would a AD sponsorship work for this work?

", "time": "2022-07-26T14:34:26Z"}, {"author": "Jabber", "text": "

MichaelRichardson: that's why an informal document won't work for him.

", "time": "2022-07-26T14:34:30Z"}, {"author": "Christian Veenman", "text": "

It would be nice if Kathleens volume could be turned a bit higher

", "time": "2022-07-26T14:34:49Z"}, {"author": "Eric Rescorla", "text": "

I don't see how we could do this in IETF without a lot more sign of interest

", "time": "2022-07-26T14:34:56Z"}, {"author": "Jabber", "text": "

sftcd: I scanned the draft - I don't see why the FED tls thing isn't a thing to be decided by the tls wg (we seem to be falling back to dispatch in too many such cases in general I reckon)

", "time": "2022-07-26T14:35:02Z"}, {"author": "Yoav Nir", "text": "

I think even an independent submission would be sufficient

", "time": "2022-07-26T14:35:09Z"}, {"author": "Eric Rescorla", "text": "

Well, for code point registration, an ID is sufficient

", "time": "2022-07-26T14:35:25Z"}, {"author": "Christian Ams\u00fcss", "text": "

meetecho: Please pivot to speaker

", "time": "2022-07-26T14:35:32Z"}, {"author": "Eric Rescorla", "text": "

I don't want this using time in TLS without more interest

", "time": "2022-07-26T14:35:56Z"}, {"author": "Benjamin Kaduk", "text": "

I was just going to say that I was confused by the approach which is adding more mechanism. I'm not sure why just having a root CA for the federation, doing cross-signing or whatever, wouldn't achieve the same goals while requiring less changes on the endpoints involved.

", "time": "2022-07-26T14:36:26Z"}, {"author": "Alexey Melnikov", "text": "

FNV seems like a CFRG thing. (As a participant)

", "time": "2022-07-26T14:36:59Z"}, {"author": "Jabber", "text": "

sftcd: @ekr: that's fair, but it's consuming time anyway and IMO in the wrong location - ISTM that bouncing from the tls list to a dispatch group then getting tls wg participants to say \"meh\" is a waste of everyone's effort

", "time": "2022-07-26T14:37:04Z"}, {"author": "Yoav Nir", "text": "

@Benjamin Kaduk : They also want key pinning

", "time": "2022-07-26T14:37:08Z"}, {"author": "Richard Barnes", "text": "

@Alexey except it's not crypto :)

", "time": "2022-07-26T14:37:12Z"}, {"author": "Jabber", "text": "

sftcd: @alexey: cfrg doing weak crypto seems a bad plan;-(

", "time": "2022-07-26T14:37:36Z"}, {"author": "Jonathan Hammell", "text": "

ISE seems the right approach for having a public specification

", "time": "2022-07-26T14:37:49Z"}, {"author": "Yoav Nir", "text": "
    \n
  1. Why do we need to do it when there's this: https://en.wikipedia.org/wiki/Fowler\u2013Noll\u2013Vo_hash_function
    2. \n
  2. Why FNV? Why not MurMurHash or xxHash?
    3. \n
", "time": "2022-07-26T14:38:35Z"}, {"author": "Eric Rescorla", "text": "

Is this defined for 2^{521}-1? The best prime

", "time": "2022-07-26T14:38:58Z"}, {"author": "Ted Hardie", "text": "

Can we just reference the IEEE Std then?

", "time": "2022-07-26T14:39:31Z"}, {"author": "Thom Wiggers", "text": "

inb4 the IEEE standard is pay-to-access

", "time": "2022-07-26T14:39:57Z"}, {"author": "John Preu\u00df Mattsson", "text": "

Alexey Melnikov said:

\n
\n

FNV seems like a CFRG thing. (As a participant)

\n
\n

As it is non-cryptographic I am not sure it even belongs in secdispatch.....

", "time": "2022-07-26T14:40:00Z"}, {"author": "Eric Rescorla", "text": "

That is what i said!

", "time": "2022-07-26T14:40:16Z"}, {"author": "Ted Hardie", "text": "

Okay, well then ISE.

", "time": "2022-07-26T14:40:19Z"}, {"author": "Valery Smyslov", "text": "

ISE looks like the right approach.

", "time": "2022-07-26T14:40:40Z"}, {"author": "Jabber", "text": "

sftcd: ISE seems right to me, if some standard needs to refer to it, there's the downref registry

", "time": "2022-07-26T14:40:41Z"}, {"author": "Martin Thomson", "text": "

ISE seems reasonable

", "time": "2022-07-26T14:40:43Z"}, {"author": "Jabber", "text": "

sftcd: -1 to paul - we have a downref registry

", "time": "2022-07-26T14:42:26Z"}, {"author": "Valery Smyslov", "text": "

HMAC is informational and is used in numerous std documents.

", "time": "2022-07-26T14:42:51Z"}, {"author": "Valery Smyslov", "text": "

RFC 2104

", "time": "2022-07-26T14:42:55Z"}, {"author": "Ted Hardie", "text": "

I don't think that reasoning for the ISE makes sense, but if the ISE has rejected on this basis, I guess that's independence on his part.

", "time": "2022-07-26T14:43:14Z"}, {"author": "Mike Ounsworth", "text": "

Benjamin Kaduk said:

\n
\n

I was just going to say that I was confused by the approach which is adding more mechanism. I'm not sure why just having a root CA for the federation, doing cross-signing or whatever, wouldn't achieve the same goals while requiring less changes on the endpoints involved.

\n
\n

I asked a similar question on-list. The answer is that this draft is _also_ trying to solve the service discovery problem, as well as allowing for servers to have self-signed certs that get picked up and rolled into the federated thingie.

", "time": "2022-07-26T14:43:21Z"}, {"author": "Jabber", "text": "

sftcd: @ted: did the ise reject this? I didn't hear that

", "time": "2022-07-26T14:43:50Z"}, {"author": "Mike Ounsworth", "text": "

Yoav Nir said:

\n
\n
    \n
  1. Why do we need to do it when there's this: https://en.wikipedia.org/wiki/Fowler\u2013Noll\u2013Vo_hash_function
    2. \n
  2. Why FNV? Why not MurMurHash or xxHash?
    3. \n
\n
\n

Because an RFC is more permanent and authoritative than a wikipedia page?

", "time": "2022-07-26T14:44:03Z"}, {"author": "Benjamin Kaduk", "text": "

Ah, thanks for repeating that, Mike.

", "time": "2022-07-26T14:44:04Z"}, {"author": "Jim Fenton", "text": "

The reference to FNV in RFC 7873 is informative. Does that affect the decision?

", "time": "2022-07-26T14:44:23Z"}, {"author": "Jabber", "text": "

sftcd: yep, GOTO ISE

", "time": "2022-07-26T14:46:16Z"}, {"author": "Sofia Celi", "text": "

omg

", "time": "2022-07-26T14:46:25Z"}, {"author": "Brendan Moran", "text": "

lol @md5

", "time": "2022-07-26T14:46:39Z"}, {"author": "Thom Wiggers", "text": "

the hashfunction that shall not be named

", "time": "2022-07-26T14:46:53Z"}, {"author": "Phillip Hallam-Baker", "text": "

We have to get rid of MD5 in ALL applications because every time it is used, it requires a security audit.

", "time": "2022-07-26T14:47:14Z"}, {"author": "Benjamin Kaduk", "text": "

Why would we avoid saying the name \"md5\"?

", "time": "2022-07-26T14:47:34Z"}, {"author": "Jabber", "text": "

sftcd: I wasn't hearing much support for ad sponsor fwiw, more for iSE

", "time": "2022-07-26T14:47:36Z"}, {"author": "John Preu\u00df Mattsson", "text": "

Benjamin Kaduk said:

\n
\n

Why would we avoid saying the name \"md5\"?

\n
\n

I assume MD5 is the Lord Voldemort of hash functions.....

", "time": "2022-07-26T14:48:38Z"}, {"author": "Jabber", "text": "

sftcd: meta-comment: I don't think this dispatch process is working well this time (2/3 of the outcomes are not how I'd have interpreted the discussion)

", "time": "2022-07-26T14:49:22Z"}, {"author": "Benjamin Kaduk", "text": "

Was the summary for PQ terminology \"new WG or ISE\" or \"new WG or CFRG\"? I thought I saw the latter but heard the former.

", "time": "2022-07-26T14:49:53Z"}, {"author": "Alexey Melnikov", "text": "

+1

", "time": "2022-07-26T14:50:24Z"}, {"author": "Yoav Nir", "text": "

We were opposed to AD-sponsored because it doesn't get enough review. ISE is worse in that regard

", "time": "2022-07-26T14:50:34Z"}, {"author": "Richard Barnes", "text": "

i ran into someone the other day with superuser@gmail.com

", "time": "2022-07-26T14:51:13Z"}, {"author": "Benjamin Kaduk", "text": "

@Richard Barnes do they have god-like powers?

", "time": "2022-07-26T14:51:34Z"}, {"author": "Sofia Celi", "text": "

+1000 to dkg

", "time": "2022-07-26T14:51:46Z"}, {"author": "Jim Fenton", "text": "

'dangerous labels' seems like it would be a growing list

", "time": "2022-07-26T14:51:53Z"}, {"author": "Brendan Moran", "text": "

Maybe it needs an IANA registry ;)

", "time": "2022-07-26T14:52:15Z"}, {"author": "Jim Fenton", "text": "

That occurred to me too, but it would be an unusual use of IANA

", "time": "2022-07-26T14:52:45Z"}, {"author": "Sofia Celi", "text": "

re: pq, I think we are going to do agenda bashing at saag

", "time": "2022-07-26T14:53:00Z"}, {"author": "Brendan Moran", "text": "

Jim Fenton said:

\n
\n

That occurred to me too, but it would be an unusual use of IANA

\n
\n

I mean the names aren't really being \"assigned\" per se... But that being said, it fits with a growing list?

", "time": "2022-07-26T14:54:13Z"}, {"author": "Richard Barnes", "text": "

if only we had mutable RFCs!

", "time": "2022-07-26T14:54:40Z"}, {"author": "Brendan Moran", "text": "

Richard Barnes said:

\n
\n

if only we had mutable RFCs!

\n
\n

Wiki RFC!

", "time": "2022-07-26T14:55:05Z"}, {"author": "Richard Barnes", "text": "

i would settle for versioned RFCs

", "time": "2022-07-26T14:55:15Z"}, {"author": "Roman Danyliw", "text": "

We're going to continue here for SAAG

", "time": "2022-07-26T14:55:35Z"}, {"author": "Rich Salz", "text": "

Richard Barnes said:

\n
\n

i ran into someone the other day with superuser@gmail.com

\n
\n

Benjamin Kaduk said:

\n
\n

Richard Barnes do they have god-like powers?

\n
\n

Well Murray does (did?) work at FB, so ... yes?

", "time": "2022-07-26T14:55:36Z"}, {"author": "Eric Rescorla", "text": "

Could I be a WG chair if I were just 10 years old?

", "time": "2022-07-26T14:55:47Z"}, {"author": "Benjamin Kaduk", "text": "

Doesn't the LLC have to try really hard to not collect information about people under 13?

", "time": "2022-07-26T14:56:10Z"}, {"author": "Jim Fenton", "text": "

Errata harvesting sounds like taking a scythe to errata

", "time": "2022-07-26T14:56:32Z"}, {"author": "Benjamin Kaduk", "text": "

We are talking in the secdispatch stream ... \"these errata need to be 'dispatched'\" :wink:

", "time": "2022-07-26T14:57:01Z"}, {"author": "Wendy Seltzer", "text": "

Do the ADs prescribe shepherding as an aid against insomnia?

", "time": "2022-07-26T14:57:18Z"}, {"author": "Wendy Seltzer", "text": "

but in more seriousness, thank you

", "time": "2022-07-26T14:58:01Z"}, {"author": "Jabber", "text": "

MichaelRichardson: Many chairs try to step down regularly, and fail.

", "time": "2022-07-26T14:58:19Z"}, {"author": "Rich Salz", "text": "

I stepped down from ACME for just that reason.

", "time": "2022-07-26T14:58:21Z"}, {"author": "Rich Salz", "text": "

And i think Deb Cooley has forgiven me by now

", "time": "2022-07-26T14:58:40Z"}, {"author": "Richard Barnes", "text": "

it has been my practice for a while to refuse to co-chair things unless i have a junior co-chair

", "time": "2022-07-26T14:58:46Z"}, {"author": "Richard Barnes", "text": "

there's a side benefit that new folks tend to be willing to do work :)

", "time": "2022-07-26T14:59:03Z"}, {"author": "Richard Barnes", "text": "

shout out to Shivan, who is doing a great job as OHAI co-chair

", "time": "2022-07-26T14:59:45Z"}, {"author": "Benjamin Kaduk", "text": "

LAKE, MLS, OHAI ... great work on the errata front! :wink:

", "time": "2022-07-26T15:00:25Z"}, {"author": "Jabber", "text": "

MichaelRichardson: @Richard, I like your practice.

", "time": "2022-07-26T15:00:38Z"}, {"author": "Jabber", "text": "

sftcd: LAKE errata are easy, us not having any RFCs:-)

", "time": "2022-07-26T15:01:39Z"}, {"author": "Christopher Patton", "text": "

Yeahhh PPM!

", "time": "2022-07-26T15:01:55Z"}, {"author": "Rich Salz", "text": "

Question for the people using jabber: in zulip there are two emoji reactions posted to @Richard Barnes comments. Do you see them? And that I tagged Richard (and got a new notifiation that he's not subscribed to the zulip stream)

", "time": "2022-07-26T15:02:25Z"}, {"author": "Thom Wiggers", "text": "

the tag yes, the emoji reactions (or edits to posts) no

", "time": "2022-07-26T15:02:56Z"}, {"author": "Rich Salz", "text": "

And I just edited my message, do you see that?

", "time": "2022-07-26T15:03:02Z"}, {"author": "Thom Wiggers", "text": "

euh that's in meetecho

", "time": "2022-07-26T15:03:04Z"}, {"author": "Richard Barnes", "text": "

@rich no emoji reactions or edits in MeetEcho

", "time": "2022-07-26T15:03:14Z"}, {"author": "Jabber", "text": "

sftcd: @rich: don't think I see those

", "time": "2022-07-26T15:03:19Z"}, {"author": "Rich Salz", "text": "

So now you folks know some of what you're missing out ;)

", "time": "2022-07-26T15:03:55Z"}, {"author": "Jabber", "text": "

MichaelRichardson: Rich, I see smileys from Richard's message, but I see no responses via xmpp.

", "time": "2022-07-26T15:05:09Z"}, {"author": "Jabber", "text": "

MichaelRichardson: we are out, but not really missing out.

", "time": "2022-07-26T15:05:43Z"}, {"author": "Valery Smyslov", "text": "

There is a mistake in the chairs' slides regarding the status of UTA - the info seems to be copy-pasted from TLS

", "time": "2022-07-26T15:06:43Z"}, {"author": "Jabber", "text": "

sftcd: speaking of which how'd that mimi discussion go yesterday?

", "time": "2022-07-26T15:07:00Z"}, {"author": "Jim Fenton", "text": "

I'd like to know too

", "time": "2022-07-26T15:07:46Z"}, {"author": "Jabber", "text": "

sftcd: I'll ask @mic if anyone wants to tell s

", "time": "2022-07-26T15:08:16Z"}, {"author": "Jabber", "text": "

sftcd: surprised nobody wants to tell us, maybe it's a secret cabal :-)

", "time": "2022-07-26T15:09:03Z"}, {"author": "Richard Barnes", "text": "

nothing really notable tbh

", "time": "2022-07-26T15:09:33Z"}, {"author": "Prachi Jain", "text": "

On the topic of new folks and leadership opportunities, this is my first time co-chairing (TIGRESS) and my experienced co-chair Leif has been extremely supportive and a great mentor. For newcomers, please come forward and take up the challenge. It\u2019s fun and rewarding !!

", "time": "2022-07-26T15:12:10Z"}, {"author": "Shivan Sahib", "text": "

Yeah, shout out to Richard for being a very supportive co-chair :)

", "time": "2022-07-26T15:13:23Z"}, {"author": "Richard Barnes", "text": "

brb filing some errata

", "time": "2022-07-26T15:13:40Z"}, {"author": "Richard Barnes", "text": "

if only we had versioned RFCs, so HFDU wasn't meaningless!

", "time": "2022-07-26T15:13:56Z"}, {"author": "Benjamin Kaduk", "text": "

I hear that aspell is great at finding errata in the RFC corpus.

", "time": "2022-07-26T15:14:14Z"}, {"author": "Sofia Celi", "text": "

Yeah, shoutout to Mallory for helping this newcomer co-chair doing it right ;)

", "time": "2022-07-26T15:15:16Z"}, {"author": "Deb Cooley", "text": "

@ RichSalz - nope, LOL

", "time": "2022-07-26T15:15:25Z"}, {"author": "Dave Thaler", "text": "

FYI the trust anchor configuration draft presented in RATS that I mentioned at the mic earlier is: draft-wallace-rats-concise-ta-stores

", "time": "2022-07-26T15:18:12Z"}, {"author": "Dave Thaler", "text": "

question raised was where to dispatch it since there is likely interest from at least 3 wgs but is more general than any of those three (rats, suit, teep)

", "time": "2022-07-26T15:19:13Z"}, {"author": "Jabber", "text": "

sftcd: +1 to ekr's \"premature\"

", "time": "2022-07-26T15:19:53Z"}, {"author": "Panos Kampanakis", "text": "

we know ssh too ekr, but no one can work on pq kems in ssh as it is right now

", "time": "2022-07-26T15:20:18Z"}, {"author": "Eric Rescorla", "text": "

Why can't people work on PQ KEMs in SSH?

", "time": "2022-07-26T15:21:58Z"}, {"author": "Sofia Celi", "text": "

+1 to Mike

", "time": "2022-07-26T15:22:02Z"}, {"author": "Thomas Hardjono", "text": "

Seems to me that CFRG (albeit an RG) is quite influential in forming ideas and promoting CF related topics outside the IETF. I think having PQC is a very valuable forum for the IETF.

", "time": "2022-07-26T15:22:03Z"}, {"author": "Panos Kampanakis", "text": "

what wg?

", "time": "2022-07-26T15:22:06Z"}, {"author": "Panos Kampanakis", "text": "

@ekr

\n
\n

Why can't people work on PQ KEMs in SSH?
\nThere is no WG.

\n
", "time": "2022-07-26T15:22:39Z"}, {"author": "Eric Rescorla", "text": "

Panos: I'm not averse to creating a maintenance group eventually.

", "time": "2022-07-26T15:23:52Z"}, {"author": "Jabber", "text": "

sftcd: I don't agree with phb that an irtf research group would be appropriate - the problems with integrating pq algs are engineering ones, not research

", "time": "2022-07-26T15:24:42Z"}, {"author": "Phillip Hallam-Baker", "text": "

For many orphaned protocols the correct answer will be 'now is the time you die'.

", "time": "2022-07-26T15:24:50Z"}, {"author": "Jabber", "text": "

sftcd: +1 to mcr: lamps seems to me to be getting ahead of itself in the signature space

", "time": "2022-07-26T15:25:23Z"}, {"author": "Phillip Hallam-Baker", "text": "

@sftcd, Engineering is research if nobody has built it before.

", "time": "2022-07-26T15:25:39Z"}, {"author": "Andrew Campling", "text": "

+1 to sftcd.

", "time": "2022-07-26T15:25:42Z"}, {"author": "Panos Kampanakis", "text": "

You said it is premature. it is not premature for TLS, IPSECME, X509, but it is for SSH? I guess my argument is that SSH is a common protocol that needs uplift as well and we can't standardize PQ-hybrid in it bc there is no WG.

", "time": "2022-07-26T15:25:47Z"}, {"author": "Jabber", "text": "

sftcd: @panos: write a draft!

", "time": "2022-07-26T15:26:29Z"}, {"author": "Carsten Bormann", "text": "

Revive LTANS

", "time": "2022-07-26T15:26:33Z"}, {"author": "Thom Wiggers", "text": "

(bit of context: OpenSSH has made NTRUPrime the default in version 8.9, so some SSH stuff is happening in the background)

", "time": "2022-07-26T15:26:34Z"}, {"author": "Panos Kampanakis", "text": "

i got a draft, it is sitting in github and i am the only one complying with it! ;)

", "time": "2022-07-26T15:26:53Z"}, {"author": "Phillip Hallam-Baker", "text": "

I wasn't saying we should wait about.

", "time": "2022-07-26T15:27:43Z"}, {"author": "Panos Kampanakis", "text": "

@(bit of context: OpenSSH has made NTRUPrime the default in version 8.9, so some SSH stuff is happening in the background)

\n

That leads to 10 different implementations. Openssh its own, OQS OpenSSH its own, I got my own too. Great!

", "time": "2022-07-26T15:27:54Z"}, {"author": "Phillip Hallam-Baker", "text": "

I have noticed a long history of people demanding fast fast fast and ending up with slow as a result.

", "time": "2022-07-26T15:28:17Z"}, {"author": "Massimiliano Pala", "text": "

I agree with Scott - this is a huge tasks for the Industry (outside the browser's environments as noted by Michael). We need to move forward with securing data at rest, signatures, and encryption. We have the issue of education for engineers to better understand the new algorithms - IMHO it is not too early today.

", "time": "2022-07-26T15:28:25Z"}, {"author": "Andrew Campling", "text": "

+1 to Scott starting now / soon on pq rather than waiting until it is too late. A Bof at 115 seems like a reasonable start

", "time": "2022-07-26T15:28:48Z"}, {"author": "Jabber", "text": "

sftcd: +1 to paul H

", "time": "2022-07-26T15:29:18Z"}, {"author": "Massimiliano Pala", "text": "

Just keep in mind that quantum is the current threat, but it might not be the only one. Practical Algorithm Agility is the elephant in the room here, IMHO.

", "time": "2022-07-26T15:29:23Z"}, {"author": "Henk Birkholz", "text": "

+1 Paul

", "time": "2022-07-26T15:29:32Z"}, {"author": "Thomas Hardjono", "text": "

Paul: +1. Need to start now

", "time": "2022-07-26T15:29:53Z"}, {"author": "Jabber", "text": "

sftcd: on the pq signature/PKI stuff - I'd expect either that x.509 libraries don't get updated for pq, or they do, and end up full of new exciting bugs (at least with what I think is currently planned)

", "time": "2022-07-26T15:30:12Z"}, {"author": "Christian Veenman", "text": "

Sofia 1

", "time": "2022-07-26T15:30:13Z"}, {"author": "Eric Rescorla", "text": "

Of course this also applies to all the traffic we have been sending for the past 20 years

", "time": "2022-07-26T15:30:14Z"}, {"author": "Christian Veenman", "text": "

+1*

", "time": "2022-07-26T15:30:18Z"}, {"author": "Christopher Patton", "text": "

+f1 Sofi

", "time": "2022-07-26T15:30:24Z"}, {"author": "Henk Birkholz", "text": "

Dilithium/Falcon/Sphinx will take a tad bit more time it seems.

", "time": "2022-07-26T15:30:36Z"}, {"author": "Tero Kivinen", "text": "

Thats why it is so important to start from key exchange protocols, not from signatures....

", "time": "2022-07-26T15:31:02Z"}, {"author": "Thom Wiggers", "text": "

I don't interpret the NIST report as NIST has completely punted PQC signatures. The way the on-ramp is written basically only invites UOV (they want _mature_ schemes with small signatures and fast verification). UOV has 400k public keys; way less practical than Dilithium/Falcon.

", "time": "2022-07-26T15:31:28Z"}, {"author": "Phillip Hallam-Baker", "text": "

@Tero Kivinen But I will need a way to deploy new secure applications, a way to maintain trust relationships.

", "time": "2022-07-26T15:32:21Z"}, {"author": "Mike Ounsworth", "text": "

\"Why now?\" --> because people need to mint 20 year root CAs and ship them off in a device that you'll never touch again.
\n--> because people need to encrypt data now and stick it in cold storage, hopefully to remain confidential for 20+ years

\n

If we wait until QCs are here, then it's too late.

", "time": "2022-07-26T15:32:42Z"}, {"author": "Jabber", "text": "

sftcd: fwiw, I disagree with the speaker that sigs/certs are needed now (I don't doubt they're being asked for/about that)

", "time": "2022-07-26T15:33:33Z"}, {"author": "Massimiliano Pala", "text": "

It is to be noted that there are already commercial and open-source implementations for Composite Crypto (Hybrid) and Open-Source solutions. There is a very vivid demand from many environments. In our case, we need to start planning for the next 20 years and we need the tools to do so.

", "time": "2022-07-26T15:33:53Z"}, {"author": "Richard Barnes", "text": "

this is why i don't have children

", "time": "2022-07-26T15:34:41Z"}, {"author": "Thom Wiggers", "text": "

I myself hope to live for another 50 years or so :p

", "time": "2022-07-26T15:35:03Z"}, {"author": "Tero Kivinen", "text": "

Phillip Hallam-Baker said:

\n
\n

Tero Kivinen But I will need a way to deploy new secure applications, a way to maintain trust relationships.

\n
\n

True, but not sure we have proper ways of doing that yet, but we do have methods of solving the decrypting the data we transmitted years ago by updating the key exchange methods now.

", "time": "2022-07-26T15:35:30Z"}, {"author": "Jabber", "text": "

Yoshiro Yoneya: +1 to Russ

", "time": "2022-07-26T15:35:36Z"}, {"author": "Jabber", "text": "

sftcd: we don't (and won't) have any crypto that can protect genetic information that'll still be sensitive in 100+ years so I'm less convinced by that kind of argument

", "time": "2022-07-26T15:35:39Z"}, {"author": "Sofia Celi", "text": "

yes, there will be a second call for proposals for signatures. But, in the NIST process there has been a lack of data on what protocols need from sizes and times, so we can provide those points

", "time": "2022-07-26T15:36:00Z"}, {"author": "Christopher Patton", "text": "

+1 EKR

", "time": "2022-07-26T15:36:34Z"}, {"author": "Jonathan Hammell", "text": "

What about doing a poll?

", "time": "2022-07-26T15:37:15Z"}, {"author": "Phillip Hallam-Baker", "text": "

Sofia Celi said:

\n
\n

yes, there will be a second call for proposals for signatures. But, in the NIST process there has been a lack of data on what protocols need from sizes and times, so we can provide those points

\n
\n

Many applications of signatures can be addressed using hash chain approaches. So it is not quite such a big concern. We can use Lamport sigs even...
\nSo key exchange is the near term priority.

", "time": "2022-07-26T15:37:38Z"}, {"author": "Sofia Celi", "text": "

yes, key exchange should be the priority. But authentication will be soo slow to migrate. I don't image CA migrating anytime soon

", "time": "2022-07-26T15:38:18Z"}]