PQUIP WG
IETF 124, Montréal
Thursday November 6, 2025
Session III, 1430-1630
Paul Hoffman and Sofia Celi, co-chairs

These minutes only cover what was said at the mic lines, not the slides themselves
Materials are at https://datatracker.ietf.org/meeting/124/session/pquip/

Hash-based Signatures: State and Backup Management, Thom Wiggers
	https://datatracker.ietf.org/doc/draft-ietf-pquip-hbs-state/
	https://datatracker.ietf.org/doc/slides-124-pquip-stateful-hash-based-signatures-backup-and-state-management-update/
	Paul: Are you waiting on anything to finish the draft?
	Thom: No
	Paul: Maybe start WG Last Call soon to see if anything shakes out
	Deirdre Connolly: Trusts you on NIST's paring down on ciphersuites, supports WG Last Call
	Thom: More to do on this topic (see slide 4 for "scoping")

Adapting Constrained Devices for Post-Quantum Cryptography, Dan Wing
	https://datatracker.ietf.org/doc/draft-ietf-pquip-pqc-hsm-constrained/
	https://datatracker.ietf.org/doc/slides-124-pquip-adapting-constrained-devices-for-post-quantum-cryptography-draft-ietf-pquip-pqc-hsm-constrained/
	Dan: Not sure when to go to WG Last Call, depends on NIST finishing their part
	Thom: It is worth waiting for FN-DSA
		There have been drafts circulating from the Falcon authors
		Waiting for this is worth it
		Dan: Schedule was for November, and we're still in November
			Could be soon after they get back to work
	Paul: Please read and comment before WG Last Call
	Philippe Bergeon: Do we know what's being done in the UEFI Forum?
		Dan: Has not been tracking it


ETSI and Quantum Safe Cryptography (QSC), Matthew Campagna
	https://datatracker.ietf.org/doc/slides-124-pquip-pquip-etsi-campagna/
	(No mic line)

Post-Quantum Algorithms guidance, Lucas Prabel	
	https://datatracker.ietf.org/doc/draft-prabel-pquip-pqc-guidance/
	https://datatracker.ietf.org/doc/slides-124-pquip-post-quantum-algorithms-guidance/
	Mike Ounsworth: Important to keep the draft neutral
		If this becomes a policy document, it will be the biggest bikeshed ever
		Lucas: Agrees to change the title of the doc
	Tony Li: Seeking guidance from the Routing Area
		Cramming PQC into routing authentication
		Have hashes in fields that are too small
		Can we truncate the hash?
		Paul: The question of truncating hashes is for CFRG or SAAG

Drafts on how to migrate to PQC
	Rich Salz: We should not get involved with this at all
		There are too many factors and competing features
		Won't get consensus on hybrid vs. composite let alone which algorithms to use in each
		If we do something, it will be so vague as to be useless
		Even if it is not useless, readers would be getting guidance or requirements from governments or commerical organizations
		Nothing useful we can do
	Mike: +1 to Rich
		Can't get consensus on any of this
		Would create a bikeshed factory
	Kris Kwiatkowski: Author of one of those drafts
		If there is something useful to say, it has to be protocol-agnostic
		Miight give guidance to not go too many steps in a transition
		Paul: We should just being doing numbers vs. guidance for steps
	Richard Barnes: +1 to Rick and Mike
		Another draft was discussed in DISPATCH similar to these, and there was no agreement what to do
		This list of drafts is helpful because it shows that this guidance isn't needed
	Tim Hollebeek: Anther +1 to not doing this
		Woud cause confusion and slow things down
	Flow Driscoll: Maybe have guidance later when we have seen specific tranisitions
		In different industries the migration will look different and technical challenges might arise from that
		Some of those might be relevant to the IETF
	Eric Rescorla: Don't do this
		This shows the WG has entered the part of the lifecycle where it is looking for things to do
		Always be closing
	David Adrian: +1 to those before
		What tangibly would anyone do different if they see or don't see this document?
		If we can't specify that, it's not worth doing
	Nalini Elkins: Doesn't know what can be done where
		Probably something needs to be done somewhere
		There's a lot of confusion out there about government mandates
		It would be nice to have something
		Saying "do a cryptographic inventory" is not clear
		Doesn't knwo what can be done
		It would be really nice for us to possibly do is to say what might be a reasonable mandate
			Even though that's way out of scope
		There are a lot of people who are very confused, and a lot of really bad advice is going out
	Paul: I don't think we should even take this to the mailing list
	Sofia: Agrees
	Paul: Someone (not us) might keep a list of guidance drafts
	Rich: Need to take actionable things to the list
		Paul: What did we say that was actionable?
		Rich: Said that we would shut them down
		Paul: Didn't mean that, meant that we do not engage
		Rich: Should we change our charter to do this?
		Paul: No
		Rich: Should tell the list this decision
	Mike: Could we start a rechartering to scope ourselves down
		Paul: Would want to hear what the AD wants