- Thursday 4th November 2025, 1630-1800 UTC
- https://meetings.conf.meetecho.com/ietf123/?session=34215
- Job Snijders
- Stephen Farrell
- Tero
- Rifaat
- Administrivia (chairs)
- RFC editor queue
- draft-ietf-sshm-ntruprime-ssh-06
- IETF Last Call
- draft-ietf-sshm-ssh-agent-10
- Working Group Last Call
- draft-ietf-sshm-mlkem-hybrid-kex-03
- WG documents
- draft-ietf-sshm-chacha20-poly1305-02
- draft-ietf-sshm-strict-kex-00
- Drafts aiming to document existing deployment:
- draft-spaghetti-sshm-filexfer-00
- draft-miller-ssh-cert-05
- draft-miller-sshm-aes-gcm-00
- draft-josefsson-sshsig-format-00
- Other related drafts (alphabetically)
- draft-becker-cnsa2-ssh-profile-02
- draft-gutmann-ssh-preauth-04
- draft-harrison-sshm-mlkem-00
- draft-josefsson-ssh-ed25519mldsa65-01
- draft-josefsson-ssh-frodokem-00
- draft-josefsson-ssh-mceliece-02
- draft-josefsson-ssh-sphincs-01
- draft-miller-sshm-hostkey-update-02
- draft-rpe-ssh-mldsa-02
- draft-sfluhrer-ssh-mldsa-04
- draft-sun-ssh-composite-sigs-01
- AOB (as time permits)
No presentations.
Will go throught the drafts and give an update on the latest.
SSH Agent Protocol in IETF Last Call - the authors addressed the
provided comments.
SSH ntruprime in the RFC Editor Queue
sshm-mlkem-hybrid - The consensus seems to be that the document should
be informational.
Deb: There was reqeuest to change KEM combiner.
Stephen: Panos had said no need.
Deb: I see no problem leaving it as it is, and make it informational.
Authors are not aware of any outstanding issues, and the document is
ready to go for WGLC.
Chairs will start a WGLC soon.
Deb: Issue working group last call through the datatracker, you should
be able to change message, and length
Tero: I think those changes are still in testing, so they might not be
there yet.
Deb: You can still change length, right?
Tero: Yes, you can say how long the intended length of the status is
going to be.
Tero: Anyways, before starting WGLC, verify what is the current state of
the datatracker status for it.
There is a potential for some attack.
Deb: You have message from IANA for this draft too.
Damien: I do?
Deb: Check it out.
Stephen: It is not much, I have it here
Damien: Found it now.
Stephen: SHOULD vs MUST decision will come out from the text changes
anyways.
Damian will do some edits in a week or two.
4 people read the draft.
Damien: No updates for this
Stephen: Do you want us to make calls for adoptions.
Damien: Yes.
Damien: Haven't received that much comment on these either, did receive
something few ietf back.
Stephen: And WG adoption for this too.
The author is not in the room.
Bob - Proof of work - interesting idea
Not part of current charter, this is not documenting existing protocol,
this is new work.
Tero - no progress on the v6 stuff.
Chairs: do we want to do two documents or one.
Tero: There are two versions of filexfer, V3, and V6, the V6 is mostly
just extensions for V3, so having two documents will duplicate lots of
text between then, and may cause issues when they conflict.
Tero: It would be better to have only one document and then have
sections for V3 and V6.
Stephen: Tero, can we get this V6 document soon?
Tero: The reason I did not do anything was because I completely forgot
it after the last meeting. So if chairs will send me reminder, I will do
it next month.
All of these are for new work, not documenting existing protocols, so
they are not really in our charter yet.
Damien: There is some interest to do something with this one.
Deirdre: support adoption
Scott: LAMPS making some progress on the composite signatures.
Deb: LAMPS I am holding the composite draft now. For SSH points of view.
You use signatures for authentication mostly, right?
Damien: Server authentication, user authentication. There might be
something like git signatures.
Deb: If it would be just authentication then it would be simple.
Deb: I struggle whether to use hybrid or pure. If is just authentication
we can wait.
DKG: Do we know if the git signature is domain-separated from the
authentication handshake?
Damien: They are domain separated.
Question: Should we look at signatures in the new year to see if there
is a broad implementer interest?
14 Yes
0 No
4 No opinion
Stephen: Chairs will start discussion about signatures after new year.
Rebecca: This will go to the ISE.
Elliot: I would really like to get reviews for this document.
Scott: The difference between the above is code points