CURDLE
 
Document Status:
CMS / Kerberos to IESG
PKIX needs work
SSH one in last call.
RC4-die-die-die awaiting adoption
 
Draft to consider is the SSH key exchange
Diffie Hellman NIST P256 / When 25519 is deployed everywhere, can change.
Keep as should not Should- until 25519 is deployed everywhere.
EKR: Also puzzled by NIST curves. Fine to say NIST unloved. 
Deprecating not justified technically
Deb Cooley NSA: Diffie hellman group choices in the drafts are inconsistent. 
Martin: Choices are the ones with normative language attached,
the others merely exist.
EKR: Reason for SHA512 over 256 is risk of Grovers algorithm collisions.
Would be good if IETF said our theory on Quantum Crypto is X. 
Tero: The normative language listed on slides is only for SHOULD-
and above, anything else is MAY
PHB: Quantum Crypto is for IRTF
EKR: We should have an agreement on 256 bits being good enough for
indefinite future.
Martin Thompson: 256 bits for now, may change in future.
Tero: Don’t go from Must to Must Not, better Must to Should Not.
Problematic because it breaks backwards compatibility. 
Rich Salz: Is consensus P256 OK
Deb: ecdh-sha2-nistp256 should not be Should- should be at least a SHOULD
EKR: just swap plus and minus on ecdh-sha2-nistp256 ecdh-sha2-nistp384
Deb: Just get rid of plus and minus.
 
Charter discussion
 
Table of work. 
Are we done?
Kerberos missing Ed25519
Deb: Shouldn’t that be done in kitten
Anon: Kitten should be run over. Chair said please do in Curdle.
Martin Thompson: Jose fine, some interest in Web Crypto X25519 and X448. 
No reason we can’t do it. Interfaces with W3C Web crypto.
[Search for a volunteer]
Yoav: SSH Chacha Poly already exists in code.
PHB: May have JOSE code.