**Session Date/Time:** 29 Mar 2023 00:30 # lamps ## Summary The lamps working group meeting covered a wide range of topics, including updates on documents in the RFC Editor queue, discussions on PKIX-related and S/MIME-related documents, and considerations for adopting new documents. Key discussions revolved around key encapsulation mechanisms (KEM), certificate management, hybrid cryptography, and algorithm agility. Several proposals for working group last call were made. ## Key Discussion Points * **Lightweight Algorithms (C, CP updates, TP profiles):** Awaiting publication in the RFC Editor queue. * **4210bis (PKIX CMP Updates):** Discussed adding KEM support, focusing on the trade-offs between using HPKE versus plain KEM. Seeking feedback on the proposed approach. * **Certificates (Sean Turner):** Discussion of no wrapper for public key. Question raised about Q Keys compatibility. * **Multi-Domain Certificates:** Open questions regarding binary time vs. date time, hashing the entire certificate in the CSR, and general language of certificates. * **Header Protection for Crypto Gravity Protected Email:** Discussion about default Header Confidentiality policy. * The draft is S/MIME specific and will work for PGP mine. * Request to move to working group last call. * **Email Guidance:** Discussion about Bcc handling, proxy implementation concerns, and potential for misref (missing reference). Aims for stable document and shrink down. * **Certification Authority Authorization Processing for Email Addresses:** Presented draft for property tags for email addresses. Some discussion on the naming of the property tags. * **CMS KEM:** Latest updates focus on algorithm information within KEM. It should have consistent cipher suites with P printer. Null alg for k. * **KEM Recipient Info:** Newly adopted draft using KEM with CMS; already in use by multiple drafts. Request to have a working group last call. * **Composite Keys:** Overview of explicit and generic key pairs for signatures and KEM. Included discussions on pre-hashing and algorithm replication for CRLs/OCSP. Concern about "generic" combinations creating "rake factory" of crypto. * **CMS Algorithm Protection:** Back porting the k recipient. Question raised about which encryption is going to be used. * **Purpose of Entity Certificates:** Discussion of defining key identifiers for certificate usage in service-based architectures. ## Decisions and Action Items * **4210bis:** Authors to take discussion of KEM approaches to the mailing list. * **Header Protection for Crypto Gravity Protected Email:** Add language about a registration. * **Composite Keys:** Remove generic from draft to get feedback on the mailing list. * **Composite Keys:** Start a thread about removing generic. ## Next Steps * **Lightweight Algorithms:** Await publication. * **4210bis:** Continue discussion on the mailing list. * **Header Protection for Crypto Gravity Protected Email:** Start working group last call in the next week. * **Email Guidance:** Revise document based on discussion and aim for working group last call by next IETF meeting. * **Certification Authority Authorization Processing for Email Addresses:** Consider working group last call soon. * **KEM Recipient Info:** Add examples, also add the base64 blog. * **Composite Keys:** Authors to update drafts based on feedback and address outstanding design questions. * **CMS Algorithm Protection:** Address all comments before the adoption. * **Purpose of Entity Certificates:** Update document to use first approach key, call for his option.