Automatic IETF Minutes

Markdown Version | Session Recording

Session Date/Time: 30 Mar 2023 07:30

# SAAG Meeting Minutes - IETF 116

## Summary

The SAAG meeting at IETF 116 covered area updates, including new working groups, security area working group key transparency, and document shepherd opportunities. A presentation from Sofia Ceppi on real-world crypto (RWC) 2023 highlighted key takeaways relevant to the IETF. An open mic session addressed the challenge of applying formal analysis to IETF protocols at scale.

## Key Discussion Points

*   **Area Updates:** Four new/reopened working groups: satp, pwip, jose, and rad. Key Transparency BoF concluded with consensus on the problem statement and the need for IETF work in this area.
*   **Security Community Engagement:** The importance of community volunteers for working group chairs, document shepherds, and potential ADs.
*   **RWC 2023 Summary (Sofia Ceppi):**
    *   Quantum crypto migration: gradual, real-world data needed for benchmarking, moving parameters from stack to the heat.
    *   TLS implementation vulnerabilities: automated testing tools are crucial.
    *   Security analysis of protocols like CoAP and MEGA: important to think of end-to-end encryption even on cloud storage and backups
    *   End-user crypto design: Need for user studies to understand user requirements for crypto.
    *   Concerns over security of protocol implementations and secure libraries.
*   **Formal Analysis of IETF Protocols (Open Mic):**
    *   Challenge of applying formal analysis at scale, especially for protocols with limited community attention.
    *   Concerns that requiring formal analysis might provide a false sense of security and may ask the wrong questions.
    *   Emphasis on formal analysis as a complementary tool, alongside testing and experimentation.
    *   Lack of formal analysis expertise.

## Decisions and Action Items

*   **Key Transparency:** A charter for key transparency will be drafted and discussed on the keytrans@ietf.org mailing list.
*   **Sec Dispatch:** Encouraged authors to use the sec-dispatch list for questions related to security considerations in documents.
*   **Usable Formal Methods Research Group:** Educate the community with workshops and share knowledge to better inform decision-making around the usage of formal methods.

## Next Steps

*   SAAG chairs will coordinate with the IAB and Kathleen Moriarty on potential virtual interims if warranted by demonstrated mailing list interest in a topic.
*   The Usable Formal Methods Research Group will continue exploring ways to make formal analysis tools more accessible and useful to the IETF community.
*   The community will continue to assess the role of formal analysis in protocol development, recognizing its value as a complementary tool.