Automatic IETF Minutes

Markdown Version | Session Recording

Session Date/Time: 22 Mar 2024 03:00

# saag

## Summary

The Security Area Advisory Group (SAAG) meeting covered a range of topics, including a farewell to outgoing Security AD Roman, welcome to incoming Security AD Deb, working group updates, discussions on post-quantum cryptography (PQC) deployment, and errata processing. A key discussion revolved around the consistency of PQC practices across the IETF, specifically regarding hybrid vs. pure PQC algorithms. The meeting also highlighted the need for improvements in the errata process.

## Key Discussion Points

*   **Working Group Chair Transitions:**  The group discussed the qualities of good working group chairs, emphasizing a balance of domain expertise, IETF process knowledge, and motivation.  The importance of ADs intervening early when chair issues arise was stressed. Potential conflicts of interest for chairs who are also major document authors were noted.
*   **Errata Processing:**  Significant dissatisfaction with the current errata process was expressed.  Pain points include difficulty finding errata, cumbersome workflow, lack of diffs, and inadequate tooling. The need for a flowchart of events happening during errata processing was mentioned.
*   **Post-Quantum Cryptography (PQC) Deployment:**
    *   A presentation highlighted the need for consistent practices regarding PQC deployment across different IETF protocols (TLS, SSH, LAMPS, etc.).
    *   The discussion centered around whether to standardize both hybrid and pure PQC algorithms, or only hybrid initially.
    *   Concerns were raised about the feasibility of some protocols transitioning to hybrid algorithms before migrating to pure PQC, as some users may not be able to make two transitions.
    *   The specific key schedule in TLS 1.3 allows the application of hybrid combiners which is not possible for other protocols.
    *   There was a general consensus against "a la carte" combiners that would allow mixing and matching any classic and PQC algorithms. Specific, well-vetted hybrid algorithms were preferred.
    *   The need for long-lived signatures and regulatory discovery requirements was also discussed, with some participants advocating for an option to implement post-quantum only signatures.
*   **Radius and MD5:**  A reminder that Radius deployments still rely on MD5, which is insecure, and that continued reliance on MD5 will lead to issues.

## Decisions and Action Items

*   **Action Item:** Paul to add a link or information about the errata process to the SAAG slides for future meetings.
*   **Decision:** The discussion about PQC deployment consistency will continue in the Pequip working group.
*   **Action Item:** The SAAG will find two or three volunteers to provide extra reviews for the RADIUS TLS PSK document. Sean and Hans volunteered.

## Next Steps

*   ADs Deb and Paul to collaborate and discuss what to do with a document from Donald being used outside the IETF.
*   IETF leadership will consider the issue of errata processing at the next ISG retreat.
*   Pequip will have a presentation for using Hybrids in HTTP and HPKE.