Markdown Version | Session Recording

Session Date/Time: 08 Nov 2024 09:30

saag

Summary

The Security Area Advisory Group (SAAG) meeting covered working group updates, AD sponsor drafts, errata processing, sector reviewer statistics, a presentation on EU funding for internet projects (NGI), and a discussion on current cryptographic practices in the IETF. A key discussion revolved around the balance between code point assignment and RFC publication for new cryptographic algorithms, and the role of the CFRG in providing guidance.

Key Discussion Points

• Working Group Updates: SSH Maintenance chartered, GNAP closed, MLS, LAKE, and EMU rechartered, LAMPS rechartering in process. Need for new SSH Maintenance chair.
• NIST Post-Quantum Algorithm Approval: Groups working with post-quantum algorithms should monitor NIST mailing lists for clarifications and potential surprises in NIST specifications.
• Whimsy Update: Focusing on the concept of trust domains in multi-system environments.
• IANA Root Key Rollover: The root key for DNSSEC is rolling on January 11th, with a new key every three years.
• All Dispatch Feedback: Process needs improvement, consider sorting proposals based on likelihood of becoming working groups.
• Errata Processing: Need more help from the community.
• Sector Reviewers: Statistics provided. Reviews improve draft quality.
• NGI (Next Generation Internet) EU Funding: Small grants available for open source internet-related projects. Easy application process.
• Cryptography Practices in IETF:
  • Documenting informal processes around crypto algorithms to prevent past mistakes.
  • Balancing code point assignment with RFC publication for new algorithms.
  • Role of CFRG in providing guidance versus working group independence in implementing cryptographic solutions.
  • Need for description, not standardization, of security practices.
  • Impact of using IETF registries versus external sources such as NIST FIPS.

Decisions and Action Items

• SAAG chairs to take feedback on all dispatch process back to all dispatch chairs.
• Send a summary of NASA site meeting to the Seglist.
• Working group chairs to review RFCs for cryptographic algorithm references and document the policies used for registries and algorithm inclusion and send to seg.
• Produce a new draft version of the "Cryptography Practices in IETF" document incorporating feedback from the meeting and the mailing list.

Next Steps

• Continue discussion on the "Cryptography Practices in IETF" document on the mailing list.
• SAAG to consider how to help working groups to produce descriptions of current registration policies.