**Session Date/Time:** 08 Nov 2024 09:30

# saag

## Summary
The Security Area Advisory Group (SAAG) meeting covered working group updates, AD sponsor drafts, errata processing, sector reviewer statistics, a presentation on EU funding for internet projects (NGI), and a discussion on current cryptographic practices in the IETF.  A key discussion revolved around the balance between code point assignment and RFC publication for new cryptographic algorithms, and the role of the CFRG in providing guidance.

## Key Discussion Points

*   **Working Group Updates:** SSH Maintenance chartered, GNAP closed, MLS, LAKE, and EMU rechartered, LAMPS rechartering in process.  Need for new SSH Maintenance chair.
*   **NIST Post-Quantum Algorithm Approval:** Groups working with post-quantum algorithms should monitor NIST mailing lists for clarifications and potential surprises in NIST specifications.
*   **Whimsy Update:**  Focusing on the concept of trust domains in multi-system environments.
*   **IANA Root Key Rollover:** The root key for DNSSEC is rolling on January 11th, with a new key every three years.
*   **All Dispatch Feedback:**  Process needs improvement, consider sorting proposals based on likelihood of becoming working groups.
*   **Errata Processing:** Need more help from the community.
*   **Sector Reviewers:** Statistics provided. Reviews improve draft quality.
*   **NGI (Next Generation Internet) EU Funding:** Small grants available for open source internet-related projects. Easy application process.
*   **Cryptography Practices in IETF:**
    *   Documenting informal processes around crypto algorithms to prevent past mistakes.
    *   Balancing code point assignment with RFC publication for new algorithms.
    *   Role of CFRG in providing guidance versus working group independence in implementing cryptographic solutions.
    *   Need for description, not standardization, of security practices.
    *   Impact of using IETF registries versus external sources such as NIST FIPS.

## Decisions and Action Items

*   SAAG chairs to take feedback on all dispatch process back to all dispatch chairs.
*   Send a summary of NASA site meeting to the Seglist.
*   Working group chairs to review RFCs for cryptographic algorithm references and document the policies used for registries and algorithm inclusion and send to seg.
*   Produce a new draft version of the "Cryptography Practices in IETF" document incorporating feedback from the meeting and the mailing list.

## Next Steps

*   Continue discussion on the "Cryptography Practices in IETF" document on the mailing list.
*   SAAG to consider how to help working groups to produce descriptions of current registration policies.