**Session Date/Time:** 23 Jul 2025 12:30

# keytrans

## Summary

This meeting of the keytrans working group at IETF 123 covered updates on key transparency (KT) implementations, proposed changes to the architecture and protocol documents, a verification effort update, and a discussion of future directions. Key topics included the implementation of auditors, modifications to the architecture to accommodate real-world KT usage, the definition of third-party auditing and management in the protocol, and the definition of cipher suites. The group discussed the stability of the drafts and the need for more reviews.

## Key Discussion Points

*   **KT Implementations:**
    *   Cloudflare has implemented an auditor in TypeScript, complementing Signal's Java implementation. A desire for a full KT implementation in a single language was expressed.
    *   Signal's KT server is now open-source.
    *   Brendan is planning a fresh implementation based on the latest protocol draft.
*   **Architecture Document Changes:**
    *   Relaxed the definition of user ownership of labels to accommodate service-driven updates to KT. Users are now considered owners if they initiate changes or are informed of changes.
    *   Updates to contact monitoring include the addition of timestamps to log leaves, which allows users to check consistency at any time.
    *   Third-party auditors are now permitted to start auditing at any point in the log.
*   **Protocol Document Changes:**
    *   Defined how third-party auditing works, including the use of auditor update structures with timestamps and prefix tree information.
    *   Defined how third-party management works, where the service operator signs update requests before they are processed by the manager.
    *   Defined two cipher suites, both at the 128-bit security level.
*   **Verification Efforts:**
    *   Verification efforts found no security issues but identified minor quirks that were addressed in the draft.
*   **Future Updates:**
    *   Brendan plans to add an explicit update operation to the protocol document.
    *   Consider adding advisory text to the architecture document on contact monitoring and quantifying the security impacts of maintaining state.
*   **Review Request:**
    *   Brendan requested more reviews of both the architecture and protocol documents.

## Decisions and Action Items

*   **Action Item:** Encourage Signal to bring changes they had to make to the early IETF KT Draft to the IETF.
*   **Action Item:** Community to review the current KT Architecture and Protocol drafts and provide feedback, particularly for those looking for something to do.

## Next Steps

*   Brendan will continue to work on the protocol document, adding an explicit update operation and addressing minor tweaks.
*   Brendan will provide advisory text to the architecture document on contact monitoring.
*   Working group members are encouraged to review the architecture and protocol documents.
*   Aim to get folks deploying the implementations to offer feedback.