Meetingminutes Minutes21022018

February 21, 2018 Meeting Minutes - DRAFT

Meeting commenced 1:00 PM PST

• Roll call (Tony) - quorum achieved.

Proposed agenda

• Roll call
• Review / approval of the agenda
• Review of previous meeting minutes (February 7, 2018)
• V3.0 Items (Other business to be covered in the following meetings)
  • • Review Spec V3 from Chris Z
    • Review Mechanisms V3 form Chris Z
    • Planning for review/complete
• Proposal - Salsa20 & CHaCHa20 - Stef M
• Proposal - Blake2b - Stef M
• Proposal - X3DH & DoubleRatchet - Stef M
• Proposal - XEDDSA signateur mechanism - Stef M
• Revisit Function names
• Comment on comments list (Girish Kumar, CKA_TRUSTED). (Tony C) (https://lists.oasis-open.org/archives/pkcs11-comment/201709/msg00000.html)
• Comments list query (Timo Teras, ETSI TS 103 097 certificates)
• Letter to NIST regarding AES GCM IV generation (Tony)
• PKCS#11 Repository (Tony C)
• PKCS#11 F2F Meeting (April 2018)
• New business
• Next meeting
• Call for late arrivals
• Adjourn

Motion to approve Agenda

• Tim moved, Gerry seconded. No objections, comments or abstentions. Agenda approved.

Motion to approve meeting minutes

• February 07, 2018
• Daniel moved. Greg seconded. No objections, comments or abstentions. Minutes approved.

v3.0 Items

Review Spec V3 from Chris Z, Review Mechanisms V3 form Chris Z

• Chris is traveling, will reply to comments when he returns.

Planing for review/complete

• no comments today.

Proposal - Salsa20 & CHaCHa20 - Stef M

• Bob did not have a chance to get his comments in, yet, due to travel. Will be getting to these this week.
• Stef: got comments from Darren, they were excellent and he will do an updated push after the meeting. should set the names differently, and about CKA_CHECK_VALUE - some kind of secret key check, but I don't know anything about this, will seek additional information and do the update. if anyone has any comments around here or more knowledge, please share to save another round of review. Big thanks to Darren for doing a very thorough review. Tony queried if there were any preferences on how to do this, Bob said no strong preferences unless we need to line up with another protocol. Tim notes it's defined in PKCS#11, and there are similar things elsewhere, but not sure we need to line up.
• Tim recommends sticking with the first 3 bytes of SHA1, as defined elsewhere.
• Darren had asked if we should use a larger digest, but not sure that's a true risk.
• Tony: it's a parity check, so length of hash is not relevant.

Proposal - Blake2b - Stef M.

• Stef: got good comments here from Darren, too. Had #defines that were not being used, proposed they be deleted from the header.

Proposal - XEDDSA signateur mechanism - Stef M

• Stef: Talked to Trevor, author of the signal protocol, sent him an email, but wanted to make a mroe formal reply before it was shared with TC. In effect he wants to rewrite XEDDSA to line up with RFC8022 in second half of this year. He did share some thoughts on this to the modern crypto alias, and Stef will share the link. There will probably be a new RFC. This may be a moving target.
• Tony: we could take a risk and try to lead the market here, but we may diverge. If we wait, we'll get behind. ANy thoughts? None heard, let's keep a watchful eye on this. Bob did have a comment - a question: is this holding you up from implementing something? Or would it be better to wait? Stef does have an implementation, obviously using non standard interface. What are the other big vendors doing? Are they going to stick with current or move forward or something else?
• Bob: Is it better to be done and less than perfect? or wait? Stef: it's a nice thing to have, but only powerful with other 2 parts of signal protocol. It might be okay to wait.
• Tim summarized - there are implementations out there using current mechanism, so we should include now (if we can), and update when the mechanism is updated.
• Tony agrees we should keep getting eyes on it, and keep pushing forward if that is the desire of the group. Keeping in mind we are behind schedule on 3.0 release.

Proposal - X3DH & DoubleRatchet - Stef M

• no additional comments, except by Trevor (author of signal) who said we could do this with existing primitives (with Darren's proposal). This would be a "Convenience" function.
• TOny: Please do continue to review and provide feedback.

Revisit Function names - Tony

• Chris has this on his worklist, to make them consistent. Tony will put on the wiki to make sure this gets tracked.

Comment on comments list (Girish Kumar, CKA_TRUSTED). (Tony) (https://lists.oasis-open.org/archives/pkcs11-comment/201709/msg00000.html)

• Tony did not have time to review.

Comments list query (Timo Teras, ETSI TS 103 097 certificates)

• Stef talked to Timo after last meeting, he will look at this - if he needs it, he will write up the spec and share on the mailing list.
• Tony will reply to the comments list that we are looking forward to hearing from him in the future.

Letter to NIST regarding AES GCM IV generation (Tony)

• Checking with OASIS, no evidence of a response. Further research being done, and if no reply received, TC needs to decide what to do

PKCS#11 Repository (Tony C)

• Tony: put time into organizing in a useful order, did write up some slides he shared with Valerie & Bob, but didn't have time to share. will revisit at next call.

PKCS#11 F2F Meeting (April 2018)

• straw poll closed, clear favorite is Wednesday, 11 April 2018.
• Still looking for a location to host us. Benton was looking into it, Tony will touch base with him.

New business

• none

Next meeting

• 7 March 2018

Call for late arrivals

• Darren, Chuck.

Motion to Adjourn

• Tim moved. Greg seconded. No objections, comments or abstentions. Adjourned.

Meeting Adjourned at 1:39 PM PST