Lamps Status PagesLimited Additional Mechanisms for PKIX and SMIME (Active WG)
Sec Area: Eric Rescorla, Kathleen Moriarty | 2016-Jul-01 —Chairs:
IETF-100 lamps minutes
Session 2017-11-13 0930-1200: Orchard - Audio stream - lamps chatroom
The lamps working group met at 11:00 on Nov 11, 2017. Jim Schaad was acting as chair for Russ Housley who could not be present. The status of the current drafts was covered, the current status are: draft-ietf-lamsp-rfc5280-i8n-update is waiting for the approval message to be sent. draft-ietf-lamps-rfc5750 and draft-ietf-lamps-rfc5751 are waiting on Jim to resolve AD comments draft-ietf-lamsp-iea-addresses has been scheduled on the 2018-01-11 telechat NEW WORK: The first new work item discussed was the CAA (Re)Discovery algorithm and was presented by PHB. In the discussion following the presentation, Jacob Hoffman-Andrews said that doing a scan of all of the DNAME records of 40M domain names and only 40 were using them and says that fixing this should not be a show stopper on getting the document published. In terms of progressing with the current document, Phillip stated that he had no problems with joint authorship and the sense of the room was that it made sense to get an RFC published that documented the errata algorithm in as clear of language as possible and superseded the current RFC. Following that it might make sense based on the usage of that algorithm to publish a new updated algorithm. Sean Turner stated that a requirement going forward was to identify a DN person to get input on the algorithm. A HUM established that people felt that they understood what was trying to be accomplished. Only a couple of people hummed on the plan moving forward(replace current RFC with errata version) but there were no dissenters. The second new work item discussed dealt with adding SHAKE as a new hash algorithm for computing signatures in PKIX and CMS. Two presentations were given by Quynh Dang relating to the two documents. There was significant push in the room to not do the DSA versions of the SHAKE algorithms but only do RSA and ECDSA. Jim Schaad raised the question of making the SHAKE hash algorithm correspond closer to the length of the key rather than using a fixed size output. Doing so would use more of the space and might be useful. Spirited discussion followed with the majority expressing opinions that a fixed length output would be closer to what is done today and thus might be a better answer. The authors were advised to drop it from the next version and see what complaints arose from that decision. Quynh this presented about the CMS document for using SHAKE with little discussion following. In closing Jim noted that the current charter required publishing of documents before changes could be made. With the approval of the PKIX i18n update, charter discussions should start in the near future. The meeting was then adjourned.