Markdown Version | Session Recording

Session Date/Time: 26 Jul 2022 14:00

secdispatch

Summary

The secdispatch session reviewed three individual draft proposals: "Terminology for Post Quantum Hybrids," "Federated TLS Authentication (fedTLS)," and "FNV Hash Function." Key discussions revolved around the appropriate venue for each, the scope of work, and the level of IETF engagement required.

For the Post-Quantum Hybrid terminology, there was strong community interest but differing opinions on the best home (CFRG or a new working group). Federated TLS was deemed to require more development and community interest before IETF standardization. The FNV Hash Function, a description of a widely used non-cryptographic hash, was identified as suitable for AD sponsorship.

Key Discussion Points

1. Terminology for Post Quantum Hybrids

• Background: The presentation highlighted the vulnerability of current asymmetric cryptography to quantum computers and the desire for protocols using both post-quantum (PQ) and traditional algorithms (hybrids).
• Problem Statement: Inconsistent terminology across various drafts and working groups (e.g., "hybrid," "dual," "multi-key," "composite," "non-composite") makes discussion and analysis difficult. There's a need to clarify security properties and avoid overloading the term "hybrid" (already used for symmetric/asymmetric combinations).
• Proposal: An informational draft to standardize a glossary for PQ-traditional hybrid schemes.
• Discussion:
  • Scope: Paul Hoffman suggested splitting the work into separate documents for key exchange and signatures, as signatures are more complex.
  • Alignment: Ecker noted a preference for aligning with academic/NIST terminology to avoid duplicate definitions.
  • IETF Home: Options discussed included CFRG, a new dedicated PQ working group, or AD sponsorship. Concerns were raised about CFRG's congestion and whether AD sponsorship would provide sufficient cross-cutting review for terminology. A new PQ group was suggested as a better fit for broader protocol-related engineering aspects rather than just algorithms.
  • Urgency: Speakers emphasized the importance of traffic protection against future quantum attacks (record-now, decrypt-later scenarios) and the need for a centralized discussion point for PQ migration challenges across protocols.

2. Federated TLS Authentication (fedTLS)

• Concept: The draft proposes a mutual TLS authentication method that leverages federation metadata for public key pinning, aiming for independence from the traditional Web PKI model.
• Background: Developed by Switch for secure communication within the Swedish school and health sectors, with existing open-source implementations.
• Mechanism: Clients and servers exchange metadata from a federation, clients pin the server's public key, and a proxy (e.g., Nginx, Apache) manages TLS termination, forwarding client certificates for application-level pin validation.
• Discussion:
  • Interest: There was limited expressed interest from the room for immediate IETF standardization.
  • Publication Path: It was suggested that the authors could pursue code point registrations (e.g., for TLS extensions) through existing IETF processes without requiring a full RFC, if the core mechanism does not need IETF consensus.
  • Technical Feedback: Questions arose about the choice of JSON for metadata (suggesting CBOR for constrained nodes) and the necessity of an IETF standard given the current number of implementers (2-3).
  • Scope: The presenter clarified the need for standardization to secure funding and broader adoption for critical infrastructure like health and education federations.

3. FNV Hash Function

• Description: The draft describes the FNV (Fowler-Noll-Vo) non-cryptographic hash function, which is simple, widely used for tasks like hash table indexing, and provides good dispersion.
• Purpose: To provide a stable, permanent reference document (RFC) for FNV, including C reference code, as it is widely implemented and referenced in other standards.
• Mechanism: Initialization with a basis value, XORing data octets, and multiplication by a specific FNV Prime value.
• Usage: Cited in IEEE 802.1Qbp, suggested for IPv6 flow identifiers, BFD, and used in various other applications like DNS cookies.
• Discussion:
  • Publication Stream: Paul Hoffman supported AD sponsorship, noting its use in standards track documents and wide deployment. Ecker questioned if it belongs in the IETF stream (requiring consensus) or the Independent Submission Stream (ISE) given it's documenting an existing algorithm. The consensus seemed to lean towards AD sponsorship within the IETF informational stream due to its existing references in IETF-related work.
  • Security Considerations: Phil Baker stressed the importance of robust security considerations explaining when and when not to use FNV, clarifying its non-cryptographic nature.
  • IPR: The author stated that original inventors ensured no IPR or patent restrictions.
  • Need for Documentation: The value of a stable RFC reference was emphasized, especially since existing references are often embedded within larger documents or on websites.

Decisions and Action Items

• Terminology for Post Quantum Hybrids: The Area Directors (ADs) will lead a discussion within the security area community to determine the most suitable home for this work, considering both CFRG and the potential for a new dedicated Post-Quantum working group. Feedback regarding splitting the work (e.g., key exchange vs. signatures) and focusing the scope will be considered in this process.
• Federated TLS Authentication (fedTLS): No immediate IETF action will be taken through the dispatch process. The authors are encouraged to continue refining the draft and can explore obtaining code point registrations without an RFC if that meets their immediate needs. The option for IETF publication can be revisited if further community interest and compelling reasons emerge.
• FNV Hash Function: The ADs will proceed with sponsoring the FNV hash function document as an informational RFC. Discussions will continue to refine the scope of review and confirm its placement within the appropriate IETF stream.

Next Steps

• Post Quantum Hybrid Terminology: The ADs will initiate community engagement to gauge interest and gather input for the formation of a new working group or integration into an existing one (e.g., CFRG).
• fedTLS: Authors will continue development, possibly seeking code point registration directly, and are welcome to bring it back to SEC dispatch if circumstances change.
• FNV Hash Function: The ADs will work with the author and a document shepherd (Paul Hoffman offered) to move the draft forward under AD sponsorship, focusing on appropriate review for an informational document.

(End of SEC DISPATCH session. The meeting transitioned into the Security Area Advisory Group (SAG) session.)