Session Date/Time: 27 Jul 2023 20:00

lamps

Summary

The LAMPS working group meeting covered a wide range of topics, including updates on documents in the RFC editor queue, discussions on p-kicks and SMIME-related drafts, and proposals for new work. Key discussions revolved around header protection, end-to-end mail guidance, certificate management protocols, key attestation, and various aspects of PQC migration. The meeting resulted in calls for adoption for several documents and identified next steps for ongoing work.

Key Discussion Points

RFC Editor Queue Updates: Several documents, including CMP algorithms, CMP updates, lightweight CMP profile, and CoAP transfer for CMP, are in the RFC editor queue. Minor updates are planned.
CA Issue Mail: Minor edits were made post-working group last call to clarify certifying email addresses and validation requirements.
Header Protection and End-to-End Mail Guidance: The header protection draft is awaiting the end-to-end mail guidance document. The latter has been revised with guidance on draft messages, local certificates, intervening mail user agents, and external sublease resources in text HTML parts.
4210 bis and 6712 bis: Focused on adding support for Cam certificate management. Discussion centered on using cam keys and certificates for message protection, including the use of CAM based MAC parameters, and new infotypes for ciphertext transfer and KDF context.
pkcs12 for PBMac 1: No updates.
7030 CSR at 1st: A suggestion to return a CSR template with fill-in-the-blanks for customization was discussed. Existing RFC 8295 was noted to overlap. The discussion will continue on the mailing list.
Key Attestation in CSRs: Discussed carrying attestation in CSRs, driven by Cab Forum requirements for hardware-backed code signing keys. Focus on Rats architecture, verifier model and how to opaquely carry different attestation formats. Open issue of type specification (OID vs. wrapper).
Lithium Search: Awaiting examples of nicely parsing certificates.
Kyber Certificates: Working on implementation to generate test vectors.
Sphinx+: Awaiting NIST decision on algorithms to support.
MRI: Working group last call ended. Issue regarding optional UKM field. Proposing to specify that implementations not supporting the UKM field should gracefully discontinue processing when the UKM field is present.
Composites (chems and sigs): Composite chems passed adoption; composite signatures did not. Discussions on strong non-separability and driving use cases are needed.
5090 bis: Proposal to migrate from SHA-1 to SHA-256 for high-volume OCSP profiles. Concerns raised about web PKI compatibility.
Chameleon Certificates: Proposal for efficiently conveying two X.509 certificates within one certificate for algorithm migration and dual-use key scenarios. Relies on one certificate (delta) containing the differences from the other (base) in an extension.
8398 and 8399 bis: Updating to unconditionally use UA label representations for encoding IDNs to simplify implementation and reduce security vulnerabilities. Pointing to IDNA 2008.

Decisions and Action Items

End-to-End Mail Guidance: Working Group Last Call. Steven to formally reply to the last call.
7030 CSR at 1st: Discussion to continue on the mailing list.
Key Attestation in CSRs: Call for Adoption.
MRI: Pending feedback from the working group to determine whether to forward to ASG.
Composites: Continue refining the proposal for composite signatures and clarifying the problem statement.
5090 bis: Call for adoption.
Chameleon Certificates: Needs more discussion before a call for adoption.
8398 and 8399 bis: Call for Adoption.

Next Steps

Authors to address feedback on the mailing lists.
Design teams to continue meeting and refine proposals.
Working group to review documents and provide feedback.
Chairs to schedule future interim meetings as needed.