**Session Date/Time:** 17 Mar 2025 08:30 # kitten ## Summary The KITTEN working group meeting focused on discussions around two-factor authentication and related topics. Key areas included quick re-authentication mechanisms, particularly H.T family and "Remember Me", the Sassel Paskey draft, and updates on SCRAM for 2FA. The meeting also featured a presentation on passkey authentication and its potential application in email clients. A significant portion of the discussion was dedicated to the challenges and possibilities of using passkeys with generic mail user agents. ## Key Discussion Points * **Passkey Authentication (Sassel Paskey):** * The group discussed the benefits of passkeys for users, client implementers, server implementers, and administrators, comparing them to passwords and OAuth 2. * Ben Boks and Stephen Farrell presented a proposal for using Sassel Paskey for initial setup of mail clients followed by "Remember Me" tokens for continuous re-authentication. * There was a debate on whether generic mail user agents (like Thunderbird) can effectively use passkeys, especially concerning origin and relying party concepts in WebAuthn. * Tim Cabali raised concerns about mail apps not being entitled to signatures for origins they don't own and suggested using established OAuth patterns for third-party authentication. * Dean Sacks suggested engaging with the FIDO Alliance to align with the broader passkey ecosystem. * **Sassel Hash Token (Sassel HT):** * Florian presented an update on the Sassel HT mechanism for quick connection re-establishment, particularly in XMPP. * The presentation covered the token-based approach, hashing with TLS channel binding data, and the mechanism's current state and adoption in XMPP. * The discussion touched upon a wire format change in the latest draft and how to handle existing deployments. * Arndt raised concerns about the mechanism's reliance on a single TCP connection and its implications for happy eyeballs and multiple connections. * The group considered the appropriate token invalidation policy after single or multiple uses. * Discussion was brought up about integrating zero RTT data to speed up reconnection ## Decisions and Action Items * **Sassel Paskey:** Experimentation is required to determine if this system is viable or not. * **Sassel HT:** Decide on how to deal with the wire format change (rename mechanism or expect fallback). Email discussion is required. ## Next Steps * Continue discussion on Sassel Paskey and Sassel HT on the mailing list. * Evaluate interest in an interim online meeting within the next month to further discuss Sassel HT. * Investigate quickly authentication mechanisms.