Markdown Version | Session Recording

Session Date/Time: 23 Jul 2025 12:30

keytrans

Summary

This meeting of the keytrans working group at IETF 123 covered updates on key transparency (KT) implementations, proposed changes to the architecture and protocol documents, a verification effort update, and a discussion of future directions. Key topics included the implementation of auditors, modifications to the architecture to accommodate real-world KT usage, the definition of third-party auditing and management in the protocol, and the definition of cipher suites. The group discussed the stability of the drafts and the need for more reviews.

Key Discussion Points

• KT Implementations:
  • Cloudflare has implemented an auditor in TypeScript, complementing Signal's Java implementation. A desire for a full KT implementation in a single language was expressed.
  • Signal's KT server is now open-source.
  • Brendan is planning a fresh implementation based on the latest protocol draft.
• Architecture Document Changes:
  • Relaxed the definition of user ownership of labels to accommodate service-driven updates to KT. Users are now considered owners if they initiate changes or are informed of changes.
  • Updates to contact monitoring include the addition of timestamps to log leaves, which allows users to check consistency at any time.
  • Third-party auditors are now permitted to start auditing at any point in the log.
• Protocol Document Changes:
  • Defined how third-party auditing works, including the use of auditor update structures with timestamps and prefix tree information.
  • Defined how third-party management works, where the service operator signs update requests before they are processed by the manager.
  • Defined two cipher suites, both at the 128-bit security level.
• Verification Efforts:
  • Verification efforts found no security issues but identified minor quirks that were addressed in the draft.
• Future Updates:
  • Brendan plans to add an explicit update operation to the protocol document.
  • Consider adding advisory text to the architecture document on contact monitoring and quantifying the security impacts of maintaining state.
• Review Request:
  • Brendan requested more reviews of both the architecture and protocol documents.

Decisions and Action Items

• Action Item: Encourage Signal to bring changes they had to make to the early IETF KT Draft to the IETF.
• Action Item: Community to review the current KT Architecture and Protocol drafts and provide feedback, particularly for those looking for something to do.

Next Steps

• Brendan will continue to work on the protocol document, adding an explicit update operation and addressing minor tweaks.
• Brendan will provide advisory text to the architecture document on contact monitoring.
• Working group members are encouraged to review the architecture and protocol documents.
• Aim to get folks deploying the implementations to offer feedback.