Markdown Version | Session Recording

Session Date/Time: 07 Nov 2025 14:30

SAAG

Summary

The SAAG session provided an overview of recent IETF security area activities, including updates on new Working Groups and BoFs, the status of AD-sponsored drafts, and outcomes from recent dispatch discussions. A significant portion of the meeting was dedicated to an open microphone session and a presentation on securing TOTP QR code enrollment, which generated substantial technical discussion regarding its implications for usability, security trade-offs, and integration with existing standards and future authentication methods. Errata processing was also highlighted as an area needing increased community attention.

Key Discussion Points

• Administrative Updates
  • New BofF: The "PLANTS" BoF successfully moved towards becoming a Working Group, focusing on charter and chair development.
  • New Working Group: The "SEAT" Working Group (previously attested TLS / SEAL) was established, with gratitude extended to its chairs.
  • No Working Groups were closed, but re-chartering efforts are underway for some.
  • Community members were encouraged to volunteer as document shepherds or assist with errata processing.
  • A new non-Working Group mailing list was set up for planning purposes.
• Related Security Activities Outside IETF
  • IAB Workshops: Upcoming IAB workshops on Age Verification (report soon) and Geolocation (December) were highlighted.
  • W3C Liaison Report: Simone, the W3C security liaison, reported work on updating XML signature for post-quantum security and discussions with the IAB regarding integrating human rights into threat modeling processes.
• AD-Sponsored Drafts
  • Push-Pull Draft: Migrated to "Multi-SET Push" draft; comments are still sought.
  • PEM File Format for ECH: Paul is sponsoring this draft, currently in AD review, and comments are welcome.
  • S-Frame: Moved to Ori's AD review as it was not originally a SEC area Working Group, leveraging Ori's security expertise.
• Dispatch Outcomes from BoFs/Presentations
  • Longfellow Zero Knowledge Scheme:
    • Discussion is needed on the cryptographical underpinnings; there was disagreement on whether the crypto is "well understood," with a 2005 publication date noted.
    • The primary question is which IETF efforts (if any) would consume this primitive, and whether a new Working Group is warranted or if it could be integrated into an existing one (e.g., S-D-J-O-T, although this was speculative).
    • The original design targeted age insurance applications, not currently a direct IETF focus.
    • Community input is sought on further discussion avenues (sec-dispatch or SAAG list).
  • Stephen Farrell's Post-Quantum Guidance for IETF Protocols: Dispatched to the SAAG mailing list for ongoing discussion.
  • Ben Laurie's Standard for Claiming Transparency and Falsifiability: A new mailing list will be set up for this.
  • Customer-Facing Relay (related to ECH): Dispatched to a new mailing list, which will be set up for proponents.
  • Tesla Update: The previous RFC was AD-sponsored. The update will also be AD-sponsored, provided that the references are releasable and freely available (currently not the case). A mailing list will be set up for this work.
• Security Area Statistics and Errata
  • The total number of security area document pages increased significantly (from 6,600 to nearly 10,000 pages), indicating high productivity.
  • Errata processing: 31 errata were closed, 8 new ones reported, leaving 195 open errata. The SEC area lags significantly behind other areas (e.g., Routing has nearly zero).
  • A proposal was made to potentially hold an "errata interim" to coordinate efforts and reduce the backlog.
  • The RFC Editor is increasingly insisting that "BIS" or "update" drafts address existing errata.
  • Gratitude was expressed to Security Directorate reviewers for their contributions.
• Open Mic / Any Other Business
  • World Cybersecurity Side Meeting: Michael from NCSC reported a successful side meeting with ~50 attendees discussing practical cyber issues. A recording will be shared, and options for continuing the discussion (another meeting, mailing list) are being explored.
  • Confidential Computing Research Group: A new IRTF Research Group on Confidential Computing is proposed, related to work in WGs like RETS, WOMSY, and SEAT. Community contributions are invited to address research questions and security considerations in this domain.
  • Volume of Documents: Ruediger Folk, a retired operator, expressed concern about the rapid increase to 10,000 pages of documents within four months, noting the potential burden on operators to digest this volume. It was clarified that many documents are "building blocks" (e.g., JOSE/COSE for OAUTH) that eventually distil into deployable protocols.
• Presentation: Securing TOTP QR Code Enrollment (Brian Conteria)
  • Problem: Current TOTP QR codes contain the base32-encoded secret key, which never expires. This key can be captured via screenshots, printouts, or physical photos, giving attackers everything needed except the password.
  • Proposal: Replace the static secret key in the QR code with an HTTPS/TLS URL containing a one-time nonce.
    • The authenticator app would scan the QR code, recognize the secure URL, and request the secret key over TLS.
    • The server would respond with the standard TOTP URI string (containing the secret key), allowing the app to complete enrollment.
    • This makes captured QR codes single-use and prevents replay attacks. If an attacker gets it first, the legitimate user would receive an invalid response and simply retry.
    • User experience remains unchanged.
    • Fallback to the legacy QR code is possible, with policy options to prevent downgrade.
  • Potential Additional Feature: Leverage the TLS connection to send device enrollment metadata (device type, version, time/date) to the server, allowing the server to prompt the user to confirm using a specific authenticator app/device.
  • Discussion Feedback:
    • Usability/Nonce Lifetime: Configurable on the server side (e.g., 60 seconds to 30 minutes). Shorter times improve security.
    • Offline Use/Backup: The proposed method requires an internet connection for enrollment, unlike the self-contained existing QR code which can serve as an offline backup. This trade-off means the ability to enroll another authenticator later from an offline backup is lost.
    • Future Authentications: Some participants questioned investing in TOTP improvements when future-facing solutions like Passkeys exist, especially if a URL visit is already required.
    • Combined QR Codes: Suggestion to create a composite QR code that upgraded clients could use for secure enrollment while older clients could fall back to the legacy method. The secure enrollment would then disable the old code.
    • URI Scheme Coordination: Defining a new URI scheme (or modifying an existing de-facto one) will require coordination with various IETF groups. The presenter noted an existing expired draft attempting to standardize the current de-facto OTPAuth URI format and suggested combining this work with that effort.
    • Privacy of Metadata: The proposed enrollment metadata (device info) raises privacy concerns; the security consideration section would need significant expansion to address this, or it could be a separate, later extension.
    • Hardware Token Integration (e.g., YubiKey): The proposal primarily addresses software authenticator enrollment. It would work if the secret key, once securely obtained, is then stored on a YubiKey, but doesn't directly address offline enrollment to an entirely offline device.

Decisions and Action Items

• PLANTS BoF: Approved to become a Working Group; charter and chairs being worked on.
• SEAT Working Group: Established.
• AD-Sponsored Drafts:
  • Multi-SET Push, PEM for ECH: Comments are still sought on these drafts.
  • Tesla Update: Will be AD-sponsored provided references are freely available; a mailing list will be set up.
• Dispatch Outcomes:
  • Longfellow Zero Knowledge Scheme: Further discussion needed on mailing lists (sec-dispatch or SAAG) regarding cryptographic understanding and potential IETF consumers.
  • Stephen Farrell's Post-Quantum Guidance: Dispatched to SAAG mailing list for discussion.
  • Ben Laurie's Standard and Customer-Facing Relay: New mailing lists will be set up for these.
• Errata Processing: ADs will explore organizing an "errata interim" to collaboratively reduce the significant backlog.

Next Steps

• Longfellow Zero Knowledge Scheme: Community members interested in the discussion on the scheme's crypto and IETF application are encouraged to post to sec-dispatch or the SAAG mailing list.
• Errata Processing: Monitor progress on the proposed errata interim.
• Confidential Computing Research Group: Interested individuals are invited to contribute to the proposed IRTF Research Group.
• TOTP QR Code Enrollment Draft: Brian Conteria will continue to refine the draft, considering feedback on offline use, metadata privacy, URI scheme coordination, and potential integration with existing efforts to standardize the OTPAuth URI format. Offline discussion with ADs is planned.