Meeting Date & Time

14 Feb 2024 This Task Force meets every Wednesday. There are two meetings to serve different time zones:

NA/EU meeting: 08:00-09:00 PT / 16:00-17:00 UTC
APAC meeting: 18:00-19:00 PT / 02:00-03:00 UTC

See the Calendar of ToIP Meetings for exact meeting dates, times and Zoom links.

Zoom Meeting Recording

NA/EU Meeting: https://zoom.us/rec/share/yscrfpYpU5T7gvpM3bhrm1q2KvBe6bvKuiP5OyGop0U7vt74ExbSA6eltdcpc0WJ.AweZgdRNL1_ua6Ca
APAC Meeting: NO MEETING TODAY

Attendees

NA/EU:

APAC:

NO MEETING TODAY (due to Valentine's Day).

Agenda Items and Notes (including all relevant links)

Time	Agenda Item	Lead	Notes
3 min	Start recording Welcome & antitrust notice New member introductions Agenda review	Chairs	Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role. New Members:
2 min	Review of previous action items	Chairs	ACTION: Drummond Reed to add HPKE support to the agenda for the next meeting. ACTION: Wenjing Chu to review the feedback on the topic of key rotation and propose a solution.
20 mins	HPKE Support	Wenjing Chu	See the Wikipedia article on hybrid encryption and IETF RFC 9180. Wenjing explained the purpose of section 8 of the Working Draft and why it references both LibSodium sealed box and HPKE. See screenshot #1 below. Sam Smith explained that TSP can support both. He clarified that each "base mode" in the HPKE spec can be assigned a different CESR code. He said that CESR can support hundreds of codes if we need them. Each code identifies any combination of parameters across all of the algorithms and inputs. That is an example of the cryptographic agility of CESR. If LibSodium adds another base mode that interoperates with RFC 9180, then that can be assigned another CESR code. Neil Thomson: "Sounds like a case for Lipsodium as initially supported with clear path/compatibility/commitment to HPKE family for future." Sam Smith: "We need to be smarter than past choices about too many cryptographic options". We need to be very exact about which combinations we choose. Wenjing then covered how HPKE will be used in our ESSR pattern. See screenshot #2 below. Neil Thomson: "It would be helpful if this diagram was updated with a list of exactly what is provided (and why) from each of the sources (S Header, ETS Header) to each stage (HPKE-SealAuth(…), Sign(…)) - e.g. capture what Sam is saying....". Sam Smith made a case for using existing libraries such as LibSodium to be able to implement TSP right away. Drummond Reed asked for the business case for looking forward to HPKE. Wenjing replied by saying that it should be okay to have 3 choices: LibSodium base mode HPKE Base mode (defined by us) HPKE Auth mode (defined by us) Drummond Reed asked about where the CESR codes for each option will be published. Wenjing Chu said they should be in the spec. We can always create a registry option down the road.
10 mins	Resolution of key rotation question	Wenjing Chu	See second action item above. Wenjing Chu said no resolution to this issue yet. It may actually depend on the specific VIDs that end out being most popular/practical for TSP. He will continue to think on this.
20 mins	Other prep for moving to Implementers Draft	Chairs	Our plan has been to move to Implementers Draft by end of February. What remains to be done to reach that goal? Wenjing shared that he believes the draft could be ready for conversion from Google docs to GitHub Spec-Up by March 6th.
5 mins	Review decisions/action items Planning for next meeting	Chairs	We will have our regular meeting next week, on Feb 21. Wenjing said he will be traveling and not able to attend the Feb 28 meeting. But he is hoping that by the following meeting, March 6th, he will have been able to do the GitHub conversion. Drummond proposes that we skip the Feb 28 meeting as an "Editor's Break" to allow the time for the conversion from Google docs to GitHub Spec-Up. We also agreed that, due to Valentine's Day, we would cancel the APAC call today.

Screenshots/Diagrams (numbered for reference in notes above)

#1

#2

#3

#4

Decisions

None

Action Items

None

Browser not supported