2024-02-14 TSPTF Meeting Notes

Meeting Date & Time

This Task Force meets every Wednesday. There are two meetings to serve different time zones:

  • NA/EU meeting: 08:00-09:00 PT / 16:00-17:00 UTC
  • APAC meeting: 18:00-19:00 PT / 02:00-03:00 UTC

See the Calendar of ToIP Meetings for exact meeting dates, times and Zoom links.

Zoom Meeting Recording

Attendees

NA/EU:

APAC:

NO MEETING TODAY (due to Valentine's Day).

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
3 min
  • Start recording
  • Welcome &Ā antitrust notice
  • New member introductions
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members ofĀ ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
2 minReview of previous action itemsChairs
  • ACTION:Ā Drummond ReedĀ to add HPKE support to the agenda for the next meeting.
  • ACTION:Ā Wenjing ChuĀ to review the feedback on the topic of key rotation and propose a solution.
20 minsHPKE SupportWenjing ChuĀ 

See the Wikipedia article on hybrid encryption and IETF RFC 9180.

Wenjing explained the purpose of section 8 of the Working Draft and why it references both LibSodium sealed box and HPKE. See screenshot #1 below.Ā 

Sam Smith explained that TSP can support both. He clarified that each "base mode" in the HPKE spec can be assigned a different CESR code. He said that CESR can support hundreds of codes if we need them. Each code identifies any combination of parameters across all of the algorithms and inputs. That is an example of the cryptographic agility of CESR. If LibSodium adds another base mode that interoperates with RFC 9180, then that can be assigned another CESR code.

Neil Thomson: "Sounds like a case for Lipsodium as initially supported with clear path/compatibility/commitment to HPKE family for future."

Sam Smith: "We need to be smarter than past choices about too many cryptographic options". We need to be very exact about which combinations we choose.

Wenjing then covered how HPKE will be used in our ESSR pattern. See screenshot #2 below.

Neil Thomson:Ā  "It would be helpful if this diagram was updated with a list of exactly what is provided (and why) from each of the sources (S Header, ETS Header) to each stage (HPKE-SealAuth(ā€¦), Sign(ā€¦)) - e.g. capture what Sam is saying....".

Sam Smith made a case for using existing libraries such as LibSodium to be able to implement TSP right away.

Drummond Reed asked for the business case for looking forward to HPKE.

Wenjing replied by saying that it should be okay to have 3 choices:

  1. LibSodium base mode
  2. HPKE Base mode (defined by us)
  3. HPKE Auth mode (defined by us)

Drummond Reed asked about where the CESR codes for each option will be published. Wenjing Chu said they should be in the spec. We can always create a registry option down the road.

10 minsResolution of key rotation questionWenjing ChuĀ 

See second action item above.

Wenjing Chu said no resolution to this issue yet. It may actually depend on the specific VIDs that end out being most popular/practical for TSP. He will continue to think on this.

20 minsOther prep for moving to Implementers Draft

Chairs

Our plan has been to move to Implementers Draft by end of February. What remains to be done to reach that goal?

Wenjing shared that he believes the draft could be ready for conversion from Google docs to GitHub Spec-Up by March 6th.

5 mins
  • Review decisions/action items
  • Planning for next meetingĀ 
Chairs

We will have our regular meeting next week, on Feb 21. Wenjing said he will be traveling and not able to attend the Feb 28 meeting. But he is hoping that by the following meeting, March 6th, he will have been able to do the GitHub conversion.

Drummond proposes that we skip the Feb 28 meeting as an "Editor's Break" to allow the time for the conversion from Google docs to GitHub Spec-Up.

We also agreed that, due to Valentine's Day, we would cancel the APAC call today.

Screenshots/Diagrams (numbered for reference in notes above)

#1


#2


#3


#4


Decisions

  • None

Action Items

  • None