Minutes of the 2018-07-19 IAB Business Meeting, Montreal
- Jari Arkko
- Deborah Brungard (IESG Liaison)
- Alissa Cooper (IETF Chair)
- Ted Hardie (IAB Chair)
- Allison Mankin (IRTF Chair)
- Gabriel Montenegro
- Cindy Morgan (IAB Executive Administrative Manager)
- Erik Nordmark
- Mark Nottingham
- Melinda Shore
- Robert Sparks
- Jeff Tantsura
- Martin Thomson
- Brian Trammell
- Suzanne Woolf
- Christian Huitema
- Karen O’Donoghue (ISOC Liaison)
- Harald Alvestrand (incoming IETF liaison to ICANN board)
- Alexey Melnikov (CFRG Chair)
- Daniel Migault (IETF liaison to ICANN RSSAC)
- Jim Reid (IETF appointee to ICANN RZERC)
- Tim Wicinski (IETF appointee to ICANN TLG)
- Paul Wouters (IETF appointee to ICANN TLG)
2. Liaison Cluster Review: ICANN
The IAB met with several of the IETF liaisons to various ICANN bodies with which the IETF has relationships to discuss what each group was working on, and how they can better coordinate amongst each other.
Paul Wouters and Tim Wicinski are the IETF appointees to the ICANN Technical Liaison Group, which advises the ICANN Board on technical matters. Paul noted that the TLG has appointees from other standards organizations, and that being on the TLG makes it easier to informally communicate with those other standards bodies about their activities.
Jim Reid is the IETF appointee to the ICANN Root Zone Evolution Review Committee (RZERC). Jim reported that the group is mostly quiet, although recently they have provided comments about the KSK rollover plan.
Daniel Migault is the IETF liaison to the ICANN Root Server System Advisory Committee (RSSAC). Daniel reported that while RSSAC is in the process of revising their governance model to be more open, there are still discussions that happen under confidentiality, which makes reporting difficult. Tim Wicinski noted that that he previously served as the IETF’s liaison to the ICANN NomCom, which also had confidentiality rules, and said that he focused his reporting on process issues and educational gaps between IETF and ICANN.
Harald Alvestrand is the incoming IETF liaison to the ICANN Board. He will be replacing Jonne Soininen in October 2018.
Suzanne Woolf said that one of the reasons wanted to get all of the liaisons together in one place is that it is difficult to keep up with all of the various things out for ICANN public comment. Alissa Cooper noted that there is a page that lists everything <https:// www.icann.org/public-comments>. Ted Hardie wondered if the content of that page could be pushed to the new-work mailing list as new things are added.
3. IRTF Review: Crypto Forum Research Group (CFRG)
Alexey Melnikov updated the IAB on the current status of the Crypto Forum Research Group (CFRG). CFRG’s goals are to:
- Define/standardize crypto primitives for use by the IETF and other SDOs (e.g. W3C)
- Be a meeting place for both academics (cryptographers) and practitioners (security protocol designers and implementors)
- Educate IETF participants.
CFRG has published 7 RFCs:
- RFC 7539, “ChaCha20 and Poly1305 for IETF Protocols”, 2015-05, Obsoleted by RFC8439
- RFC 7664, “Dragonﬂy Key Exchange”, 2015-11
- RFC 7748, “Elliptic Curves for Security”, 2016-01
- RFC 8032, “Edwards-Curve Digital Signature Algorithm (EdDSA)”, 2017-01
- RFC 8125, “Requirements for Password-Authenticated Key Agreement (PAKE) Schemes”, 2017-04
- RFC 8391, “XMSS: eXtended Merkle Signature Scheme”, 2018-05
- RFC 8439, “ChaCha20 and Poly1305 for IETF Protocols”, 2018-06
Most of CFRG’s output feeds directly into work in several IETF WGs, including CURDLE, TLS, LAMPS, and DCRUP. Sometimes the IETF comes to CFRG with specific requests such as questions about the key lifetime boundary for a particular cryptographic mode of operation. Such requests are more difficult to fulfill as there are not always people available to do the work.
The Crypto Review Panel is a group of experts that review literature on new crypto algorithms/constructs or their use in protocols. They review documents for readability and implementability, but are not asked to prove whether or not there any security issues with the documents. They are also chartered to do reviews of CFRG documents, documents from the Security Area in the IETF, and documents on the Independent Stream. The panel currently has 7 members who serve two-year terms. The panel can also be used as a training ground for future CFRG chairs.
CFRG generates far more documents per year than any other IRTF RG. The IRSG review process does not always work well for this, since a “yes” from at least one other IRSG member outside of CFRG is required to progress a document.
CFRG is currently looking for a third co-chair to ease some of the burden on the existing chairs.