@eyedeekay
+R4SAS
+RN
+RN_
+Xeha
+acetone
+dr|z3d
+hk
+orignal
Irc2PGuest28644
Irc2PGuest59134
Irc2PGuest87589
Onn4l7h
SigSegv
T3s|4_
aeiou
ardu
eyedeekay_bnc
mareki2p
not_bob_afk
profetik1
qend-irc2p
shiver_
u5657
weko_
x74a6
zzz
reminder: Proposal 169 2nd review today 7 PM UTC here
zzz
to see the proposal changes since the review:
zzz
git diff efc11074f4b65f473b78d6090d5aaec693bce170..HEAD 169-pq-crypto.rst
zzz
if you're here for the review, please say hi, even if you're just planning to lurk
RN
hi. just observing I think.
zzz
welcome RN
not_bob_afk
I'm here.
orignal
hi
eyedeekay
hi
altonen
hi
RN
*** plays drumroll for drozd's entrance with enhanced css ***
RN
*** giggles and hushes up ***
zzz
ok, welcome everybody
zzz
this is the second review of proposal 169, first reviewed on March 18
zzz
I'll summarize what's changed since the first review and then throw it open for discussion and comments
orignal
fine
zzz
THe first review focused mostly on the MLKEM ratchet parts, so we can open it up more to the other parts today if people want
zzz
anyway, what changed:
zzz
I flopped around the sigtype numbers 12-17 as agreed to last time
zzz
minor fixes and comments throughout
dr|z3d
sorry, hi.
dr|z3d
*** pokes RN ***
zzz
and added some references and discussion about the hash type open issue
zzz
thats about it, really not any major changes
zzz
I'll throw it open to the gang for discussion now
orignal
ratchets more or less work. what's next?
orignal
that's my question
zzz
you mean what's next for implementation?
orignal
yes
zzz
my guess on the order of things and schedule is the 'priorities and rollout' section near the bottom, please take a look
zzz
I continue to think that MLDSA is last.
orignal
what about NTCP2/SSU2?
zzz
I think we need guidance from the CAB forum and that may take a year or more
orignal
CAB forum?
zzz
well,taking a look at the chart I referenced, those are middle priority
zzz
the CA/Browser forum that sets standards for SSL certificates. When they start mandating PQ they'll tell us what kind
zzz
I think that's probably a year out
orignal
so what we release? ratchets only?
zzz
we haven't discussed any release plan at all, on any timetable. My guess is in the proposal, but we're ahead of that schedule
orignal
I think you wanted to discuss hashes
zzz
one of the main things todo before talking about releases is getting dual-protocol ratchet like 6,4 implemented and tested
zzz
the other is hashes
zzz
I don't have any more info about hashes, other than I found a good reference for the SSH RFC
zzz
see SSH-HYBRID reference in our proposal
zzz
in it, they make some choices and add some security analysis. Not a lot, but some
zzz
anybody else had a chance to do any hash research since last week?
eyedeekay
I did a little
zzz
anything to report?
eyedeekay
There are basically zero people who say SHA256 is going to be broken with collisions or preimage attacks
eyedeekay
The concern if there is any seems to be slight, and about usability of the SHA2 for various applications
eyedeekay
There seem to be no serious problems with SHA2 itself as long as you use it right
zzz
tl;dr on the SSH RFC, they analyze whats important and what's not in noise handsakes.
zzz
Their conculsion is two choices: MLKEM768+SHA256, and MLKEM1024+SHA384
eyedeekay
But the argument for blake2 or some other hash construction is that it arguably improves upon the fairly mild shortcomings of sha256
zzz
do we have any volunteers to lead the effort on further research and recommendations before the next meeting?
eyedeekay
I can keep going and try to find some Noise-specific pitfall of SHA2 use but I don't think I will from what I've seen so far
zzz
ok. the SSH reference may be helpful
eyedeekay
Ack, I'll read it for the next meeting
zzz
back to the rollout discussion for a moment
zzz
orignal, I think the EARLIEST I'd be comfortable with, and that's if we continue to make good progress and decisions, is:
zzz
beta in release this august, official in release this november
zzz
if we hit problems or I run out of time that could easily slip into next year
zzz
that's for MLKEM ratchet only
zzz
that would be 6 months ahead of the schedule in the proposal
zzz
what do you think?
zzz
not seeing anything from orignal. anybody else have comments?
dr|z3d
nothing from me.
orignal
oops
orignal
sec
zzz
anybody else with discussion topics?
orignal
my question what we do with ML-DSA,
orignal
more practical
orignal
if I release floodfill should it accept ML-DSA?
zzz
I think we continue to play with it, but that's it for now
zzz
according to the schedule in the propsal, we woudn't do that until late 2026
zzz
we don't know what flavors
zzz
big decision is straight MLDSA or hybrid
zzz
nobody's going to have an answer for that this year
orignal
but question is if we accept such signature or not?
zzz
no, because we haven't agreed on anything yet. The specs may change
zzz
maybe we don't do non-hybrid at all
zzz
same thing with ratchet, we haven't finalized anything
zzz
if we want to do a beta in august, we need to finalize the specs in about 3 months
zzz
I'm not checking in anything until we agree on it
zzz
anything else on proposal 169?
zzz
orignal and I agreed we won't schedule another review yet, lets see how things go, maybe in a few weeks
zzz
anything else to talk about while we're all together?
eyedeekay
Nothing else from me
not_bob_afk
I'm just here for the free popcorn.
zzz
altonen, want to tell us anything about your progress?
orignal
I will let you know next week
altonen
nothing to report, i've skimmed the spec and verified that there is mlkem/mldsa crates available
altonen
maybe i can do it by november but august is too soon
zzz
congrats everybody, 6 reviews in two months, we got a lot done, even though we were out of practice
zzz
haha we don't expect you to keep up altonen
dr|z3d
congrats to you and orignal, mostly. :)
zzz
also, my question was more general, not about PQ
altonen
ah, ssu2 congestion control mostly
zzz
eyedeekay, you promised working NTCP2 a couple days ago, I presume you got distracted by the gitlab stuff
zzz
any update eyedeekay ?
eyedeekay
I did get distracted by the gitlab stuff, I only meant I would be ready to check in the test against a local router(it might still be failing), which I suppose is a big step but still not quite there yet
zzz
anyway, I'll baf the meeting closed, thanks everybody, we'll schedule more stuff in the coming weeks
zzz
thanks to everyone for your support, we all have some more coding to do
eyedeekay
I'll be getting back to it after I iron out the last few gitea issues
zzz
good job altonen and eyedeekay for marching forward