W3C CCG Weekly Teleconference
Transcript for 2022-02-22
- Deep Dive on SRI Cryptographic Review
- Mike Prorock
- Our Robot Overlords
- Charles E. Lehner, Heather Vescent, Manu Sporny, Kimberly Linson, Mike Prorock, Mahmoud Alkhraishi, rgrant (Ryan Grant), Ryan Grant, Anil John, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), PL, Chris Abernethy (mesur.io), Erica Connell, Dmitri Zagidulin, David Balenson, Leo, Brent Zundel, Lucy Yang, Will Abramson, Kaliya Young, Kerri Lemoie, Marty Reed, Jeff Orgel, Joe Andrieu, David I. Lehn
- Audio Log
Our Robot Overlords are scribing.
<identitywoman> IIW has scholarships for people from underrepresented groups if you want to explore that possibility please contact me email@example.com
Topic: Deep Dive on SRI Cryptographic Review
<mprorock> Top 5 topics: 1) Crypto Agility 2) Verification of Modules for .gov use 3) Bit strength 4) Tracking and managing key material 5) Documentation and ability to approach the tech
<anil_john> +q to add a bit of nuance
<heather_vescent> Is there any audio?
<anil_john> Specifically US Federal PKI
<mprorock> thanks anil
<mprorock> i am not sure that fight is done
<mprorock> lol @manu - this is a very concerning and awesome and terrifying point
<anil_john> We *USG* does have it via FISMA/FIPS pubs :-)
<mprorock> no such...
<manu> FISMA/FIPS has never stepped in in our commercial contracts and fined us (or anyone), nor has the NSA :)
<mprorock> software supply chain is a big deal that shares the same issue
<mprorock> the work Krebs started on this front is quite good
<anil_john> Thank you CCG, thank you Dave .. appreciate the opportunity to contribute to the discussion today.
<manu> SM9 and GOST are mentioned in the new VC 2.0 WG :)
<manu_sporny> Yes, thank you David!!! Really enjoyed this meeting.