Informal minutes of the IEEE P1363 Editorial Teleconference Tuesday, May 19, 1998, 10am Pacific Daylight Time Present: Lily Chen Phillip Griffin Don Johnson Burt Kaliski David Kravitz Mike Markowitz Roger Schlafly Tim Skorick Jerry Solinas Yiqun Lisa Yin Leo Reyzin Robert Zuccherato 1) We reviewed the editorial progress since the last teleconference. a) Lisa went over the main body changes. She said they were mostly editorial and conformance-related. Don mentioned that X9.42 had changed their key derivation function and asked if we wanted to follow their change. Burt pointed out that the changes concerned the format of additional key derivation parameters, which we left completely open. Don suggested that it is an important security consideration: that both parties agree unambiguously on the format of these parameters. b) Jerry and Leo were working on the final touches to Annex A (Number-Theoretic Background) and were adding tables for factorization of 2^m-1 and for trinomial, pentanomial and Gaussian normal bases for GF(2^m). They had not posted a new version for this teleconference, but expected to post it before the June meeting. c) Burt had posted another version of Annex B (Conformance), following through on the decisions of the March meeting regarding conformance with primitives. He also reorganized the annex outline. He expected to make more annex changes for schemes; some of this may have an impact on the main body, in terms of the precise definition of a scheme, which he would send to the mailing list for comment. Separately, he expected that the main body would be changed to combine schemes by type (key agreement, signature, encryption) rather than by family (DL, EC, IF). d) Lisa had posted a version of Annex C which was the the first full version. It was nearly complete (it had answers to all but one of the questions). She requested more discussion on the mailing list; Burt pointed out that rationale will be very important as we present our case to the balloting body and encouraged people to review the annex. e) Burt had posted another version of Annex D (Security Considerations), which followed the same outline as the March version, but had more details filled in and addressed many of the comments that Burt had received. In particular, the latest version was more conservative than the March version. He said he expected more comments from Carl Ellison on random number generation. Don mentioned that both ISO and ANSI were also looking into random number generation. f) Mike and Phil had started work on the ASN.1 syntax in Annex G (Formats). Phil was re-working some ASN.1 structures; in particular, he was making them more rigid and closer to ANSI X9.F1 standards. We thanked Phil for helping us; Leo, Mike and Phil said they would collaborate to produce a version of Annex G by the June meeting. More mailing list discussion was expected before then. Don requested that the structures for identifying finite fields be hierarchical rather than flat (i.e., first the field type (GF(2^m) or GF(p)), then the basis type (normal vs. polynomial), then the actual basis). We agreed that, in general, hierarchical structures were preferable for their generality; at the same time, we decided that it would be useful to provide shorthand notation for certain commonly used constructs. 2) We then discussed some administrative issues. a) Burt reported that there had not been much new information on patents since the last teleconference. Everything received recently had been posted to the web site (including letters from Bellare, Rogaway, Schnorr, Williams and Zheng). He had plans to follow up with those who had not yet replied. b) Burt requested comments on the call for submissions for P1363a, which he was planning to issue by the end of the week. He said he would schedule time for presentations at the August and November meetings. c) We discussed the issue of balloting. Terry Arnold had done some research into this and sent a letter to Burt, which Burt would forward to the mailing list. Basically, if we wanted to stick with our schedule worked out at the March meeting, we would need to ask the Microprocessor Standards Committee (our sponsor) for permission to do so at their July meeting. Then we would start forming the balloting body. In order to do that, we would need to agree on a complete version of the document at our June meeting, do final internal review in July and early August, and have a draft ready for balloting at the Crypto meeting. Since we seemed to be mostly on schedule since the March meeting, we decided this was feasible. We also decided to post the schedule for completion on our web site. 3) We discussed plans for the near future. The June meeting would start on Monday, June 29; in order to have ample time to review everything, we were aiming to post all the sections of the document on the web site by Monday, June 15. Burt and Lisa were planning to finalize the main body and Conformance. Burt was also planning to finalize Security Considerations. Mike, Phil and Leo were hoping to finalize Annex G (Formats) after some mailing list discussion. Lily said she would forward the latest version of X9.42 as a contribution for posting to the web site; it had some ASN.1 constructs that could help with Annex G. Jerry and Leo would add tables to Annex A (Number-Theoretic Background). We adjourned at 10:50am Pacific Daylight Time