IEEE P1363 Working Group for Public-Key Cryptography Standards

Wednesday, November 15, 2000
NSA, Fort Meade, MD

Meeting Summary

* Presentations on:
  - braid groups
  - one-time keys in DSA
  - implicit certification.

* Reviewed activities in NESSIE, Cryptrec, ANSI and ISO SC27.

* P1363.1:
  - Reviewed call for submissions and suggested some modifications.
    Lieman to implement the changes. Singer to publicize the
    document when it is ready.
  - Call for submissions will be posted as soon as the IEEE approves
    the PAR. Close of submissions will be around November 2001.

* P1363.2:
  - Reviewed call for submissions and strawman draft. Timeline is
    similar to P1363.1, but the document will probably take longer
    because there are more techniques expected to be considered.
  - Singer and Jablon to produce a call for submissions which the
    group is happy with and publicize it.
  - Further discussion of difference between schemes and protocols.

* P1363a:
  - Reviewed current draft and suggested several changes.
  - Need to review Security Considerations for DSA, EPOC, ESIGN.
  - The inclusion of EPOC and ESIGN is conditional on the submitter
    providing us with text on security considerations by December 1.
  - DL/ECIES: Recommended that KDF2 be used as a stream cipher
    only when the data being encrypted is short, and that a block
    cipher in CBC mode with a fixed zero IV be used when it is
    long.
  - Some work still to be done on Rationale and Formats sections.
  - Will add references to Triple-DES, AES and HMAC.
  - All places that specify SHA-1 or RIPEMD-160 will be amended to
    also mention SHA-2.
  - The next draft, D7, will be available for review one month
    before the next meeting. D8 is expected to be the final draft before ballot.

* P1363b:
  - The working group plans to continue investigation into the
    logistics of working on the second amendment to Std 1363-2000.

* Voted not to include KCDSA in current amendment document due to time
  constraints.