iTC Meeting Minutes 2023 05 18 - DSC-iTC/cPP GitHub Wiki
Call started at 12:02pm EDT
Call started with a discussion about how DSC seems like it is going to become very important in the PQC world based on several discussions at the CSfC Workshop and PQC Day. A question is how DSC should fit in with other PPs and what implications that may have. The CC:2022 conversion will need to consider all this.
This was followed by a discussion about how best to list the allowed with components and where this should be located. It is proposed at the moment to list this on the DSC website, though it may be useful to have it listed on the CC Portal (but the update cycle on that makes that more difficult).
The call then moved on to the open pull requests. The only one was about where the allowed components would be published as the current location is on the OO site which requires a login. The change is to post it to the github.io site, though it was noted this could always be changed later. This pull request was merged as it had already been approved.
The next topic of discussion was Issue #35 to review the comments Jim had provided. The discussion here was about whether or not Objectives are required in the PP. Currently they are listed, but this is not mandatory. Ongoing it would be easier to accept the proposed change from AU to remove them, but a primary consideration is that you cannot mix PPs with and without objectives into the same PP-Configuration. All the NIAP PPs currently have objectives, so removing them here would make them incompatible (at least as a single evaluation). The iTC will look at the changes in CC:2022 as well as confer with NIAP about PP direction since we would want to follow their lead regardless.
The last topic of discussion was Issue #124 about the PBKDF proposal. This would replace the current DSC0001 TD. The immediate concern is that the TD has anti-hammering included in the SFR (as was necessary to meet the TD requirements which are more limited). The overall thinking here is that now free from the constraints of a TD, these should be split out with a mandatory anti-hammering SFR that would provide as one option the use of the PBKDF (with some minimum number of rounds) along with a selection or assignment to provide other means for this. This would move the non-crypto claims out of the crypto SFR and allow it to be handled more cleanly.
The call ended at 1:09pm EDT.