iTC Meeting Minutes 2025 04 24 - DSC-iTC/cPP GitHub Wiki
Call started at 12:02pm EDT
-
Brian Wood
-
Joachim Vandermissen
-
Stan Potter
-
Bob Clemons
-
Matt Downey
-
Alie Becker
-
Joe McDaniels
The call started with a discussion on the new comments submitted from NIAP. There were a number of new issues submitted as part of their review. The majority of these issues are substantial, with only one critical one that would need to be addressed to be able to be accepted as a PP that would meet NIAP requirements. This specific issue relates to adding the ML-KEM and ML-DSA algorithms to the requirements. They will provide the information needed for this for the integration.
A key question from NIAP is how we would want to resolve the issue. Brian pointed out that we can provide both a TD, which is quick, but also that there is a rolling Interpretation branch which directly integrates all the TDs into the existing published version (enumerated in the hundredths place), and both can be quickly provided once we have the TD (or TDs ready). It was noted that some of the substantial issues may require a lot of work, and should be incorporated into a slightly broader update. Brian said he would work on creating GitHub issues for each of the comments so they could be individually tracked and handled. NIAP stated there may be further comments submitted based on more reviewers looking through the documents. Brian said they would incorporate any comments that were made.
Brian then asked if there was a specific desire from NIAP for creating a smaller set of requirements based on discussions from last year. It was agreed they would look at the needs and come back at some point in the future with interested use cases that could be used to possible create such targeted requirement sets. Likely the direction would be to create sets of requirements that are grouped together that would be selection-based, and targeting a use case would bring in that set.
The discussion then turned to the large number of pull requests around updated crypto pull requests that were submitted and approved. It was agreed that these would all be merged after the call into the working branch.
The call ended at 12:46pm EDT.