Minutes of the June 3rd, 2025 Meeting

[johngray-dev]

Present: Jean-Pierre Fiset, Carl Wallace, Daniel Van Geest, Felipe Venture, Christoph Wildfeuer, Abel Chen, Austin Lin, John Gray, Mike Ounsworth

Round Table Discussion:
JP - Asked about the composite draft and his issue about making it generic. John and Mike confirmed the composite authors spent a few hours making it completely generic but it introduced many changes due to specific aspects of how composite ML-DSA is used.

Carl Wallace - Also mentioned composite drafts and asked why authors didn't add implicit parameters that are derived by the OID which he had previously suggested. This was missed by the composite authors, but has now been resolved in these pull requests: lamps-wg/draft-composite-sigs#185 and lamps-wg/draft-composite-kem#154

Daniel Van Geest - Also discussed composite key re-use, and using the application context is not as good as the hash of public keys because in the same application specific use it doesn't help. More context available here: lamps-wg/draft-composite-sigs#79

Mike Ounsworth - Explained why recent composite signatures authors decided to only use a hash-based construction. Using pre-hashing is preferred by many organizations and not the complexity of external mu.

• Mike also explained about the updated random 'r' value added into composite signatures. More context here: Add signature randomizer lamps-wg/draft-composite-sigs#177
  • JP asked if r can be computed outside the module. The answer is yes and it is discussed in the security considerations sections of composite signatures

Felipe - No update on implementing composite signatures in the openSSL default provider. No one working on composite KEM in openSSL as far as we know at this point.

Christoph Wildfeuer - Using ML-KEM to do key exchange in satellite communication protocol. Very close to publishing some documents about this usage and currently using the Tamarin verification tool. Also asked about regulations in Europe. Is there any support in Europe for using classified information? Right now only symmetric crypto. CNSA 2.0. uses the support of PQC.

• Mike mentioned the United states has commercial, CNSA has classified space. Europe has 1 set of recommendations, commercial, financial and classified (possibly).

Discussed upcoming conferences - IETF in March 2026 in China, Real world crypto the week before that. IETF in Summer 2026 in San Francisco. PKIC in Kuala Lumpur in October 2025, IETF in Montreal the following week.

Action: Connect Christoph Wildfeuer with people we know in Europe to help answer his European regulations questions.