Cloud Key Management

Summary:

The meeting focused on the Cloud Key Management working group, discussing recent accomplishments, future goals, and potential collaborations with other working groups. Participants explored various topics, including post-quantum cryptography, key management in edge computing, and the integration of key management into zero trust frameworks. The group agreed to prioritize efforts, conduct surveys to gauge interest and availability, and continue exploring relevant topics while staying informed about industry developments

Minutes:

This was the new kick-off call for the Key Management working group.
Cloud Key Management Community Update
The call started with the presentation of the Cloud Key Management Circle Community, a platform where members can access resources, including a calendar for calls, Google Drive, working group minutes, and research publications.
Key Management Working Group Overview
Sam, the co-chair of the Key Management working group, led the call and presented the group's previous work and 2025 goals. Sam encouraged participation and welcomed new members, emphasizing the importance of cross-functional collaborations. He also highlighted the group's focus on audit trails, security, and integrity of key material and systems.
Cloud Key Management Working Group
Sam discussed the accomplishments of the Cloud Key Management Working Group in 2024. He highlighted the publication of the HSM As A Service Use Cases document and the Key Management for Public Cloud Migration document. He also mentioned the upcoming publication of the Multi-Cloud KMS document.
Sam also mentioned the intention to review and revise older documents to ensure their relevance.
Google Docs and Contact Information
Sam discussed the need for updated contact information. He mentioned that a Google form would be sent out to collect this information, including two email addresses for each participant.
Cloud Key Management Working Group Goals
Sam led a discussion about the goals and structure of the working group. He emphasized the importance of leveraging the group's expertise to support the community, particularly in understanding best practices for cloud key management. Sam also highlighted the need to identify gaps in the existing documentation and to produce content based on community needs. He encouraged the group to share their expertise and feedback, and to contribute to the development of work streams. The discussion also touched on the potential for collaboration with other groups.
Potential Working Group Topics and Updates
Sam proposed five topics for discussion in the working group, with a focus on updating and reviewing previous products. He suggested limiting the outputs to two or three this year. He also mentioned that he would like to review existing documents, possibly with the help of an SME familiar with each topic. Iain discussed the topic of post-quantum key management, expressing concern about the heavy investment of other organizations in this area. He suggested that the CSA should identify what they can contribute uniquely to the topic.
Post-Quantum Cryptography Trend Differentiation
Alex proposed that Iain create a half-page document to help differentiate between realistic trends and hype in the field of post-quantum cryptography. Iain agreed to this task, noting his expertise in hardware security modules and key management systems. Sam suggested that a similar approach should be taken for each initiative, with a draft document including a purpose statement and audience. Y.John from the post-quantum safe group suggested that the Key Mgmt group could provide technical guidance to practitioners.
Quantum Computing and Key Management
Sunil proposed a collaboration with the quantum computing working group, acknowledging that the topic might take some time to evolve. Sam clarified that this was just a proposal for discussion and not a firm commitment, with timelines dependent on resource availability and industry prioritization. Gary Belvin suggested focusing on the migration component of quantum-safe cryptography, while Sam agreed to update a recent document on migration to incorporate additional guidance on quantum algorithms.
Sunil then introduced the topic of key management in edge computing, emphasizing the need for practicality and a guide for practitioners.He also suggested keeping the paper short and building on previous work.
Prioritizing Post-Quantum Migration and Collaboration
The team discussed the need for a prioritization framework for the migration to post-quantum computing, which they recognized as a massive undertaking. They agreed that the priority should be risk-based, with higher risk areas being addressed first. Sam suggested that the working group should also prioritize its own efforts, and that there may be opportunities for collaboration with other groups addressing similar topics. The team also acknowledged the urgency of the situation, with Alex stating that they are racing against the clock.
Key Management in Zero Trust Framework
The participants also discussed the integration of key management into the overall Zero Trust framework. Sam and Sunil agreed to explore this topic further. Jason Kao emphasized the importance of staying updated on cloud providers' plans and their potential impact on KMS systems. Michael brought up existing work on the topic, including a paper on asymmetric Zero Trust and another on Zero Trust and IoT. The team agreed to continue exploring these topics and to stay informed about cloud providers' plans.
Discussing Papers and Survey Proposal
In the meeting, Sunil suggested breaking down the topics for manageable work. Sam proposed writing a survey to capture interest and availability to contribute for each proposed topic. Sunil also mentioned a proposal for a blockchain-based decentralized key management system for discussion in the next meeting. The conversation ended with the plan to send out a survey and contact information collection.

Next Steps:

• Iain ( @Iain Beveridge) to create a half-page summary on post-quantum cryptography trends, separating hype from realistic developments.

• Sunil ( @Sunil Arora) to provide an overview of blockchain-based decentralized key management systems in the next meeting.

• Sam ( @Sam Pfanstiel) to work with Marina to create and distribute a survey for topic prioritization and interest among working group members.

• Sam ( @Sam Pfanstiel) to send out a Google form to collect updated contact information from working group members

• Sam ( @Sam Pfanstiel) to reach out to the Quantum Safe Computing working group for potential collaboration on post-quantum key management topics

• Working group members to review existing Cloud Key Management publications for potential updates

• Michael ( @Michael Roza) to discuss sharing the IoT and Zero Trust paper (currently in leadership review) with the working group.

Next call: 5 February
Time: 09:00 a.m. P.T. / 12:00 p.m. E.T. 17:00 GMT
URL: https://zoom.us/j/93617880747. (Meeting ID: 936 1788 0747, Passcode: 536522)