Cloud Key Management

Recording: https://cloudsecurityalliance.zoom.us/rec/share/edYxRpMiMRonga9yb5_Fq1pj7kRlCRCfL-DXgxYpvE2Ga2LkChW4LRDm7iz6MxHQ.dE3rRzoJ3pS2xQiR 

Passcode: C9a+hE4@

Summary:
The team reviewed and provided updates on various technical documents, including key management papers and post-quantum cryptography. The team discussed document contributions, formatting requirements, and communication channels, including the establishment of a public Slack channel (#wg-cloud-key-management) for the working group's project.

Minutes:

Cloud Key Management Document Updates
Marina provided updates on several documents, including a refreshed "Key Management in Cloud Services 2025" document and an upcoming "xYOK" document on key responsibility models. She then mentioned that two documents are currently in progress: a post-quantum key management paper and a multi-cloud KMS document. Marina invited contributions for the post-quantum cryptography paper.

Post-Quantum Cryptography Paper

The team discussed the status of their working paper, which is preparing for peer review but still has some sections pending from Partha and Sunil. John confirmed that his parts are complete, and Marina suggested following up with Sunil and Pratha about their remaining sections. Janaki, a new group member, inquired about contributing to the paper, and Marina advised that authorship is based on substantial contributions, suggesting Janaki could start by providing internal reviews and feedback. 

Section 7.3 related to security considerations, was still unauthored. The team clarified that the entire paper focuses on security, particularly key management from a post-quantum cryptography standpoint. Sunil agreed to review the document and decide if the section is needed, and if so, what it should contain. The team also mentioned a recommendations section at the end of the document. The team discussed the importance of properly citing references within the text to aid readability, and Marina provided guidance on the preferred format and explained the difference between footnotes and references, and Alex offered to improve a specific sentence in the document. 

Multi-Cloud KMS Recommendations Paper

For the multi-cloud KMS paper, they still haven't finished addressing reviewer comments. 

In order to finally move this document to the copy editor, Marina invited interested members to address the comments received by the public peer reviewers.

Cloud Key Management Project Updates and Channels of Communication
Marina confirmed that a Slack channel exists for the working group's communication. Circle is not being used anymore.
Marina instructed the team to join the public Slack channel for the WG Cloud Key Management project: (#wg-cloud-key-management) . She clarified that main communications would continue through the Google group and the slack channel. 

Next Action Items:

• @Sunil Arora to review and decide if section 7.3 is needed in the Post-quantum paper, and if yes, define what it should contain.

• to fix the references format in the post-quantum paper .

• to address Michael Roza's comments on the strategic roadmap and recommendations sections in the post-quantum paper.

• @Alex Rebo to improve the sections in the multi-cloud KMS paper where he has entered his comments.

• All interested members review the post-quantum paper and provide feedback.

• All interested members to review the reviewer's comments on the multi-cloud KMS paper, NOT add new comments. We need to finalize this content now for publication.

• All members to register and join the Slack workspace (#wg-cloud-key-management) for the working group communications.