diff --git a/meeting-minutes/2026/2026-05-20-TAC.md b/meeting-minutes/2026/2026-05-20-TAC.md new file mode 100644 index 0000000..1339b79 --- /dev/null +++ b/meeting-minutes/2026/2026-05-20-TAC.md @@ -0,0 +1,152 @@ +--- +layout: default +title: 2026-05-20 TAC Meeting Record +parent: 2026 +grand_parent: Meeting Minutes +--- + +# Post-Quantum Cryptography Alliance - Technical Advisory Council (TAC) Meeting 20 May, 2026 +[**View Recording**] +*Recordings are also available on your [Open Profile](https://openprofile.dev/my-meetings) page under Past Meetings* +[**Join the meeting**](https://zoom-lfx.platform.linuxfoundation.org/meeting/98559442147?password=5e9d28b7-97d4-4628-9087-5f359dbf3d80) +[**PQCA Meeting Calendar**](https://pqca.org/calendar/) +[**Discord Server**](https://discord.pqca.org) + +--- + +### **Antitrust Policy Notice** + +Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at [linuxfoundation.org/antitrust-policy](https://linuxfoundation.org/antitrust-policy). If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation. + +--- + +## Voting Representative Attendance (_Alphabetical by 1st name_) +### Premier Member Representatives + +* [ ] Brian Jarvis, AWS +* [ ] Michael Maximilien, IBM +* [X] Norman Ashley, Cisco (OQS Rep) +* [ ] Sophie Schmieg, Google + + ### Project Representatives +* [ ] Matthias Kannwischer, TCR +* [ ] Hanno Becker, AWS (PQCP) +* [X] Andreas Schade, IBM (CBOMkit) +* [X] Aditya Koranga, NgKore \[TAC Chair\] + +## Non-Voting Representative Attendance + +### LF Staff +* [ ] Christina Harter +* [X] Hart Montgomery +* [ ] Min Yu +* [X] Tomasz Sedej + +### Other Attendees +* [X] Andy Warner, Google +* [X] Sumanth B +* [X] Katarina +* [X] Dawit Selesh Mekonen, Information Network Security Administration +* [X] Joe Livingston, IBM +* [X] Panos Kampanakis, AWS +* [X] Kevin Micciche, HPE + +--- +# Meeting Agenda + +Questions from Christina: + +- **Readiness Tracking WG** + - Please share details with the community & colleagues. Any TAC members planning to join? + - Approved by the TAC: https://github.com/PQCA/TAC/issues/139 + - Chair: Andy Warner, Google + - Mailing List: https://lists.pqca.org/g/wg-readiness-tracking + - GitHub Repository: https://github.com/PQCA/wg-readiness-tracking + - Meeting Cadence: Every 2 weeks beginning May 21, 2026 [meeting link] - Open to the public + - Blog Post published on May 18th + +- Any update/action items after the license scanning reports were presented to each project last week? +- Mentorship application closes on Friday, May 22nd; mentee finalized by Friday, May 29th. +- OpenSSF baseline presentation on next TAC meeting, June 3rd +- Blog CBOMkit pipeline updates +- Project Updates + + +# Discussion & Updates + +### **Introduction of 1st Time Attendees** +Aditya had Dawit introduce himself and his goals and aspirations for PQCA. + +--- + +### **PQCA Readiness Tracking WG** +The new readiness tracking WG was introduced. Aditya showed some of the initial commits and suggested that folks attend the first meeting of the WG tomorrow. He also highlighted the blog post. + +--- + +### **License Scanning Results** +Aditya mentioned the license scanning process and results. Andreas discussed the CBOMkit license scan results, which found some GPL code--mostly not from actual code in the project, but code used as tests for scanning--and mentioned that the CBOMkit project was going to remediate all of the issues. + +Norm also mentioned how OQS was handling the license scan results. OQS had no significant issues, but could clean up SPDX headers on upstream files. + +Andreas asked a question about SPDX headers, and Hart answered, clarifying that it didn't replace copyright or authorship information but would allow not reposting the license in all files. + +--- + +### **Mentorship Update** +Aditya gave a brief update on the mentorship process, and in particular the many applicants for the proposed mentorship. + +--- + +### **OpenSSF Discussion: Next Meeting** +Aditya reminded the group that the OpenSSF would be presented at the next meeting, and suggested that everyone take a look at the OpenSSF security baseline to be maximally prepared for the meeting. + +--- + +### **Project Updates** + +#### PQCP +Unfortunately, both Hanno and Matthias could not make it today. They provided the following updates: + - mldsa-native memory optimizations completed and fully covered by CBMC proofs. + - mldsa-native release upcoming very shortly + + +#### CBOMkit +Andreas gave the update to the TAC. + - Andreas mentioned that the published mentorship proposal had caused a lot of PRs to be submitted. + - There have been several good PRs submitted. + - Andreas discussed SonarQube vs Antler, and why the team preferred SonarQube. + - There may also be support for Tink, which was a very ambitious PR. + - Some of the PRs were clearly low-quality AI. The group briefly discussed the quality of AI PRs. + - Hart mentioned low-quality AI PRs are a problem across the broader LF. + +#### OQS + Norm gave the update on OQS. + - The team is focusing on getting a release candidate out soon. + - The OQS team has been in contact with the HQC team, which will be attending the next OQS meeting. The OQS team has helped the HQC team improve their code. + - The new round of NIST results was also discussed, as well as the impact of new signatures on the project. + - Norm also updated the TAC on how OQS could grow contributors by having an event presence. + - The new OQS co-chair structure (Rodrigo co-leading with Douglas) was discussed. + - Norm also mentioned some plans for OQS provider, and how it aims to add new algorithms. + +--- + +### **TPM/Hardware Discussion** +Kevin Micciche (HPE) brought up a question about TPMs and hardware with PQC. This (https://github.com/tpm2-software/tpm2-tss/pull/3046) was listed as an example. + +The group thought this was a good topic, potentially for a working group. Everyone discussed outreach for the topic. + +Kevin discussed more possibilities for collaboration with TMP2 (https://github.com/tpm2-software). + +--- + + +### **Next Steps / Action Items** + +| Action Item | Owner | Status / Due Date | +|--------------|--------|------------------| +| Prepare for OpenSSF presentation | All TAC members | Next TAC meeting | + +--- + +**Adjourned:** 7:49 am PT.