📅 LBC — Recurring Monthly Meeting
Recurring Monthly Large Business Community meeting, held the 2nd Tuesday of every month. We'll see how this time works and adjust if needed.
Thanks, — jj
🎥 Join the Webex meeting → Join meeting Meeting number (access code): 2663 759 2176 Password: PPw3v5T23pq(77938582 when dialing from a phone)
☎️ Join by phone +1-408-525-6800 — call-in toll number (US/Canada) One-tap mobile (attendees): +1-408-525-6800,,26637592176#77938582# ; Global call-in numbers
📹 Join from a video system or application Dial [email protected] — or dial 173.243.2.68 and enter the meeting number
🛠️ Hosts: log in here to view host information ❓ Need help? help.webex.com
🗓️ Add to calendar: Google · Apple · Office 365 · Outlook · Yahoo · ICS
Jeff Johnson ·Mon 15 Jun 2026 4:54PM
Here are the minutes from the last LBC meeting......
Overview
Key participants in the meeting included Jeff Johnson, Anton Arapov, Kevin Micciche (HPE), Megan Woods, Michael Onsworth, Michael Bench, David Hook, and Billy Bromley. The discussion covered a wide range of topics from recent face-to-face meeting highlights to technical developments and community processes.
Significant attention was given to the development of a native Rust cryptographic library and its integration with OpenSSL, with contributors actively collaborating on providers and FIPS validation. Performance enhancements and code simplification efforts, particularly around macro usage, were highlighted as priorities for upcoming releases.
The group reviewed OpenSSL's release strategy, emphasizing major versions as LTS releases with controlled breaking changes, and solicited community input on feature removals. A new AI policy requiring disclosure of AI-assisted code contributions was approved, updating the Contributor License Agreement process.
Discussions on Merkle tree certificates and composite signatures revealed differing views on implementation approaches, while efforts to improve pull request workflows aim to accelerate contributions. Upcoming conferences and events were noted as key engagement opportunities, especially concerning post-quantum cryptography.
International cryptography standards and algorithm support, including interest in FrodoKEM, were discussed with an emphasis on aligning with large business and global community needs. To better capture and prioritize such requests, Jeff Johnson proposed formalizing a process for submitting guidance requests, supported by Anton Arapov.
Overall, the meeting fostered collaboration, knowledge sharing, and strategic planning to advance OpenSSL and related cryptographic projects, with commitments to enhance community involvement and adapt to emerging technologies.
Detailed Summary
Face-to-face meeting highlights
Jeff Johnson and Anton Arapov discuss the recent face-to-face meeting held in Berno, highlighting key participants and topics covered. The meeting included presentations on cryptographic projects, performance testing, and community updates, emphasizing collaboration and knowledge sharing among contributors.
Jeff Johnson appreciates the meeting's value and mentions meeting Megan Woods, who works on Bouncy Castle and OpenSSL FFI.
Anton Arapov plans to distribute meeting notes to the back-end TAC community and encourage others to do the same.
Jeff Johnson notes the presence of various contributors including David Hook, Michael Onsworth, and Michael Bench, discussing Rust crypto and OpenSSL providers.
Rust cryptography developments
Discussion centers on the development of a native Rust cryptographic library with plans for FIPS validation and an OpenSSL provider to access it. Contributors are actively working on code and providers, indicating progress in integrating Rust crypto into OpenSSL.
Michael Onsworth is developing a Rust crypto library aiming for FIPS validation.
Megan Woods has started working on an OpenSSL provider for the Jostle crypto library.
Michael Baentsch is using Claude to create an OpenSSL provider for Rust, showing community interest and collaboration.
Performance enhancements and code simplification
The meeting covered ongoing and upcoming performance improvements in OpenSSL, including patches expected in the October release. There was active discussion about code simplification, particularly around reducing or removing macros, reflecting a focus on maintainability and efficiency.
Neil provided insights into current and future performance enhancements.
There was passionate discussion about reducing or removing macros to simplify code.
Anton Arapov highlighted substantial performance increases expected in the next release if patches land.
Academic insights and grant proposals
Billy Brumley presented on proposals, grants, and research paper writing tips, offering valuable guidance to the community. This academic perspective helps contributors understand research processes and improve their documentation and proposals.
Billy Brumley gave an insightful talk on writing papers and grant proposals.
The presentation was well received and considered beneficial for community members involved in research.
OpenSSL release planning and breaking changes
The group discussed the timeline for OpenSSL releases, focusing on major versions as LTS releases with subsequent major releases allowing breaking changes. The importance of API compatibility for providers was emphasized, and community input on what to remove next was solicited.
Anton Arapov explained the plan for major OpenSSL releases every two years with breaking changes allowed only in major releases.
API compatibility for providers will be maintained despite breaking changes.
Community members were encouraged to suggest features or components to remove in future releases.
AI policy and Contributor License Agreement updates
A new AI policy was approved, requiring contributors to disclose AI usage in code submissions. The CLA portal was updated to reflect this, and contributors using AI tools must sign a new CLA. This policy aims to maintain transparency and adapt to evolving development practices.
Anton Arapov approved the new AI policy, pending final director approvals.
Jeff Johnson explained that contributors must disclose AI usage and sign updated CLAs if they use AI tools.
The policy does not prohibit AI-generated code but requires transparency about its use.
Merkle tree certificates and composite signatures
There was heated discussion about drafts concerning Merkle tree certificates (MTC) and composite signatures as a migration strategy. While the utility of composite signatures was acknowledged, implementation approaches raised concerns, particularly from the OpenSSL community.
Mike Onsworth and Bob Deck debated the drafts on Merkle tree certificates.
David Hook emphasized the usefulness of composite signatures for migration.
OpenSSL contributors expressed reservations about implementing the proposed standards.
Pull request process improvements
The community discussed ways to accelerate pull request approvals and improve the contribution process. Engineering managers were tasked with documenting and executing a revised process to enhance efficiency and community participation.
Anton Arapov noted that engineering managers from the foundation and corporation are responsible for process improvements.
The goal is to reorganize and streamline the OpenSSL contribution process.
Community feedback and participation remain important for successful implementation.
Upcoming events and conference participation
Participants shared plans for attending upcoming conferences, including local events, PKI consortium meetings, Black Hat, and DEF CON. These events provide opportunities for engagement, knowledge exchange, and addressing emerging topics like post-quantum cryptography.
Anton Arapov mentioned local events and a PKI consortium meeting in Amsterdam in December.
Kevin Micciche is preparing for an HPE conference and the TCG conference in London.
OpenSSL plans to participate in Black Hat and related conferences, focusing on topics like crypto and post-quantum cryptography.
International cryptography standards and algorithm support
The discussion covered international cryptography standards, including interest in algorithms like FrodoKEM and the need to support diverse schemes. Participants emphasized the importance of community input to prioritize implementations relevant to large businesses and international markets.
Kevin Micciche highlighted the GSMA resource tracking international cryptography efforts.
Anton Arapov noted no current plans to implement FrodoKEM but expressed openness to community interest.
Jeff Johnson and others stressed the importance of supporting non-NIST algorithms and international standards.
Formalizing community requests for guidance
Jeff Johnson proposed creating a formal process and documentation for the large business community to submit requests for guidance or feature support. This approach aims to improve communication, prioritize needs, and involve more community members in decision-making.
Jeff Johnson suggested a form to capture problem statements, proposed solutions, and signatories.
Anton Arapov supported the idea to better integrate large business input into community processes.
The first use case for the form would be to address requests related to FrodoKEM.
Jeff Johnson will create a formal request form for large businesses to submit cryptographic feature requests or problem statements, starting with the proto camera example, and share it with Anton Arapov and the team.
Anton Arapov and team should gather community feedback on interest in implementing Fraudo Chem or similar cryptographic schemes, especially from large businesses.
Anton Arapov needs to finalize and publish the new AI policy and obtain the remaining director approvals.
Anton Arapov should start preparing a stake or update next week as part of ongoing tasks.
Anton Arapov should create or locate an updated timeline for OpenSSL releases and share it with the team.
Anton Arapov needs to post the highlights of the face-to-face meeting to the back in TAC this week and encourage others to do the same for their communities.