Minutes IETF120: diem: Wed 16:30
minutes-120-diem-202407241630-00
Meeting Minutes | Digital Emblems (diem) WG | |
---|---|---|
Date and time | 2024-07-24 16:30 | |
Title | Minutes IETF120: diem: Wed 16:30 | |
State | Active | |
Other versions | markdown | |
Last updated | 2024-08-05 |
Agenda
Overhead - 10m - Chairs
- Greeting
- Note takers
- NOTE WELL
- Rules of engagement
- Agenda bash
Problem Statement - 30m with questions
- White Flag - 5m - Timo Schless
- Journalism - 5m - Mike Christie
- ICRC Needs - 5m - Samit D'Cunha
Note: there will be time for questions, but not discussion in this
part of the agenda.
Framing Solutions - 20m with questions
- ADEM approach - 5m - Felix Linker
- Framing the problem - 5m - Brian Haberman
- Why this is a single problem - 5m - Bill Woodcock
Note: there will be time for questions, but not discussion in this
part of the agenda.
Open Discussion - 45m - Everyone
Focus on key questions: the problems, scope, and tractability
Note: The goal is to identify gaps or disagreements, not to resolve
them.
Conclusions and actions - 15m - Chairs + ADs
Notes
White Flag
One venture that split off from Timo's work was White Flag. It is a
foundation as well as an ecosystem of NGOs, militaries and others to
build a communciation protocol. We think it is currently a technology
readiness of level 6. The intent is to save lives, and the Secretary of
the UN has called for action here. In conflict and disaster areas, many
things happen and many of this information is not communicated to the
right person.
We are used to physical signs but they have severe limitations. They
cannot be selectively shared. They are also hard to authenticate.
Looking for a process and automated intelligence system to issue and
validate. We started working on what they call Digital Signs and
Signals. Want to cover physical objects like cars, buildings, people and
virtual objects as well.
There are diversity of use cases, from conflict and disaster areas.
Michael Christie:
Samit D'Cunha: You are working with different organizations. Can you
speak to which organizations specificially.
We have worked with everyone whoses symbols were on the slide. Start
ups, we are building software rignt now.
Mauro Vignati: We follow follow White Flag for a while now. When we talk
about the slide that Timo showed. Just be precise we are working through
multiple channels now.
Journalism
As a retired journalist for Reuters news agency. He was responsible for
the protection of 4,000 staff and free-lance.
The conversation taking place about digital emblems is potentially an
enormous importance for the international News Organizationss from a
safety perspective.
Real world example: In August 2005 from the Reuters Bureau in Baghdad.
Even though the members were clearly marked the car was not. The solders
open fire and all members died. The lack of integrated system built into
the battlefield GIS system.
In August 2006 in Gaza the well marked "Tarzan" vehicle was fired upon
by missile that wounded two collegues.
The paperwork involved in managing the export and transportation of all
the technology is excessive. The attendees for the Olympics can be in
excess of $25,000 of equipment. The visual gear, Personal Protective
Equipment. The ability to shift this to a digital twin representation,
would free up potentially a lot of manually filled in paperwork and
ensure it is correct.
ICRC Needs
Digital Emblems under International Humanitarian Law. The project is to
digitalize the Red Cross, Crescent and Crystal. The distinctive emblems
primary user is actually the states, not the Red Cross itself. The
emblem is to signify the specific protections those persions have. The
distinctive emblems are encoded into the Geneva Conventions.
What is so different about the emblem. Normally it indicates
affiliations, or respect. It is basically used to inform. IT is used to
be indicative use.
The use is a protective use of the symbol and it is not to indicate
affiliation, but does indicate protection of international law. The ICRC
uses the protective emblems at all times. It indicates a specific an
obilgation of a party to a conflict. An obligation that has existed for
160 years.
The emblem is also used to indicate to assist. There has to be very
specific requirements to how that emblems are used and placed.
What is not related to this discussion, you have to think about a stop
sign. In a situations where there are no laws to stop at a stop sign
means there is no requirement to honor the sign.
There currently no way to indicate the physical emblem concept in a
digital space. The discussion here is how that can be achieved.
Rohan: When you describe a digitial emblem you are talking about this
specific image.
Yes
Watson Ladd: To simplify the point of absuridity like an MRI cannot be
interferred with if it has this emblem.
Yes, the work and services of the humanitarian organization need to be
respective and protected.
Eliot Lear: Do you also see room to protect physical aspects with a
digital emblem.
We are working on looking at this, but our role is a development.
Jim Reid: Who would be the authority for other emblems going forward and
verified?
With Regards to the emblems shown earlier, there are other distinctive
implications for each. The special meanings are in the LACUNA in the law
and understanding coming forward.
Currently we are restricting the discussion to the Red Cross, Crescent
and Crystal.
Digital Emblems technical aspects.
We seek is a digital emblem equivalent to the Red Cross in a sense. We
must call a Verify Us. Verify Us are all those parties that verify and
stop attacks.
We need to protect end points and any kind of web server. Though it
extends to constrained devices and personal tablets whether or not
connected to a network. We want to asset holder to decide whether an
emblem should be applied to specific equipment. If a digital emblem were
required to signal their presence. We believe that this distribution
requires sanitization because we need to sneak it in somewhere.
Framing the Problem - Brian Haberman
The problem is broad, as organizations want to be protected under other
legal statutes and they are required to. As we move to more digital
solutions, we need compariable solutions.
The Secure nature of this is key.
The physical emblems, you run into problems of distinguishing valid use
versus arbitrary. The problem of how to protect these going forward, and
key to that is non-repudiation. We need to create a mechanism that
allows people to say, no you saw that emblem.
Are there pieces of commonality that we need to start considering. Can
we create a capability that allows people to feel more protected because
they have greater visibility into why they are being protected.
You get to the point if someone has requested use of an emblem.
Robert Moskowitz: Can we size the problem? Is this a million or billion
problem.
Right now we are talking a thousand and how many are deserving.
On the outside will be 10 to 100 million.
Why this is a single problem - Bill Woodcock
We have been involved and working with a team looking at organizations
that administer bodies of international laws.
Described the symbols on the slide.
The food and agriculture organization FAO produces one symbol that
standardized symbols since 1951. Ex: ISO 3166 A2 Country Code, etc..
Currently these are branded into wood.
The proposal has an issuer creates a digital emblems and
cryptographically signs them. Digital Emblems are bound to product.
Who are validators: Loitering Munitions (Drone), Customs is the much
more common.
What problem are we solving: The proliferation of incompatible
proprietary scanners. Each are solving them in a siloed way. There are
thousands of organizations needing to do markings under international
Laws.
Looking for a standardized way to represent this.
Richard Barnes: Once thing I did not see the authority scheme? How does
the verifier know if the party is allowed to do this.
The protocol is to facilitate information. We don't gate who gets to use
it. We have expertise that cna bring to bear in homographs.
Watson Ladd: Are you assuming that there is a situation where the
organizations entitled ..
What is number one there are laws now to mark content with an emblem and
doing that in a digital version.
Dennis Jackson: Your presentation is focusing heavily on physical
objects, where the prior was purely digital.
They are absolutely the same regardless.
Henk Birkholz: The humanitarian problem is clear in my mind but this
physical space is completely different.
Leif: Is selective disclosure and device binding in scope.
In scope.
Leif: Devicing binding is a distinct problem space.
The binding as a term of art including cryptographic proof.
Mike Prorock: Have you talked to US customs who are already doing some
of this.
We talked with Franch Customs and Dutch Customs.
Open Microphone.
Warren Kumari: I participate in the IETF NOC. We ship to different
countries, et cetera. We are familar to the problem but this seems quite
different than the humanitarian problem.
Rohan Mahy: I worked as a humantarian between 2012 to 2019. One of those
related to custom clearing and paperwork. Commonly we don't send cargo
directly from point A to Point B. They transit several other countries
along the way. Of course in the humantarian space in the medical field
is hazardous cargo such as human tissue and blood.
These kind of marking discussed by White Flag are a huge need.
Leif: So in scope you can look at digital wallet space. We should force
the SPICE and privacy policy sit down. It may take 10 years and a long
project. There is so much complexity in this space. The scope could be
reduced as there are plenty of people in the IETF are already working in
the supply chain space.
Stephan Farrell: This could be a gigantic problem. Is ISO not working on
this or not? If the use cases are for non-repudiation its going to be
all screwed up.
Mike Prorock: Scopewise. Tend see personal identity stuff gets mixed up
with system to system or corporate identity. A lot of personal privacy
space. SCITT and SPICE cover some of this space and maybe applicable
here. There are aspects already in the works and maybe usable building
blocks.
Farzaneh: This is a laudable effort. I would love to see us protect
journalists on the ground and include refugee camps. I think we need to
have a well defined scope and we need to understand if the groups we
want to help are on board.
Farzaneh: I would love the happenings to occur at the IETF. There have
been prior acts by the Red Cross in ICANN to reserve domain names and to
protect their intellectual properties. This could lead to abuse.
Response: The primary use of the emblems are different and there are
firm laws on mis-use. The goal is to protect the strength of the emblem.
Former Assistant Director: I wanted to comment on the issues saying the
Digital Emblems with regards to ICRC and Geneva Conventions.
Ted Hardie: There are distinguishing sets of problems here. I understand
the perspective that some are a subset of the other. I think it would be
challenging things that can be tackled by the IETF. There should be two
where one focuses on the broad problem and the other on building blocks.
Daniel Gillmor: I echo what Ted said. I wanted to highlight we are
agnostic to who authorities are. We'll block all that do not have badges
in some situations.
Eliot Lear: I think we are jumping to conclusions quickly and we need to
take time to decompose the problems yet. I sort of like the variable
bindings using Bill's terminology. Suggestions for next step would be to
delve in an IAB deep dive and what are the buildling blocks we have and
can use and where the commonalities are in both the problem and solution
space.
Richard Barnes: There are two facet's . One is credential structure and
the other is presentation protocol problem. It would be nice to get to
the next level of the credential formats. What they would look like in
if there are two cases.
Watson Ladd: There is a real need for the protective emblem use case.
It's narrowly scoped.
Stuart Card: The drone identification may offer some solutions
especially in the disconnected space.
Paul Wouters: The digital Asset term is different in the IETF's view and
we need to make sure to clarify in the charter. The physical space
concerns him.
Scott Fluhrer: Cisco is interested in using digital emblems to detect
counterfeits.
Kris Shrishak: I am in favor of a narrowly scoped group.
Jonathan Hoyland: Questions the actual use case and whether this just
advertises a target. I don't understand the needs of the custom agents
around data formats.
Kaliya Young: I want to echo what Mike Prorock and Leif said around
physical markings already happening. It is already been referenced in
the U.N. Trade policy.
Casey Deccio: The work that Bill presented is actually a superset of
what I had talked about. We will certainly use the work from groups like
SPICE.
Nick Doty: I am grateful to the identity folks who have already spoken.
There will not be a single use case and it is useful to cluster
problems. It is not clear if it all flows into SPICE.
Richard Wilhelm: We are the registry operator for .org. This is where
the Red Cross resides and a common target for impersonation attacks or
hackers. These things happen when there's fundraising things are
crisis-driven. There is probably a closer relationship between the
digital and physical space.
Jim Reid: I think the IETF can work on the initial Digital Emblem
quickly but the broader space could be come intractable because of all
the other organizations involved.
Alex Rosenburg: I am looking at implementing some of this and looking
for a hierarchal and wrapping around this. What is the standard for
representing this.
Alissa Cooper: I am supportative and we need to narrow this. One thing
that has not been mentioned is the contested nature of attestation.
There are some odd questions that cause some pause.
Peter Koch: I am concerned with the size and scope of this problem. As
the parallelism of work and duplication with other standards. Specificly
the European union.
Bob Moskowitz: There are probably thousands of efforts going on right
now. If we can scope this into large buckets we may make progress.
Dennis Jackson: I see a lot of euthusiam for narrowing this and the
pulling the physical space could be compelling. Do we have stakeholders
though in the room to help.
Warren Kumari: I don't see how this is actually going to help solve the
problem. The problem is actually how we communicate the emblem. Some of
the solutions with cross signing pre-exists. Instead I think we should
dig into the physical space.
Tommy Jenson: I think we should group this into actionable scopes. The
shipping container, the custom borders, Digital Emblems have different
needs on privacy and authentication.
Mallory Knodel: I support IETF becoming involved here. I can see
multiple entities implementing these and interoperability is going to be
a major problem.
Tobias Fiebig: I would like the room that there are no technical
solutions for societal problems.
Henk Birkholz: We can establish a ton of problems statements here.
Casey Deccio: I do see the need for both aspects. One way may to deal
with this in bite size pieces. I do see a need as other mentioned to tap
into other resources. This will be a large problem in total but can be
broken into chunks.
Is this the right place to do this work.
Eric: Appreciate all the feedback and comments. This was not a forming
BOF but we need to discuss further with the proponents, IESG and IAB.
There may be 2 charters to be discussed with the community
Martin: From a technical perspective there may be opportunities to
leverage existing technology and we will have to have a constructive
discussion.
We will transition to the Mailing List to discuss the work and who will
write code.
Eric: for the non-IETF people who came here, please continue to be
engaged on the mailing list and other meetings.