Minutes interim-2023-scitt-02: Mon 16:00
minutes-interim-2023-scitt-02-202301161600-00
Meeting Minutes | Supply Chain Integrity, Transparency, and Trust (scitt) WG | |
---|---|---|
Date and time | 2023-01-16 16:00 | |
Title | Minutes interim-2023-scitt-02: Mon 16:00 | |
State | Active | |
Other versions | markdown | |
Last updated | 2023-01-17 |
IETF Interim WG meeting
Chair: Hannes Tschofenig and Jon Geater
Note taker: Kiran Karunakaran
Chair Announcements
Hannes: Session Request for IETF116 in process (see email thread)
Terminology
Yogesh to start a thread on terminology meeting on IETF SCTT mailing
list
Some issues on architecture Github is out of date
- Close issue 28
- Term 'artifact'- need a dedicated session to review term artifact
(Yogesh to push this via terminology thread) - #37, #34, #38 are terminology related as well
- Yogesh: Issue #29 - Evidence is signed. Statement can be unsigned or
signed. Yogesh to review with Steve before closing this out
Ray: Discrimination between RATS and SCITT can be classifed as upstream
and downstream. Inherent quality between RATS claims and SCITT claims
may be different
Roy: We need to start using terminology in the use case document. This
way we're looking at sentences and not just words outside the context
Yogesh: Terminology should be clearly defined within the SCITT ecosystem
through the architecture doc. Where do we draw the line when it comes to
aligning on terminology with other groups or standards orgs
Henk: There will always be an overlap. If in doubt, we need to qualify
and define it well within the architecure doc
Use Case Discussion
Dick: Use cases need to be clearly defined. Get use case document
completed, understand intersections and constrains as we're defining
terminology
Henk: March 13th is the deadline. We should have agreement by March 6th
on what's in and what's out for IETF.For IETF116, we will have focused
use cases
Dick: Need agreement on foundational use cases that represents SCITT
goals
Hannes: Multiple issues related to terminology (some can be closed).
Looks like use case documentation is the first step towards alignment
Joshua: Sigstore case studies to be reflected in the use case document.
Henk and Joshua to figure this out offline
Ray: E2E security for ballot image:
https://docs.google.com/document/d/1vZYATrxiA6vJ-2azdLG2jqOqXTDn7s68RotEFJeeByo/edit
Roy: Ray to look into CCF (leveraging RATS on HW TEE)
SCITT Community
Kiran: We are formally announcing SCITT community (supplement to IETF
working group to help with adoption of specification-
https://github.com/scitt-community/
Next Meeting:
1) Sigstore presentation