Minutes interim-2023-scitt-16: Mon 15:00
minutes-interim-2023-scitt-16-202306051500-00
| Meeting Minutes | Supply Chain Integrity, Transparency, and Trust (scitt) WG | |
|---|---|---|
| Date and time | 2023-06-05 15:00 | |
| Title | Minutes interim-2023-scitt-16: Mon 15:00 | |
| State | Active | |
| Other versions | markdown | |
| Last updated | 2023-06-12 |
SCITT Interim Meeting - 5th June 2023
Github Architecture Open Issues
Terminology #7
Steve suggests to close the issue. Ray and Dick provided feedback and
asked whether all comments have been addressed in the draft.
Hannes suggested to Ray to double-check whether he is OK with the
resolution. Ray is OK to review the issue.
KEYTRANS working group on Key Transparency
Orie suggested to watch the videos from the last IETF meeting and
clarified that the group talks about key-value pairs rather than just
keys.
A key-value pair can be a key.
Here is the charter text:
https://datatracker.ietf.org/doc/charter-ietf-keytrans/00-01/
Ray: Does their work relate to our identity discussion?
Orie: They talk a lot about utilizing user identities.
Jon: The response I got was that they are related to user identities.
Chris: There is a lot of similarity with the SCITT group.
Jon: For a number of use cases the right answer is to use SCITT and
merkle-tree proofs. For their use cases, there is, for example, no
possibility to traverse the log since there are privacy problems. I am
convinced that there is other work worth doing.
Ray: There is a big difference in terms of the constraints. They also
have a larger number of participants and the entities submitting to the
log most likely have no domain associated to them.
Dick: Whatever we do here should be synergetic to what is out there in
the field. This is not a greenfield deployment.
CoMETRE
Henk gives a short overview of the receipt work based on
https://datatracker.ietf.org/doc/draft-steele-cose-merkle-tree-proofs/
The current version is here:
https://ietf-scitt.github.io/draft-steele-cose-merkle-tree-proofs/draft-steele-cose-merkle-tree-proofs.html
The PRs are here:
https://github.com/ietf-scitt/draft-steele-cose-merkle-tree-proofs/pulls
Github Architecture Open Issues
Append-only log (#67)
Henk to write a proposal for a requirements and post it to the list.
Henk will talk to Ray off-line.
Policy Identifiers (#66)
Duplicate with issue #63
Discussion between Henk, Roy, Dick, Ray, Charlie and Hannes about what
policies mean and what a policy identifier offers for interoperability.
Roy: We want to indicate when a registration policy has changed.
Who should see the change? Are the policies visible to others and to
whom?
Hannes suggested to have an off-list discussion to better organize the
topic around registration policies to make more progress at the interim
meetings.