[{"author": "Behcet Sarikaya", "text": "

session just started

", "time": "2022-11-10T13:02:20Z"}, {"author": "Roman Danyliw", "text": "

Thank you for taking notes Denis

", "time": "2022-11-10T13:02:43Z"}, {"author": "Behcet Sarikaya", "text": "

Audio is good on my side

", "time": "2022-11-10T13:07:24Z"}, {"author": "Tadahiko Ito", "text": "

not only mechanism, but also operational aspect seems to necessary, (e.g. auditing by third party etc.)

", "time": "2022-11-10T13:16:15Z"}, {"author": "Ned Smith", "text": "

the users / use case context between wallets and digital asset gw are different. That may justify having different working groups.

", "time": "2022-11-10T13:31:49Z"}, {"author": "Ned Smith", "text": "

if 2 databases are connected via a gw, the gw needs acid properties but the dbs don't have to share the same db schema. In financial networks double spend is analogous to the db schema.

", "time": "2022-11-10T13:34:55Z"}, {"author": "Gilbert Verdian", "text": "

Thank you to the BOF for the opportunity to speak. To understand the work programme in ISO TC307, please feel free to visit: https://www.iso.org/committee/6266604/x/catalogue/p/0/u/1/w/0/d/0

", "time": "2022-11-10T13:38:42Z"}, {"author": "Thomas Hardjono", "text": "

@Rama: I think we need to move forward. We don't have time to explain how the Shipping industry works today

", "time": "2022-11-10T13:54:08Z"}, {"author": "Wes Hardaker", "text": "


", "time": "2022-11-10T13:54:15Z"}, {"author": "Gilbert Verdian", "text": "

This is just one use case, I would be keen to cover other use cases

", "time": "2022-11-10T13:54:40Z"}, {"author": "Phillip Hallam-Baker", "text": "

I am skeptical about the shipping industry use case. Letters of Credit are not created under contract law, they do not have a statutory basis either. They are created under the law merchant which has no controlling legal authority. So it is very hard to see how binding can be achieved in an electronic equivalent.

", "time": "2022-11-10T13:57:17Z"}, {"author": "Roman Danyliw", "text": "

I wonder whether just like the \"double spend problem\" we discussed earlier, all of the \"guarantees\" are out of scope. The protocol itself might provide the transfer, representation and an audit log.

", "time": "2022-11-10T14:02:08Z"}, {"author": "Venkatraman Ramakrishna", "text": "

@Phillip, I am not a lawyer so cannot comment on whether a letter of credit has the force of contract. Banks and carriers, though, are very keen on digitizing documents like letters of credit and bills of lading (stating from experience.) Efforts to create standardized EBL (electronic bills of lading) have been underway for several years.

", "time": "2022-11-10T14:02:09Z"}, {"author": "Eric Rescorla", "text": "

That seems like a pretty undesirable property in an NFT system.

", "time": "2022-11-10T14:03:17Z"}, {"author": "Venkatraman Ramakrishna", "text": "

Sorry, which property specifically?

", "time": "2022-11-10T14:03:43Z"}, {"author": "Phillip Hallam-Baker", "text": "

@Venkatraman Ramakrishna I am aware that this has been an objective for years. We had an attempt to get into this area at VeriSign back in the 1990s.

", "time": "2022-11-10T14:03:45Z"}, {"author": "Eric Rescorla", "text": "

Involuntary transfers by some gateway

", "time": "2022-11-10T14:04:09Z"}, {"author": "Eric Rescorla", "text": "

Indeed there has been a whole bunch of sadness lately that this is a property of the OpenSea contracts

", "time": "2022-11-10T14:04:32Z"}, {"author": "Ned Smith", "text": "

Wouldn't the bridge be the enforcement point for preventing involuntary transfers - not the gw?

", "time": "2022-11-10T14:06:08Z"}, {"author": "Gilbert Verdian", "text": "

The asset owner signs the transaction through the gateway to initiate the transfer. This is not in the scope, the protocol is about GW<->GW

", "time": "2022-11-10T14:06:30Z"}, {"author": "Venkatraman Ramakrishna", "text": "

Thanks, Phillip. I think I understand your skepticism. My sense of the banking and trade industries is that the imperative to digitize has acquired a new lease of life in the post-blockchain world. Whether or not it will meet all its goals is yet to be seen.

", "time": "2022-11-10T14:06:40Z"}, {"author": "Eric Rescorla", "text": "

@Gilbert Verdian well, this is invisible to the receiver

", "time": "2022-11-10T14:07:53Z"}, {"author": "Eric Rescorla", "text": "

It's just a totally different threat model

", "time": "2022-11-10T14:08:03Z"}, {"author": "Venkatraman Ramakrishna", "text": "

@Eric, let's distinguish the gateway from the network behind it. Validation of the asset owner's signature is likely occur behind the gateway, but that's not in the GW<-GW> protocol scope.

", "time": "2022-11-10T14:09:18Z"}, {"author": "Eric Rescorla", "text": "

@Venkatraman Ramakrishna yes, I understand that's out of scope. I'm saying that's bad in the NFT case.

", "time": "2022-11-10T14:09:58Z"}, {"author": "Ned Smith", "text": "

The main threat model concern for the GW<->GW is that the asset isn't diverted, dropped or replayed?

", "time": "2022-11-10T14:11:07Z"}, {"author": "Gilbert Verdian", "text": "

From a pure threat perspective, it should be treated the same as how BGP is visible or is a vector to the end user. As an industry have created controls to further secure BGP by establishing trust relationships and BGP route monitoring for anomalies like redirects and offline AS networks. There is still much work to be done, plus the same for digital asset network types.

", "time": "2022-11-10T14:12:31Z"}, {"author": "Ned Smith", "text": "

Ned Smith said:


The main threat model concern for the GW<->GW is that the asset isn't diverted, dropped or replayed?


and maybe there is a privacy expectation?

", "time": "2022-11-10T14:12:58Z"}, {"author": "Venkatraman Ramakrishna", "text": "

@Ned....there is a privacy expectation by default. The gateways cannot (are not supposed to) leak info without the network's consent.

", "time": "2022-11-10T14:13:55Z"}, {"author": "Behcet Sarikaya", "text": "

what is bill of lading in short?

", "time": "2022-11-10T14:14:17Z"}, {"author": "Gilbert Verdian", "text": "

Ned Smith said:


Ned Smith said:


The main threat model concern for the GW<->GW is that the asset isn't diverted, dropped or replayed?


and maybe there is a privacy expectation?


Yes, it is one of biggest requirements to have privacy enabled transactions. We have implemented cross-network privacy capability in Latin America for 12 countries when banks do settlement in an inter-bank network

", "time": "2022-11-10T14:14:40Z"}, {"author": "Venkatraman Ramakrishna", "text": "

When a shipper hands off a goods consignment to a carrier (e.g., Maersk), the carrier provides a bill of lading to the shipper as proof that it has taken posission of the shipment.

", "time": "2022-11-10T14:14:54Z"}, {"author": "Venkatraman Ramakrishna", "text": "


", "time": "2022-11-10T14:15:14Z"}, {"author": "Ned Smith", "text": "

Venkatraman Ramakrishna said:


@Ned....there is a privacy expectation by default. The gateways cannot (are not supposed to) leak info without the network's consent.


but wouldn't the network own the policy for privacy and may want to enforce it at the network scope? But that implies the peer network can decrypt etc?

", "time": "2022-11-10T14:15:36Z"}, {"author": "Behcet Sarikaya", "text": "


", "time": "2022-11-10T14:15:48Z"}, {"author": "Venkatraman Ramakrishna", "text": "

@Ned...yes to both your questions. The specific ability to decrypt need not be exposed through a GW though.

", "time": "2022-11-10T14:17:03Z"}, {"author": "Behcet Sarikaya", "text": "

Not many people in the room but they are very active

", "time": "2022-11-10T14:20:14Z"}, {"author": "Massimiliano Pala", "text": "

I would stay on the questions on the slide... physical presence at the meeting is, I think, irrelevant to the discussion. Ask the question on the mailing list...

", "time": "2022-11-10T14:20:31Z"}, {"author": "Eric Rescorla", "text": "

I'm asking for them to be remotely connected

", "time": "2022-11-10T14:21:38Z"}, {"author": "Venkatraman Ramakrishna", "text": "

@Eric.....maybe this won't satisfy you but there are a lot of people concerned about this problem. Not all of them are plugged into the IETF ecosystem to be present in the room, but they are very much interested in the problem of standardization. Our weekly group meetings have several different people participating quite regularly.

", "time": "2022-11-10T14:22:00Z"}, {"author": "Eric Rescorla", "text": "

No, this is precisely what worries me

", "time": "2022-11-10T14:22:15Z"}, {"author": "Eric Rescorla", "text": "

Namely that what is going to happen is that a small group of people are going to talk to those people and come back with requirements, and those people never participate directly

", "time": "2022-11-10T14:23:03Z"}, {"author": "Richard Barnes", "text": "

when we started MLS, we had ~10^9 users' worth of messaging operators (roughly a dozen of them) in the room saying they wanted the work, even though it was honestly pretty speculative at that point. pretty strong contrast to the situation here.

", "time": "2022-11-10T14:25:06Z"}, {"author": "Eric Rescorla", "text": "

Right. That was the best case, but what I'm looking for is something like that

", "time": "2022-11-10T14:25:59Z"}, {"author": "Eric Rescorla", "text": "

An example of something that went very badly is WPACK, where basically there were 25 people involved and we mostly were designing to some set of requirements from the Google AMP team, but filtered through like 2 poeple

", "time": "2022-11-10T14:27:27Z"}, {"author": "Roman Danyliw", "text": "

Per the trust/security assumptions, it would be great to clarify what security properties the protocol (in-scope work) will provide. I'm wondering how much of this is an application problem with generic security transport being used.

", "time": "2022-11-10T14:27:38Z"}, {"author": "Behcet Sarikaya", "text": "

@Eric Rescorla note that this is the 2nd BOF, maybe their last chance

", "time": "2022-11-10T14:27:48Z"}, {"author": "Roman Danyliw", "text": "

IETF guidance on virtual interim meetings = https://www.ietf.org/about/groups/iesg/statements/interim-meetings-guidance-2016-01-16/

", "time": "2022-11-10T14:29:31Z"}, {"author": "Behcet Sarikaya", "text": "

I think asset is an object

", "time": "2022-11-10T14:29:45Z"}, {"author": "Roman Danyliw", "text": "

I just heard that MVP = \"digital asset transfer\"

", "time": "2022-11-10T14:33:41Z"}, {"author": "Roman Danyliw", "text": "

Who will help us validate that the \"MVP is the MVP\"?

", "time": "2022-11-10T14:34:19Z"}, {"author": "Behcet Sarikaya", "text": "

Wes said MVP a couple of times, wonder what it is?

", "time": "2022-11-10T14:35:45Z"}, {"author": "Roman Danyliw", "text": "

MVP = Minimal Viable Product

", "time": "2022-11-10T14:36:14Z"}, {"author": "Behcet Sarikaya", "text": "

Thanks Roman

", "time": "2022-11-10T14:36:35Z"}, {"author": "Richard Barnes", "text": "

i agree with EKR's refinement of my comments

", "time": "2022-11-10T14:45:50Z"}, {"author": "Gilbert Verdian", "text": "

The event is on 1st December 2022, Joining Forces for Standardisation with the European Commission for all standards bodies to participate and compare their efforts. Happy to share the details of the hybrid meeting if it\u2019s of interest.

", "time": "2022-11-10T14:47:00Z"}, {"author": "Venkatraman Ramakrishna", "text": "

Gilbert, yes, I'm interested.

", "time": "2022-11-10T14:47:30Z"}, {"author": "Richard Barnes", "text": "

and in the app area, where there's less of a distinction between vendor and operator

", "time": "2022-11-10T14:48:24Z"}, {"author": "Eric Rescorla", "text": "

An, also basically any web stuff :)

", "time": "2022-11-10T14:49:16Z"}, {"author": "Behcet Sarikaya", "text": "

Weird, this Q is not asked in other BOFs

", "time": "2022-11-10T14:49:26Z"}, {"author": "Behcet Sarikaya", "text": "

Maybe for satq is relevant

", "time": "2022-11-10T14:50:02Z"}, {"author": "Eric Rescorla", "text": "

Well, as Richard says, in many other BOFs they are the same people

", "time": "2022-11-10T14:50:17Z"}, {"author": "Eric Rescorla", "text": "

So, for instance, when Chrome engineers say they will implement, we expect them to ship

", "time": "2022-11-10T14:50:33Z"}, {"author": "Richard Barnes", "text": "

@Behcet it's one of the usual questions, usually together with who will write/review drafts. it's extra important here because this is a new area for IETF, so it's less clear

", "time": "2022-11-10T14:50:49Z"}, {"author": "Behcet Sarikaya", "text": "

Yeah I meant the usual question

", "time": "2022-11-10T14:51:21Z"}, {"author": "Richard Barnes", "text": "

i just checked the chair slides from MIMI yesterday, and the last question is \"who is interested in implementing\" -- with the \"operate\" question implicit for the reasons above

", "time": "2022-11-10T14:52:27Z"}, {"author": "Eric Rescorla", "text": "

And this really is an important question for MIMI, because we worry about whether the gatekeepers will deploy

", "time": "2022-11-10T14:52:54Z"}, {"author": "Behcet Sarikaya", "text": "

how many distinct asset networks we have out there?

", "time": "2022-11-10T14:54:32Z"}, {"author": "Eric Rescorla", "text": "

Well hopefully enough that it makes this worthwhile!

", "time": "2022-11-10T14:55:26Z"}, {"author": "Roman Danyliw", "text": "

For those remote, it was just asked if the 4 people that responded in the poll as being \"operators\" would speak up and name themselves. No one was willing.

", "time": "2022-11-10T14:55:34Z"}, {"author": "Venkatraman Ramakrishna", "text": "

@Roman.....I answered yes as an IBM representative (we build networks for clients). Unfortunately, I cannot share details for client confidentiality reasons.

", "time": "2022-11-10T14:56:56Z"}, {"author": "Behcet Sarikaya", "text": "

yes IBM is a good case

", "time": "2022-11-10T14:57:50Z"}, {"author": "Massimiliano Pala", "text": "

Thank you! Great session.

", "time": "2022-11-10T15:00:26Z"}, {"author": "Behcet Sarikaya", "text": "

good job Thomas

", "time": "2022-11-10T15:00:32Z"}, {"author": "Venkatraman Ramakrishna", "text": "

Thanks everyone! Great questions.

", "time": "2022-11-10T15:00:40Z"}]