TIGRESS @ IETF 116

Note taker: Yaron Sheffer

Leif and Prachi opening the meeting. We will discuss the Threat Model
and Reuqirements docs.

Casey and Dmitry sharing changes to Requirements.

EKR: Not sure how the max participant requirement is enforced.   
Dmitry: wanted to remove req of transfer from single to single device,
but couldn't have unlimited number.   
Bradford: sender can specify a limiut that they want the prov partner to
adhere to.   
EKR: the system needs to include some blob targeted at the prov partner.

Dmitry: we are not trying to cover the provisioning part.   
Dmitry: technocally there are multiple ways of doing it.   
EKR: but receiver doesn't authenticate.   
Leif: may be solved with Privacy Pass.  
EKR: \[missed this part\] Would want to see a diagram of how this can be
done.  
Leif: make sure the req is actually feasible.  
EKR: the 2nd req is fine.

EKR: for max retrievals, where would this machinery happen. How do you
envision a protocol specifying that.  
Yogesh: we are not trying to prevent collusion.  
Yogesh: we allow one person to pick up the key.  
EKR: but this is not what the req says.  
Leif: the intention is to talk about admin control, and the text is
ambiguous.  
Yogesh: the idea is not to control collusion.   
EKR: if relay enforced one receiver, it is hard to deal with "glitches",
receiver failures. Which means the req cannot be implemented reasonably.

Leif: Eric has a point, we need to have an idea how we can implement it.
The text needs to be clarified - intent is unclear. If we assume no
collusion, let's say so.  
DKG: one option: you really want one other device to pick up, at most.
Even if the device fails, it doesn't get a second chance. Is that what
we want?  
Yogesh: in some cases you want a retry mechanism, in some cases not.  
Dmitry: need to clarify the req.  
EKR offered to send a comment.

Brad discussing the Threat Model. Document has been stable for a while
(no slides).  
Leif asks for a quick explanation.  
Brad: pulls the sec/privacy parts out of the WG charter.

Leif: show of hands on who read the Threat Model doc. 11 Raise hand, 9
do not. Leif: reasonable for the size of the group. Solicits volunteers
to review. Eric volunteers. Also DKG.

Leif: the documents have been rearranged quite a bit, seen a good bit of
review. Plan to issue a call for adoption for the req doc, the Threat
Model needs more review. Adoption call on the list. Are we ready for
adoption?  
EKR: adoption is appropriate.  
Leif: will take to the list.  
Meeting concludes 16:10.