[{"author": "Roman Danyliw", "text": "

Real time note taking = https://notes.ietf.org/notes-ietf-118-spice

", "time": "2023-11-07T08:33:09Z"}, {"author": "Roman Danyliw", "text": "

Consolidated slide deck = https://datatracker.ietf.org/meeting/118/materials/slides-118-spice-complete-slide-deck-pdf

", "time": "2023-11-07T08:34:12Z"}, {"author": "Nick Doty", "text": "

\"so that\" definitely doesn't seem out of scope. why the credential is presented is absolutely essential for privacy.

", "time": "2023-11-07T08:41:14Z"}, {"author": "Daniel Gillmor", "text": "

also, \"ideally with privacy\" relegates privacy to second tier status, below the other goals :sad:

", "time": "2023-11-07T08:42:46Z"}, {"author": "Nick Doty", "text": "

\"automating ... better throughput\" doesn't sound like a user-driven process where an informed person wants to present a credential

", "time": "2023-11-07T08:43:36Z"}, {"author": "Daniel Gillmor", "text": "

right, friction is not necessarily a bad thing with these flows

", "time": "2023-11-07T08:44:02Z"}, {"author": "Jonathan Hoyland", "text": "

It sounds like PATs / PrivacyPass / Anonymous credentials

", "time": "2023-11-07T08:45:34Z"}, {"author": "Daniel Gillmor", "text": "

the picture on slide 17 omits communications between verifier and issuer, which is likely to be necessary for a number of stages in the process (e.g., revocation checking)

", "time": "2023-11-07T08:45:44Z"}, {"author": "Richard Barnes", "text": "

@Daniel - The Issuer-Verifier connection is more like a CA-RP connection

", "time": "2023-11-07T08:46:09Z"}, {"author": "Daniel Gillmor", "text": "

@Richard Barnes right, exactly, you're just using different names :)

", "time": "2023-11-07T08:46:27Z"}, {"author": "Richard Barnes", "text": "

(IMO this whole effort is like PKIbis, but also that's a good thing)

", "time": "2023-11-07T08:46:40Z"}, {"author": "Deb Cooley", "text": "

she said 'symmetric key', but maybe meant 'asymmetric'?

", "time": "2023-11-07T08:46:57Z"}, {"author": "Richard Barnes", "text": "

@Deb I think that's right

", "time": "2023-11-07T08:47:09Z"}, {"author": "Daniel Gillmor", "text": "

it also misses the question of whether the verifier itself needs to prove its identity to the wallet

", "time": "2023-11-07T08:47:10Z"}, {"author": "David Waite", "text": "

prove for issuer policy or for user prompting/consent?

", "time": "2023-11-07T08:48:11Z"}, {"author": "Deb Cooley", "text": "

prove that the issuer being approached is correct/legit.

", "time": "2023-11-07T08:49:08Z"}, {"author": "Daniel Gillmor", "text": "

or local user policy; or logging of identity requests for accountability against abusive requests; or or or \u2026

", "time": "2023-11-07T08:49:18Z"}, {"author": "Rohan Mahy", "text": "

Deb Cooley said:

\n
\n

she said 'symmetric key', but maybe meant 'asymmetric'?

\n
\n

She said asymmetric, she just talks fast.

", "time": "2023-11-07T08:50:13Z"}, {"author": "Daniel Gillmor", "text": "

she's at least 0.75 ekr

", "time": "2023-11-07T08:50:27Z"}, {"author": "Deb Cooley", "text": "

but not bursty

", "time": "2023-11-07T08:51:14Z"}, {"author": "Michael Richardson", "text": "

Kudos on using issuer.example, rather than overloading \"example.com\" and \"example.net\" !!

", "time": "2023-11-07T08:51:50Z"}, {"author": "Richard Barnes", "text": "

huh, i hadn't thought of SD as a space optimization. but it makes sense

", "time": "2023-11-07T08:53:13Z"}, {"author": "Richard Barnes", "text": "

strong disagree with Holder != Subject

", "time": "2023-11-07T08:54:00Z"}, {"author": "Nick Doty", "text": "

the example shows the same unique identifier being shared with all parties. was this intended to be an example of a privacy-preserving method?

", "time": "2023-11-07T08:54:01Z"}, {"author": "David Waite", "text": "

disagree in which sense?

", "time": "2023-11-07T08:54:26Z"}, {"author": "Richard Barnes", "text": "

@Nick - I think it's a unique identifier just like the public key in a certificate is

", "time": "2023-11-07T08:54:47Z"}, {"author": "Richard Barnes", "text": "

Which I hope makes clear that making that part private is quixotic

", "time": "2023-11-07T08:55:00Z"}, {"author": "Jonathan Hoyland", "text": "

I.e. strong linkability

", "time": "2023-11-07T08:55:20Z"}, {"author": "Rohan Mahy", "text": "

Richard Barnes said:

\n
\n

strong disagree with Holder != Subject

\n
\n

Why? It is a classic use case. I am power of attorney for my mom. Why shouldn't I be able to prove that she is over 65 and is retired from her university job when I am acting on her behalf?

", "time": "2023-11-07T08:55:21Z"}, {"author": "Richard Barnes", "text": "

@David - Probably something to take offline unless it turns out to be salient here :)

", "time": "2023-11-07T08:55:22Z"}, {"author": "Nick Doty", "text": "

@rlb just introducing a unique cryptographic cross-origin identifier?

", "time": "2023-11-07T08:55:43Z"}, {"author": "Richard Barnes", "text": "

@Rohan because you hold the private key and are the one acting with the credential. things like PoA are still about you, they just have some other linkage to someone else

", "time": "2023-11-07T08:56:15Z"}, {"author": "David Waite", "text": "

I have a very clever thought here, but there is insufficient space in the margin of this meetecho

", "time": "2023-11-07T08:56:39Z"}, {"author": "Richard Barnes", "text": "

@Nick if we do things right here, we can minimize the scope/persistence of the identifier

", "time": "2023-11-07T08:57:16Z"}, {"author": "Richard Barnes", "text": "

(i.e., enable use of different keys)

", "time": "2023-11-07T08:57:24Z"}, {"author": "Nick Doty", "text": "

@rlb perhaps! in that case, let's not specifically show examples of the bad practice when describing the privacy protections

", "time": "2023-11-07T08:57:59Z"}, {"author": "Jonathan Hoyland", "text": "

I guess a subject id would be a useful feature for enforcing at-most-one properties, as long as it is only static for the same issuer issuance

", "time": "2023-11-07T08:58:22Z"}, {"author": "Rohan Mahy", "text": "

Richard Barnes said:

\n
\n

@Rohan because you hold the private key and are the one acting with the credential. things like PoA are still about you, they just have some other linkage to someone else

\n
\n

I think you have a different definition of Subject than the BoF organizers.
\nIt sounds like to you the subject IS the private key. To the BoF organizers, the natural person (my mom) is the subject and the private key is just a mandatory property of that subject.

", "time": "2023-11-07T08:58:29Z"}, {"author": "Richard Barnes", "text": "

@Nick in the scope of the interaction that was shown, it's correct. you need consistency between what the issuer sees and what the verifier sees, otherwise the assertion is meaningless

", "time": "2023-11-07T08:58:38Z"}, {"author": "David Waite", "text": "

but the TL;DR is a certificate for TLS tells you information about a server, while the protocol allows you to confirm you are talking to that server. Holder comes from a document model where a credential may just exist and not be part of a protocol exchange.

", "time": "2023-11-07T08:58:54Z"}, {"author": "Nick Doty", "text": "

@rlb in order to facilitate verifier-issuer linkability? that's a privacy-harming property.

", "time": "2023-11-07T08:59:56Z"}, {"author": "Jonathan Hoyland", "text": "

It's privacy preserving if the subject id rotates on each issuance

", "time": "2023-11-07T09:01:09Z"}, {"author": "Richard Barnes", "text": "

@Nick - No, so that the system has any meaning at all. Like you can't change the name on your driver's license

", "time": "2023-11-07T09:01:35Z"}, {"author": "Daniel Gillmor", "text": "

i think the point that needs to be made at the mic is that \"selective disclosure\" does not necessarily mean \"unlinkability\" -- these are separate properties and we need to aim for both

", "time": "2023-11-07T09:02:01Z"}, {"author": "Daniel Gillmor", "text": "

whenever the mic line opens

", "time": "2023-11-07T09:02:19Z"}, {"author": "Richard Barnes", "text": "

@Rohan - I'm concerned about the human that owns the private key. We need a super clear semantic model here, and allowing Holder != Subject muddies it

", "time": "2023-11-07T09:02:24Z"}, {"author": "Daniel Gillmor", "text": "

@Richard Barnes i agree that makes it simpler, but what folks are saying is the real world isn't that simple.

", "time": "2023-11-07T09:02:54Z"}, {"author": "Richard Barnes", "text": "

Like a credential says \"these attributes go with whomever owns the private key\". \"Whomever owns the private key\" is the only sane definition of Subject or Holder.

", "time": "2023-11-07T09:03:31Z"}, {"author": "Jonathan Hoyland", "text": "

We don't want some data aggregator to be able to get issuances about every subject they stalk.

", "time": "2023-11-07T09:03:40Z"}, {"author": "Nick Doty", "text": "

@rlb IETF has done work on breaking linkability between issuance and presentation, there's a whole working group for that.

", "time": "2023-11-07T09:03:44Z"}, {"author": "David Waite", "text": "

for JWT and SD-JWT where the cryptography and claims create likability, you would discourage reuse of a credential. This is why there are OAuth-based issuance protocols to maintain persistent relationships between the holder and issuer to get 'fresh' credentials

", "time": "2023-11-07T09:03:53Z"}, {"author": "Richard Barnes", "text": "

@DKG I'm aware that there's complexity in the real world :) I'm just disagreeing about where to put it

", "time": "2023-11-07T09:04:03Z"}, {"author": "Richard Barnes", "text": "

@Nick which one?

", "time": "2023-11-07T09:04:12Z"}, {"author": "Nick Doty", "text": "

privacypass

", "time": "2023-11-07T09:04:28Z"}, {"author": "Jonathan Hoyland", "text": "

@Nick Doty but you'll notice that group was not mentioned on the 'relevant work at the IETF\" slide

", "time": "2023-11-07T09:04:41Z"}, {"author": "David Waite", "text": "

there is work on cryptographic mechanisms like BBS under CFRG that would allow additional unlinkability properties

", "time": "2023-11-07T09:04:42Z"}, {"author": "Daniel Gillmor", "text": "

@Richard Barnes are you saying that in (for example) the power of attorney scenario, we need to consider building an unlinkable, anonymous cryptographic proxy of agency? or are you ok with just letting the adult child operate the declining parent's credential?

", "time": "2023-11-07T09:05:05Z"}, {"author": "Richard Barnes", "text": "

/me ponders whether you could do PRIVACYPASS for asymmetric-key credentials

", "time": "2023-11-07T09:05:13Z"}, {"author": "Michael Richardson", "text": "

I find myself rather concerned if SD will be applied to SBOM.

", "time": "2023-11-07T09:05:43Z"}, {"author": "Richard Barnes", "text": "

@Daniel - I'm thinking of things like having the parent's credential sign a delegation to the child

", "time": "2023-11-07T09:05:50Z"}, {"author": "Richard Barnes", "text": "

not complicated

", "time": "2023-11-07T09:06:04Z"}, {"author": "Brent Zundel", "text": "

Screenshot_20231107_100447_Slides.jpg
\nOrie slide with colors

\n
", "time": "2023-11-07T09:06:05Z"}, {"author": "Daniel Gillmor", "text": "

@Richard Barnes with selective disclosure?

", "time": "2023-11-07T09:06:09Z"}, {"author": "Daniel Gillmor", "text": "

or does the child have to identify themselves in order to do selective disclosure about the parent?

", "time": "2023-11-07T09:06:39Z"}, {"author": "Jonathan Hoyland", "text": "

Yeah, I could have a property that says \"is authorised to act on behalf of X\"

", "time": "2023-11-07T09:06:45Z"}, {"author": "Jonathan Hoyland", "text": "

In my credential

", "time": "2023-11-07T09:06:56Z"}, {"author": "Richard Barnes", "text": "

@DKG good question, but i think it's solvable with a few more words than would fit here

", "time": "2023-11-07T09:07:11Z"}, {"author": "Daniel Gillmor", "text": "

@Jonathan Hoyland 's suggestion is a good start

", "time": "2023-11-07T09:07:26Z"}, {"author": "Jonathan Hoyland", "text": "

That covers power of attorney, and when you let your accountant file your taxes.

", "time": "2023-11-07T09:07:35Z"}, {"author": "Richard Barnes", "text": "

yeah what Hoyland said

", "time": "2023-11-07T09:07:43Z"}, {"author": "Daniel Gillmor", "text": "

though i dunno how you do that in an unlinkable way

", "time": "2023-11-07T09:08:02Z"}, {"author": "David Waite", "text": "

one modeling is that you have a credential about the child as a subject, and a second credential stating power of attorney about the parent. parent would be a holder of the first and subject of the second, and may have a proof of possession of the second

", "time": "2023-11-07T09:08:16Z"}, {"author": "Jonathan Hoyland", "text": "

It requires negotiation between the issuers

", "time": "2023-11-07T09:08:31Z"}, {"author": "Richard Barnes", "text": "

privacy folks should pay attention to this preso -- a lot of the privacy benefit here is converting OAuth-like privacy to PKI-like privacy

", "time": "2023-11-07T09:08:44Z"}, {"author": "Richard Barnes", "text": "

Technically it doesn't need to be per-presentation, just per-Verifier

", "time": "2023-11-07T09:10:16Z"}, {"author": "Jonathan Hoyland", "text": "

I feel like the IETF has a lot of the building blocks to build something plausible already, but we'd need a lot of guidance about all the use cases.

", "time": "2023-11-07T09:10:18Z"}, {"author": "Richard Barnes", "text": "

Also feel like we need to solve some basic stuff before going after advanced properties

", "time": "2023-11-07T09:10:42Z"}, {"author": "Daniel Gillmor", "text": "

@Richard Barnes there are also cases where you'd like unlinkabilty per-presentation, not just per-verifier

", "time": "2023-11-07T09:11:10Z"}, {"author": "David Waite", "text": "

perhaps the most significant difference from traditional PKI is in privacy implications.

", "time": "2023-11-07T09:12:10Z"}, {"author": "Richard Barnes", "text": "

@DKG - Yes, but the slide said \"cross-verifier\" linkability :)

", "time": "2023-11-07T09:12:18Z"}, {"author": "Richard Barnes", "text": "

@David how so?

", "time": "2023-11-07T09:12:25Z"}, {"author": "Michael Richardson", "text": "

@Orie Steele if I understood SD-CWT content, every Verifier would get the same payload/signature block, but the payload would just be a list of hashes of the disclosable values. MJ is saying that the signature itself could be used to correlate?

", "time": "2023-11-07T09:12:31Z"}, {"author": "Daniel Gillmor", "text": "

right, that's a weaker form of unlinkability.

", "time": "2023-11-07T09:12:42Z"}, {"author": "Nick Doty", "text": "

the \"tracker\" is typically not the software the user operates, but some other party

", "time": "2023-11-07T09:12:53Z"}, {"author": "David Waite", "text": "

email, corporate, website certificates do not have correlation/tracking concerns or mixed use where sensitive attributes may want to be withheld

", "time": "2023-11-07T09:13:20Z"}, {"author": "David Waite", "text": "

that can have a significant impact - see the difference in authorization mechanisms by oauth and privacypass

", "time": "2023-11-07T09:14:29Z"}, {"author": "Henk Birkholz", "text": "

https://github.com/transmute-industries/ietf-spice-charter/blob/main/charter.md

", "time": "2023-11-07T09:16:26Z"}, {"author": "Jonathan Hoyland", "text": "

OK, this was not clear to me before. I absolutely do not want to be required to carry my smartphone with me at all times.

", "time": "2023-11-07T09:16:43Z"}, {"author": "Henk Birkholz", "text": "

that's the charter draft to bash in a moment

", "time": "2023-11-07T09:16:46Z"}, {"author": "David Waite", "text": "

@Michael if you are doing an ECDSA signature of a Merkle tree of salted values, the tree and the signature are unique values to a particular issued credential (e.g. based on the random inputs). So if you see the same twice, it is the same issued credential.

", "time": "2023-11-07T09:17:27Z"}, {"author": "Rohan Mahy", "text": "

Richard Barnes said:

\n
\n

Like a credential says \"these attributes go with whomever owns the private key\". \"Whomever owns the private key\" is the only sane definition of Subject or Holder.

\n
\n

I am the private key holder for credentials about a personal identity of myself, a professional (Wire) identity for myself, my mother who has dementia, and a 2 year old girl. These are clearly different subjects. That Rohan has private keys (is the Holder) for them does not mean that I am the Subject of all of them. Indeed, one of the important claims is the birthday/age. My mom being over 65 and the child being under 18.

", "time": "2023-11-07T09:18:29Z"}, {"author": "David Waite", "text": "

The holder does not even need to be one of the subjects of the credential, although it is more common for them to be so (and for there to be a mechanism for them to prove such).

", "time": "2023-11-07T09:23:05Z"}, {"author": "Denis PINKAS", "text": "

@Rohan: PoP of a private key is insufficient to demonstrate that the Holder is the legitimate holder of the presentation credential.

", "time": "2023-11-07T09:23:06Z"}, {"author": "Jonathan Hoyland", "text": "

I disagree with that. You should have a assertion that you are authorised to act on behalf of the two year old and your mother. That is very different from \"I am my mother\".

", "time": "2023-11-07T09:23:13Z"}, {"author": "Michael Richardson", "text": "

Jonathan Hoyland said:

\n
\n

OK, this was not clear to me before. I absolutely do not want to be required to carry my smartphone with me at all times.

\n
\n

I was involved in a W3C VCR proof present PoC. The process started with a QRcode in a browser, and then moved to smartphone for the rest of the proof. There were multiple stupids along the way, and while a desktop wallet is perfectly reasonable, and it does not (and perhaps should not) reside in the browser, it's not clear to me that it is actually deployable in the way people want. I also am uncertain if my smartphone has the resiliency (like against damage, dead battery, etc.) such that I'd want to keep important things in it.

", "time": "2023-11-07T09:23:18Z"}, {"author": "Richard Barnes", "text": "

wait why is this all CWT and not JWT?

", "time": "2023-11-07T09:24:03Z"}, {"author": "Jonathan Hoyland", "text": "

To be clear, I often do not have any electronics on me at all

", "time": "2023-11-07T09:24:03Z"}, {"author": "Richard Barnes", "text": "

+1 Jonathan -- account linking vs. password sharing

", "time": "2023-11-07T09:24:43Z"}, {"author": "Jonathan Hoyland", "text": "

And would be unwilling to use any.

", "time": "2023-11-07T09:24:44Z"}, {"author": "David Waite", "text": "

Jonathan, representing a credential as a scannable QR code has been done (in the dark times of 2020). You lose selective disclosure for a piece of paper, and need separate means of identity proof such as a photo id.

", "time": "2023-11-07T09:25:52Z"}, {"author": "Jonathan Hoyland", "text": "

I could carry multiple pieces of paper if I want selective disclosure.

", "time": "2023-11-07T09:26:46Z"}, {"author": "David Waite", "text": "

yes, you have different design considerations for static codes

", "time": "2023-11-07T09:27:17Z"}, {"author": "Deb Cooley", "text": "

@Jonathan: do you do that now?

", "time": "2023-11-07T09:27:21Z"}, {"author": "Jonathan Hoyland", "text": "

No, I just go around with no ID at all.

", "time": "2023-11-07T09:27:43Z"}, {"author": "Deb Cooley", "text": "

interesting

", "time": "2023-11-07T09:28:43Z"}, {"author": "Deb Cooley", "text": "

I feel like we've had this conversation before....

", "time": "2023-11-07T09:29:16Z"}, {"author": "Oliver Terbu", "text": "

please not too much extensibility otherwise it won't be implementable

", "time": "2023-11-07T09:29:26Z"}, {"author": "A.J. Stein", "text": "

Are any of these use cases possible outside of national identity bodies? I understand that is urgent for reasons Leif said, but as hard as it to believe, some people don't have national identities (rare, I get it, but definitely a thing). I get confused by \"the passport model\" by name is a thing, but still.

", "time": "2023-11-07T09:29:41Z"}, {"author": "Rohan Mahy", "text": "

Jonathan Hoyland said:

\n
\n

I disagree with that. \".

\n
\n

I was not clear. What is the \"that\" that you disagree with?

", "time": "2023-11-07T09:29:57Z"}, {"author": "Brian Campbell", "text": "

\"Richard Barnes 02:24

\n

wait why is this all CWT and not JWT?\" - there's a lot behind that question but tl;dr is that the JWT/JSON work is already happening elsewhere

", "time": "2023-11-07T09:30:28Z"}, {"author": "Jonathan Hoyland", "text": "

Sorry, yeah, I type too slowly.

\n

Rohan Mahy said:

\n
\n

Richard Barnes said:

\n
\n

Like a credential says \"these attributes go with whomever owns the private key\". \"Whomever owns the private key\" is the only sane definition of Subject or Holder.

\n
\n

I am the private key holder for credentials about a personal identity of myself, a professional (Wire) identity for myself, my mother who has dementia, and a 2 year old girl. These are clearly different subjects. That Rohan has private keys (is the Holder) for them does not mean that I am the Subject of all of them. Indeed, one of the important claims is the birthday/age. My mom being over 65 and the child being under 18.

\n
", "time": "2023-11-07T09:30:43Z"}, {"author": "Nick Doty", "text": "

you forgot the IETF group working on issuance and presentation and privacy?

", "time": "2023-11-07T09:30:46Z"}, {"author": "Jonathan Hoyland", "text": "

@Rohan Mahy you shouldn't have a private key for either your mother or your daughter.

", "time": "2023-11-07T09:31:30Z"}, {"author": "David Waite", "text": "

@A.J. anyone can be an issuer, although you also need verifiers willing to rely upon the credentials. There are driving regulatory use cases that create verifiers.

", "time": "2023-11-07T09:32:07Z"}, {"author": "Rohan Mahy", "text": "

Jonathan Hoyland said:

\n
\n

Sorry, yeah, I type too slowly.

\n

Rohan Mahy said:

\n
\n

Richard Barnes said:

\n
\n

Like a credential says \"these attributes go with whomever owns the private key\". \"Whomever owns the private key\" is the only sane definition of Subject or Holder.

\n
\n

I am the private key holder for credentials about a personal identity of myself, a professional (Wire) identity for myself, my mother who has dementia, and a 2 year old girl. These are clearly different subjects. That Rohan has private keys (is the Holder) for them does not mean that I am the Subject of all of them. Indeed, one of the important claims is the birthday/age. My mom being over 65 and the child being under 18.
\n

\n
\n
\n

So you disagree and think that I am both the Holder AND the Subject, and that therefore I am simultaneously myself, my mother, 53 years old, over 65, under 18, male and female?

", "time": "2023-11-07T09:32:11Z"}, {"author": "Mallory Knodel", "text": "

@Jonathan Hoyland who should?

", "time": "2023-11-07T09:32:13Z"}, {"author": "Deb Cooley", "text": "

He should be authorized to act on their behalf, but that doesn't imply that he can masquerade as them.

", "time": "2023-11-07T09:32:47Z"}, {"author": "Daniel Gillmor", "text": "

Jonathan Hoyland said:

\n
\n

OK, this was not clear to me before. I absolutely do not want to be required to carry my smartphone with me at all times.

\n
\n

ensuring a \"right to paper\" is definitely worth including in the discussion. To the extent that these things are ever going to be anything close to mandatory, we need to talk about how this works for folks who don't have a device, (or even just those whose battery runs out)

", "time": "2023-11-07T09:33:19Z"}, {"author": "Denis PINKAS", "text": "

@Leif Thank you for mentioning BBS+

\n

However, AnonCreds should also be mentioned.

\n

Because anonymous credentials (i.e. AnonCreds) are able to natively support the unlinkablity property between verifiers (e.g. using BBS+), they should be part of the technological picture.

\n

Anonymous credentials support link secrets (instead of key pairs) and are able to easily link credentials issued by different Issuers.

", "time": "2023-11-07T09:33:51Z"}, {"author": "Jonathan Hoyland", "text": "

A mother should still hold a credential proving her identity, but it shouldn't have authz for e.g. taking out all her money

", "time": "2023-11-07T09:33:56Z"}, {"author": "Jonathan Hoyland", "text": "

The daughter shouldn't have a credential minted yet

", "time": "2023-11-07T09:34:15Z"}, {"author": "Mallory Knodel", "text": "

\u201cHolding\u201d might be doing impossible work in some practical and legal situations.

", "time": "2023-11-07T09:35:28Z"}, {"author": "Brent Zundel", "text": "

Jonathan Hoyland said:

\n
\n

The daughter shouldn't have a credential minted yet

\n
\n

I'm not sure i understand. What is a birth certificate other than a credential about the child that is held by the parent?

", "time": "2023-11-07T09:35:39Z"}, {"author": "Rohan Mahy", "text": "

The \"daughter\" has both a US and a Canadian passport. She shouldn't have those? She shouldn't have a medical insurance card or medical records?

", "time": "2023-11-07T09:35:49Z"}, {"author": "Deb Cooley", "text": "

you hold those for her, but you do not present those as yourself, only on behalf of her.

", "time": "2023-11-07T09:36:33Z"}, {"author": "Rohan Mahy", "text": "

What about being the executor of a will? How can a dead person hold their old credentials?

", "time": "2023-11-07T09:36:38Z"}, {"author": "Jonathan Hoyland", "text": "

Brent Zundel said:

\n
\n

Jonathan Hoyland said:

\n
\n

The daughter shouldn't have a credential minted yet

\n
\n

I'm not sure i understand. What is a birth certificate other than a credential about the child that is held by the parent?

\n
\n

I don't see what that has to do with her holding a private key? She cannot yet assert her identity, but her identity exists.

", "time": "2023-11-07T09:36:44Z"}, {"author": "Rohan Mahy", "text": "

Deb Cooley said:

\n
\n

you hold those for her, but you do not present those as yourself, only on behalf of her.

\n
\n

Exactly. I and the Holder and not the Subject

", "time": "2023-11-07T09:37:05Z"}, {"author": "Jonathan Hoyland", "text": "

Rohan Mahy said:

\n
\n

What about being the executor of a will? How can a dead person hold their old credentials?

\n
\n

This is exactly why my suggestion makes sense. I shouldn't be able to masquerade as a dead person, and nor should anyone else. That credential should be revoked.

", "time": "2023-11-07T09:37:42Z"}, {"author": "David Waite", "text": "

Think of a paper birth certificate as a credential. It is notorized and I can do processes to verify its accuracy. It doesn't show that the person presenting it is the subject - which is why you typically are required to present other forms of identification.

", "time": "2023-11-07T09:38:01Z"}, {"author": "Rohan Mahy", "text": "

Jonathan Hoyland said:

\n
\n

I shouldn't be able to masquerade as a dead person, and nor should anyone else. That credential should be revoked.

\n
\n

How could I file a final tax return for a dead person without having credentials to act on their behalf?

", "time": "2023-11-07T09:38:41Z"}, {"author": "David Waite", "text": "

this is more the informational model of credentials, which W3C Verifiable Credentials and the CCG there have both invested thought into in spades.

", "time": "2023-11-07T09:39:00Z"}, {"author": "Jonathan Hoyland", "text": "

Deb Cooley said:

\n
\n

you hold those for her, but you do not present those as yourself, only on behalf of her.

\n
\n

Why should I hold them? When she's old enough to have her own identity creds the issuer can mint some. Before then why would the key exist?

", "time": "2023-11-07T09:39:00Z"}, {"author": "A.J. Stein", "text": "

@David Waite thanks for your answer, that helps. Thanks.

", "time": "2023-11-07T09:39:04Z"}, {"author": "Daniel Gillmor", "text": "

acting on their behalf \u2260 masquerading as them

", "time": "2023-11-07T09:39:09Z"}, {"author": "Deb Cooley", "text": "

@DKG +1

", "time": "2023-11-07T09:39:25Z"}, {"author": "Daniel Gillmor", "text": "

fwiw, i think the IRS would be surprised at a filing that said \"i died during this tax year\"

", "time": "2023-11-07T09:39:58Z"}, {"author": "Jonathan Hoyland", "text": "

Rohan Mahy said:

\n
\n

Jonathan Hoyland said:

\n
\n

I shouldn't be able to masquerade as a dead person, and nor should anyone else. That credential should be revoked.

\n
\n

How could I file a final tax return for a dead person without having credentials to act on their behalf?

\n
\n

You correctly couldn't. The issuer could mint you some if you were authzed to have them.

", "time": "2023-11-07T09:40:13Z"}, {"author": "Rohan Mahy", "text": "

And who would the Subject be when the issuer mints them? Remember that the claims are claims about the Subject, not claims about the Holder.

", "time": "2023-11-07T09:41:48Z"}, {"author": "Michael Richardson", "text": "

Jonathan Hoyland said:

\n
\n

And would be unwilling to use any.

\n
\n

If you want to stick to paper documents, that's fine, and that's your decision. But that doesn't really change the discussion about whether or not battery powered mobile electronics can withstand a DDoS against a mobile wallet.

", "time": "2023-11-07T09:42:02Z"}, {"author": "Henk Birkholz", "text": "

transformation procedures are not protocols

", "time": "2023-11-07T09:42:14Z"}, {"author": "Jonathan Hoyland", "text": "

Rohan Mahy said:

\n
\n

And who would the Subject be when the issuer mints them? Remember that the claims are claims about the Subject, not claims about the Holder.

\n
\n

I would be the subject and the holder, and have an assertion that \"the subject is authz to file taxes for X\"

", "time": "2023-11-07T09:43:12Z"}, {"author": "Henk Birkholz", "text": "

a passport is a device

", "time": "2023-11-07T09:43:52Z"}, {"author": "Henk Birkholz", "text": "

my credit card is a device

", "time": "2023-11-07T09:44:00Z"}, {"author": "Kristina Yasuda", "text": "

what are examples of unlinkability concerns at the transport protocol level?

", "time": "2023-11-07T09:44:28Z"}, {"author": "Jonathan Hoyland", "text": "

Which is exactly why I sometimes don't carry them

", "time": "2023-11-07T09:44:29Z"}, {"author": "Dan Sexton", "text": "

but you carry them when you need them, paper or device

", "time": "2023-11-07T09:44:56Z"}, {"author": "Jonathan Hoyland", "text": "

Kristina Yasuda said:

\n
\n

what are examples of unlinkability concerns at the transport protocol level?

\n
\n

TLS resumption is linkable, for example.

", "time": "2023-11-07T09:45:12Z"}, {"author": "Henk Birkholz", "text": "

both examples do not exist as a paper document in my country

", "time": "2023-11-07T09:45:23Z"}, {"author": "Andrew Campling", "text": "

I think that some of the issues in the chat (eg credentials for minors) are more usually covered by the law in many jurisdictions rather than being left to tech implementations. Ditto the \u201cright to paper\u201d for at least some use cases.

", "time": "2023-11-07T09:45:39Z"}, {"author": "Denis PINKAS", "text": "

A Framework document rather than an architecture document, because multiple architectures are able to provide solutions. Selective disclosure is one kind of many other Zero-knowledge Proofs.

\n

It is necessary to support Protocols (in addition to data structures). Unfortunately protocols are not in the scope currently.

\n

Saying that JWT or CWT should be used to support is premature. As an example, a JWT mandates that a claim should only be present once, whereas some attribute should be able to be present multiple times, e.g., \"age_Over\" = \"18\" and \"age_Over\" = \"15\" or \"Nationality\"= \"US\" and \"Nationality\" = \"CA\".

", "time": "2023-11-07T09:45:41Z"}, {"author": "Jonathan Hoyland", "text": "

Dan Sexton said:

\n
\n

but you carry them when you need them, paper or device

\n
\n

:sweat_smile: I try, but am not always successful.

", "time": "2023-11-07T09:45:43Z"}, {"author": "Henk Birkholz", "text": "

and I am obligated to carry my identiy document with me

", "time": "2023-11-07T09:45:47Z"}, {"author": "A.J. Stein", "text": "

Just because you don't have a device and you carry paper it may not matter. Re Henk's comments, I have been in international airports while all the computers for border police crashed and they had to call in and verify the paper. I am supportive of the paper idea but it won't make credentials work in many use cases all the same.

", "time": "2023-11-07T09:46:00Z"}, {"author": "Henk Birkholz", "text": "

and if I am hungry I probably should carry my cc with me or learn to scavenge food better

", "time": "2023-11-07T09:47:07Z"}, {"author": "Deb Cooley", "text": "

@Henk: we are not required to possess a national ID

", "time": "2023-11-07T09:47:26Z"}, {"author": "Michael Richardson", "text": "

Daniel Gillmor said:

\n
\n

fwiw, i think the IRS would be surprised at a filing that said \"i died during this tax year\"

\n
\n

Well, I filed taxes for my dad after he died. And actually there is a box that says \"I deceased\", and I signed it, and provided his death certificate, and the will that named me as executor. (essentially, a final form of power of attorney)

", "time": "2023-11-07T09:47:31Z"}, {"author": "Daniel Gillmor", "text": "

i do not want to enable a world where everyone is obliged to carry digital credentials (even if they're on paper) are obligatory all the time.

", "time": "2023-11-07T09:47:32Z"}, {"author": "Deb Cooley", "text": "

@Henk: cash rules.

", "time": "2023-11-07T09:48:03Z"}, {"author": "Henk Birkholz", "text": "

which leads to the \"global\" part, not all solutions have to be applied everywhere, but they should be available

", "time": "2023-11-07T09:48:16Z"}, {"author": "Jonathan Hoyland", "text": "

Daniel Gillmor said:

\n
\n

i do not want to enable a world where everyone is obliged to carry digital credentials (even if they're on paper) are obligatory all the time.

\n
\n

Exactly this!

", "time": "2023-11-07T09:48:17Z"}, {"author": "Daniel Gillmor", "text": "

@Michael Richardson marking \"taxpayer is deceased\" is different than \"I am deceased\" -- did the box actually say \"I am deceased\"?

", "time": "2023-11-07T09:48:34Z"}, {"author": "Mark McFadden", "text": "

@Deb: Plenty of places where I live and work do not take cash anymore.

", "time": "2023-11-07T09:49:07Z"}, {"author": "A.J. Stein", "text": "

Unfortunately, DKG, paper ID credentials are legally required at all times for citizens and visiting foreigners at all times in places where I routinely travel.

", "time": "2023-11-07T09:49:20Z"}, {"author": "A.J. Stein", "text": "

It seems that is problem well beyond what SPICE can control.

", "time": "2023-11-07T09:49:29Z"}, {"author": "Daniel Gillmor", "text": "

@Mark McFadden you should fix that. we have regulations in NYC that require public retail businesses to accept cash

", "time": "2023-11-07T09:49:34Z"}, {"author": "Michael Richardson", "text": "

Daniel Gillmor said:

\n
\n

Michael Richardson marking \"taxpayer is deceased\" is different than \"I am deceased\" -- did the box actually say \"I am deceased\"?

\n
\n

It probably said something like, \"person named in this document was deceased during this tax year\"

", "time": "2023-11-07T09:49:39Z"}, {"author": "Andrew Campling", "text": "

@DKG, Jonathan

", "time": "2023-11-07T09:49:42Z"}, {"author": "Brian Campbell", "text": "

I think \"transport\" protocol typically means something different in the IETF context than how something like OpenID4VC is sometimes called a transport protocol with issuing and presenting being considered transportation

", "time": "2023-11-07T09:49:48Z"}, {"author": "Rohan Mahy", "text": "

Jonathan Hoyland said:

\n
\n

Rohan Mahy said:

\n
\n

And who would the Subject be when the issuer mints them? Remember that the claims are claims about the Subject, not claims about the Holder.

\n
\n

I would be the subject and the holder, and have an assertion that \"the subject is authz to file taxes for X\"

\n
\n

No. I, the Holder of credentials about a dead person, also probably have an assertion that says that I am the personal representative of the dead person. But the date of birth claim is the date of birth of the dead person, not me. The nationality claim is of the dead person, not me.

", "time": "2023-11-07T09:49:59Z"}, {"author": "Deb Cooley", "text": "

@DKG: you should tell USPS that.

", "time": "2023-11-07T09:50:03Z"}, {"author": "Kristina Yasuda", "text": "

probably worth reinforcing that this is not limited to native apps as wallets, browser wallets and cloud wallets are also considered

", "time": "2023-11-07T09:50:38Z"}, {"author": "Simon Friedberger", "text": "

Maybe we should bring this discussion back to the \"Internet\" part of SPICE...?

", "time": "2023-11-07T09:50:38Z"}, {"author": "Daniel Gillmor", "text": "

@Deb Cooley if you can point me to an instance of USPS not accepting cash, i'd like to see it (i don't think i can do anything about USPS requiring ID for mailing certain packages)

", "time": "2023-11-07T09:50:53Z"}, {"author": "Andrew Campling", "text": "

@DKG, Jonathan \u201c i do not want to enable a world where everyone is obliged to carry digital credentials (even if they're on paper) are obligatory all the time\u201d you are of course already required to carry ID in various countries, so this work would not enable something new

", "time": "2023-11-07T09:51:39Z"}, {"author": "Daniel Gillmor", "text": "

@Simon Friedberger are you saying IETF should explicitly consider offline presentation out of scope because it's not the \"I\"? should we also avoid any specifications that are used within a single administrative domain (since it's not \"the Internet\")

", "time": "2023-11-07T09:52:04Z"}, {"author": "Aaron Parecki", "text": "

A local USPS-authorized post office near me only accepts cash and it's so frustrating :sweat_smile: also they take random lunch breaks thru the day so there's no guarantee they will be at the front desk when you show up

", "time": "2023-11-07T09:52:12Z"}, {"author": "Daniel Gillmor", "text": "

@Aaron Parecki Louis Joy is doing his best to kill the USPS to drive business to his private shipping business

", "time": "2023-11-07T09:53:18Z"}, {"author": "Jonathan Hoyland", "text": "

Rohan Mahy said:

\n
\n

Jonathan Hoyland said:

\n
\n

Rohan Mahy said:

\n
\n

And who would the Subject be when the issuer mints them? Remember that the claims are claims about the Subject, not claims about the Holder.

\n
\n

I would be the subject and the holder, and have an assertion that \"the subject is authz to file taxes for X\"

\n
\n

No. I, the Holder of credentials about a dead person, also probably have an assertion that says that I am the personal representative of the dead person. But the date of birth claim is the date of birth of the dead person, not me. The nationality claim is of the dead person, not me.

\n
\n

There are two pieces here, revealing data, and being authz to do a thing. Being able to reveal data about someone should not allow you to masquerade as them.

", "time": "2023-11-07T09:53:20Z"}, {"author": "Daniel Gillmor", "text": "

+1 to @Nick Doty

", "time": "2023-11-07T09:53:56Z"}, {"author": "Daniel Gillmor", "text": "

accountability questions are really important here

", "time": "2023-11-07T09:54:18Z"}, {"author": "Mallory Knodel", "text": "

Not only that, this is attempting to facilitate a papers please World, with the power of the internet and interop standards.

", "time": "2023-11-07T09:54:52Z"}, {"author": "Nick Doty", "text": "

the charter draft doesn't go into any more detail on privacy

", "time": "2023-11-07T09:55:16Z"}, {"author": "Michael Richardson", "text": "

Daniel Gillmor said:

\n
\n

Michael Richardson marking \"taxpayer is deceased\" is different than \"I am deceased\" -- did the box actually say \"I am deceased\"?

\n
\n

\"If this return is for a deceased person, enter the date of death\" https://www.canada.ca/content/dam/cra-arc/formspubs/pbg/5006-r/5006-r-22e.pdf

", "time": "2023-11-07T09:55:57Z"}, {"author": "Simon Friedberger", "text": "

Daniel Gillmor said:

\n
\n

Simon Friedberger are you saying IETF should explicitly consider offline presentation out of scope because it's not the \"I\"? should we also avoid any specifications that are used within a single administrative domain (since it's not \"the Internet\")

\n
\n

I think it might be good to scope this to usage on the internet and define it out of scope how it will be used by people without internet or devices, yes.

", "time": "2023-11-07T09:56:08Z"}, {"author": "A.J. Stein", "text": "

I personally would enjoy alternatives uses of this, as Orie talks: in the open source world, I would like verifiers to tell me this person does really good work in language or ecosystem or topic. I cannot tell if that is in scope or not, but these use cases to me outside of passports and driver licenses would be interesting for me.

", "time": "2023-11-07T09:57:02Z"}, {"author": "Mallory Knodel", "text": "

+orie Explicit mention of this caution in the charter would be absolutely required\u2014 in my strong view

", "time": "2023-11-07T09:57:20Z"}, {"author": "Michael Richardson", "text": "

As for papers-required Internet, that's pretty much the case already in 2/3 of the world. If you thought you were anonymous, you were probably wrong. Passport or national ID or identity is required to get a SIM card or DSL connection in every place I've been. Starbucks WIFI is pretty much the only place that you might get away without identifying yourself, and that's probably violating laws already.

", "time": "2023-11-07T09:58:00Z"}, {"author": "A.J. Stein", "text": "

@Simon Friedberger wanted to go back to the I in SPICE but maybe I am missing it. I used Keybase and missed when it tried to help with Internet identity by cross-referencing services I use with signed messages and before they dove into they tried a commercial cryptocurrency pairing I found unsettling.

", "time": "2023-11-07T09:58:14Z"}, {"author": "Michael Richardson", "text": "

(if you want to be anonymous, you need to explicitly do that. I support your right to do that. But, thinking you were anonymous by default at any point in the history of the Internet was just a delusion)

", "time": "2023-11-07T09:58:36Z"}, {"author": "Aaron Parecki", "text": "

Michael Richardson said:

\n
\n

As for papers-required Internet, that's pretty much the case already in 2/3 of the world. If you thought you were anonymous, you were probably wrong. Passport or national ID or identity is required to get a SIM card or DSL connection in every place I've been. Starbucks WIFI is pretty much the only place that you might get away without identifying yourself, and that's probably violating laws already.

\n
\n

I think that's a different kind of \"papers please\" internet than is being talked about here

", "time": "2023-11-07T09:58:51Z"}, {"author": "Henk Birkholz", "text": "

attesting == providing a trusted assertion

", "time": "2023-11-07T09:59:29Z"}, {"author": "Nick Doty", "text": "

@mcr are you suggesting we shouldn't care about privacy on the Internet because there are some jurisdictions or areas where Internet usage does include some identifiers?

", "time": "2023-11-07T09:59:38Z"}, {"author": "Henk Birkholz", "text": "

in this case

", "time": "2023-11-07T09:59:40Z"}, {"author": "Samuel", "text": "

re: transparency, allowing ZK-proofs of general predicates could lead to parties obfuscating their predicates intentions and a lack of transparency to the average user what information is being requested, whereas selective disclosure of individual fields is much more transparent, but less private. finding ways to make it the norm to communicate to users exactly what information is being requested is important to me

", "time": "2023-11-07T09:59:49Z"}, {"author": "Michael Richardson", "text": "

Aaron Parecki said:

\n
\n

Michael Richardson said:

\n
\n

As for papers-required Internet, that's pretty much the case already in 2/3 of the world. If you thought you were anonymous, you were probably wrong. Passport or national ID or identity is required to get a SIM card or DSL connection in every place I've been. Starbucks WIFI is pretty much the only place that you might get away without identifying yourself, and that's probably violating laws already.

\n
\n

I think that's a different kind of \"papers please\" internet than is being talked about here

\n
\n

Then tell me what you are talking about. Your source IP is available to every web server, even if you didn't login. When you login to facebook or your favourite mastodon, you are presenting papers.

", "time": "2023-11-07T10:00:08Z"}, {"author": "Aaron Parecki", "text": "

Right now \"identity proofing\" is a thing that many websites already require, but it's a huge amount of friction so only sites that absolutely require it do it. If it becomes as easy as an OAuth flow to do identity proofing, there's a huge risk of every website requiring it to just view a blog post

", "time": "2023-11-07T10:00:14Z"}, {"author": "Rohan Mahy", "text": "

Jonathan Hoyland said:

\n
\n

Rohan Mahy said:

\n
\n

Jonathan Hoyland said:

\n
\n

Rohan Mahy said:

\n
\n

And who would the Subject be when the issuer mints them? Remember that the claims are claims about the Subject, not claims about the Holder.

\n
\n

I would be the subject and the holder, and have an assertion that \"the subject is authz to file taxes for X\"

\n
\n

No. I, the Holder of credentials about a dead person, also probably have an assertion that says that I am the personal representative of the dead person. But the date of birth claim is the date of birth of the dead person, not me. The nationality claim is of the dead person, not me.

\n
\n

There are two pieces here, revealing data, and being authz to do a thing. Being able to reveal data about someone should not allow you to masquerade as them.

\n
\n

Jonathan, you are misunderstanding the difference between the semantics of the credential and masquerading. The Subject is whom the claims are about: the birthday, the nationality, the address, the gender, the blood type. The Holder/Presenter might not be the Subject. It is also useful to convey that the Presenter is not the Subject and that the Presenter is authorized to act of their behalf. That does not change the semantics of the Subject and the Subject's claims.

", "time": "2023-11-07T10:00:27Z"}, {"author": "Nick Doty", "text": "

+1 aaronpk

", "time": "2023-11-07T10:00:28Z"}, {"author": "Vittorio Bertola", "text": "

In any case, how often and when you are required to carry or show public identity credentials looks to me like a matter for lawmakers, not for SDOs. It already varies considerably country by country.

", "time": "2023-11-07T10:00:29Z"}, {"author": "Michael Richardson", "text": "

Nick Doty said:

\n
\n

@mcr are you suggesting we shouldn't care about privacy on the Internet because there are some jurisdictions or areas where Internet usage does include some identifiers?

\n
\n

I'm saying that if you want privacy, you have to explicitely do actions to get it. It is NOT only by default, and any belief that you had privacy was a delusion brought on by Starbucks NAT44. You've never had prviacy, unless you explicitely got it. I wish more people cared enough their privacy to actively seek it: it is not on by default, and it's never been there. You might be hard to identify in a large public crowd, but that doesn't mean you weren't in a public place.

", "time": "2023-11-07T10:02:11Z"}, {"author": "Daniel Gillmor", "text": "

adding \"accountability\" to the charter: https://github.com/transmute-industries/ietf-spice-charter/pull/13

", "time": "2023-11-07T10:02:34Z"}, {"author": "Aaron Parecki", "text": "

@Michael Richardson basically the problem is way worse than you're describing because right now it takes a bunch of work correlating different databases across different to get that level of detail that is provided by the current tools (tracking IP addresses, correlating ISP subscribers, matching that with Facebook logins, etc)

", "time": "2023-11-07T10:02:36Z"}, {"author": "Jonathan Hoyland", "text": "

Michael Richardson said:

\n
\n

Aaron Parecki said:

\n
\n

Michael Richardson said:

\n
\n

As for papers-required Internet, that's pretty much the case already in 2/3 of the world. If you thought you were anonymous, you were probably wrong. Passport or national ID or identity is required to get a SIM card or DSL connection in every place I've been. Starbucks WIFI is pretty much the only place that you might get away without identifying yourself, and that's probably violating laws already.

\n
\n

I think that's a different kind of \"papers please\" internet than is being talked about here

\n
\n

Then tell me what you are talking about. Your source IP is available to every web server, even if you didn't login. When you login to facebook or your favourite mastodon, you are presenting papers.

\n
\n

Those credentials are ones I made up, and are not linked to other credentials I used except in my head / password manager. If I had to show my passport to use Facebook I wouldn't use it.

", "time": "2023-11-07T10:02:55Z"}, {"author": "Vittorio Bertola", "text": "

And, privacy laws will actually prevent a random website from requiring you to show e-id unless there is a strong reason for it.

", "time": "2023-11-07T10:02:55Z"}, {"author": "Nick Doty", "text": "

@vittorio that's a very optimistic view of privacy laws! in my country, such laws are very unlikely

", "time": "2023-11-07T10:03:27Z"}, {"author": "Brian Campbell", "text": "

Aaron Parecki said:

\n
\n

Right now \"identity proofing\" is a thing that many websites already require, but it's a huge amount of friction so only sites that absolutely require it do it. If it becomes as easy as an OAuth flow to do identity proofing, there's a huge risk of every website requiring it to just view a blog post

\n
\n

there is real risk here

", "time": "2023-11-07T10:03:33Z"}, {"author": "Kristina Yasuda", "text": "

that's why many issuers/wallets are building trusted verifier lists to limit at which verifiers credentials can be used

", "time": "2023-11-07T10:04:49Z"}, {"author": "Mallory Knodel", "text": "

Nick Doty said:

\n
\n

@vittorio that's a very optimistic view of privacy laws! in my country, such laws are very unlikely

\n
\n

If you see a privacy law violation you can just call up your DPO and then they\u2019ll ask the website to kindly correct their practices so you can view it. Smooth

", "time": "2023-11-07T10:05:19Z"}, {"author": "Brian Campbell", "text": "

though I think that risk mostly manifests at a different layer

", "time": "2023-11-07T10:05:20Z"}, {"author": "Kristina Yasuda", "text": "

also three party model is not only identity proofing ;) though it is a big part of VCs in enterprise identity

", "time": "2023-11-07T10:05:54Z"}, {"author": "Vittorio Bertola", "text": "

Nick Doty said:

\n
\n

@vittorio that's a very optimistic view of privacy laws! in my country, such laws are very unlikely

\n
\n

Well, that's the basic principle of GDPR. But as I said, this is a cultural and political discussion that cannot be solved well at the global technical level

", "time": "2023-11-07T10:06:03Z"}, {"author": "Kristina Yasuda", "text": "

transport layer having privacy built is goes without saying IMO

", "time": "2023-11-07T10:06:12Z"}, {"author": "Mallory Knodel", "text": "

Sorry my sarcasm is meant to highlight that even good regulation is where massive friction exists. Whereas the standards aim to remove friction down to mere seconds for users.

", "time": "2023-11-07T10:07:04Z"}, {"author": "Daniel Gillmor", "text": "

@Kristina Yasuda never hurts to say it again though :smiling_face:

", "time": "2023-11-07T10:07:04Z"}, {"author": "Kristina Yasuda", "text": "

to be clear, never meant to imply everything privacy needs to be left to regulation. as said, we need to understand how much we can realize with technology side. we provide tools and lobby the governments to mandate those :)

", "time": "2023-11-07T10:07:19Z"}, {"author": "Nick Doty", "text": "

my suggestion was not to \"fine tune\" the language on privacy

", "time": "2023-11-07T10:07:58Z"}, {"author": "Michael Richardson", "text": "

I'm basically saying what DKG said: if we want privacy, we have to build it in. It won't be on by default. We are going to reduce friction, and yes, some blogs will want your identity in order to read the blog, So you'd better think that you might have a few dozen identities in your multiple mobile wallets. Jonathan, when in a place that requires identity, might have a throw-away mobile wallet device (yes, could be QRcode on paper) that satisfies the law, but doesn't link him to other places.

", "time": "2023-11-07T10:08:44Z"}, {"author": "Daniel Gillmor", "text": "

Kristina Yasuda said:

\n
\n

that's why many issuers/wallets are building trusted verifier lists to limit at which verifiers credentials can be used

\n
\n

this is a great example of an accountability measure (i'm not convinced it's the only one we should have, or that it's sufficient though), and i hope that the WG will think about those mechanisms as well. otherwise we'll have to bolt it on later. that rarely goes well.

", "time": "2023-11-07T10:09:38Z"}, {"author": "Nick Doty", "text": "

there are many problems. I do not know what problem the group is trying to solve.

", "time": "2023-11-07T10:10:34Z"}, {"author": "Brian Campbell", "text": "

what is \"this problem\" ?

", "time": "2023-11-07T10:10:38Z"}, {"author": "Vittorio Bertola", "text": "

In any case, we need to have this discussion in detail, and I agree that there are privacy points that can be addressed here. For example, I'd like to run my own wallet via opem source code rather than use one by Google or by my government. Standards can make this much easier or much harder.

", "time": "2023-11-07T10:10:44Z"}, {"author": "Samuel", "text": "

The holder knowing exactly what they're being asked to prove is so critical to privacy here. Even if there is great technical privacy capabilities, if someone sends a predicate which only provides one bit, but identifies you exactly if that bit is 1 and that is not transparent to the user, then we have a big problem.

", "time": "2023-11-07T10:10:59Z"}, {"author": "Daniel Gillmor", "text": "

oh, i thought the problem was \"what are we trying to work on here?\"

", "time": "2023-11-07T10:11:08Z"}, {"author": "Daniel Gillmor", "text": "

which is definitely worth solving :laughter_tears:

", "time": "2023-11-07T10:11:29Z"}, {"author": "Michael Richardson", "text": "

Vittorio Bertola said:

\n
\n

In any case, we need to have this discussion in detail, and I agree that there are privacy points that can be addressed here. For example, I'd like to run my own wallet via opem source code rather than use one by Google or by my government. Standards can make this much easier or much harder.

\n
\n

Yeah, I want this too. And I'm concerned that you and I won't be able to afford to run the mediators that such an open source solution might depend upon.

", "time": "2023-11-07T10:11:32Z"}, {"author": "Brian Campbell", "text": "

the poll said \"this\"

", "time": "2023-11-07T10:13:13Z"}, {"author": "Nick Doty", "text": "

we don't need a BoF question every time to ask whether there exist problems worth solving

", "time": "2023-11-07T10:13:26Z"}, {"author": "Daniel Gillmor", "text": "

@Brian Campbell sure, everyone can pick their own antecedent. that's the beautiful thing about pronouns!

", "time": "2023-11-07T10:13:41Z"}, {"author": "Jonathan Hoyland", "text": "

Poll Q: Is there agreement between participants on what \"this problem\" is?

", "time": "2023-11-07T10:14:37Z"}, {"author": "Daniel Gillmor", "text": "

if \"no\" means \"there are no problems worth solving\", then i am jealous of the 5 people who said \"no\"

", "time": "2023-11-07T10:14:45Z"}, {"author": "Brian Campbell", "text": "

Jonathan Hoyland said:

\n
\n

Poll Q: Is there agreement between participants on what \"this problem\" is?

\n
\n

I, for one, don't think there is agreement

", "time": "2023-11-07T10:15:57Z"}, {"author": "Jonathan Hoyland", "text": "

Two IETFers three opinions

", "time": "2023-11-07T10:16:26Z"}, {"author": "Daniel Gillmor", "text": "

clearly this either needs more charter work, or more people need to read the charter

", "time": "2023-11-07T10:18:18Z"}, {"author": "Vittorio Bertola", "text": "

I would answer \"I don't know\"

", "time": "2023-11-07T10:18:38Z"}, {"author": "Simon Friedberger", "text": "

Daniel Gillmor said:

\n
\n

clearly this either needs more charter work, or more people need to read the charter

\n
\n

Well, there was a lot of distraction from the charter by discussions about forklifts, nurses and passports.

", "time": "2023-11-07T10:18:58Z"}, {"author": "Jonathan Hoyland", "text": "

Daniel Gillmor said:

\n
\n

clearly this either needs more charter work, or more people need to read the charter

\n
\n

Why not both?

", "time": "2023-11-07T10:19:05Z"}, {"author": "Stephen Farrell", "text": "

are we voting now? :-(

", "time": "2023-11-07T10:19:52Z"}, {"author": "Andrew Campling", "text": "

I\u2019ve taken slide 11 as the problem statement, views if this is incorrect?

", "time": "2023-11-07T10:20:08Z"}, {"author": "Daniel Gillmor", "text": "

the charter needs to contain a reasonable problem statement, not a specific slide

", "time": "2023-11-07T10:20:32Z"}, {"author": "Jonathan Hoyland", "text": "

Does someone who does think the scope is well specified want to go to the mic?

", "time": "2023-11-07T10:21:40Z"}, {"author": "Vittorio Bertola", "text": "

I think lots of people show up at bofs without preparation, to discover new work. Chairs should not expect the entire room to know the proposed charter well.

", "time": "2023-11-07T10:23:18Z"}, {"author": "Rohan Mahy", "text": "

https://github.com/transmute-industries/ietf-spice-charter/blob/main/charter.md

", "time": "2023-11-07T10:24:20Z"}, {"author": "Rohan Mahy", "text": "

I've read the \"In scope\" and \"Out of scope\" sections several times and I don't think it is super clear.

", "time": "2023-11-07T10:24:57Z"}, {"author": "Denis PINKAS", "text": "

@Rohan: +1

", "time": "2023-11-07T10:25:27Z"}, {"author": "Rohan Mahy", "text": "

It sounds like we can change selective CWTs, but we can't change JWTs if we think they got the semantics wrong on the JSON side

", "time": "2023-11-07T10:26:10Z"}, {"author": "Nick Doty", "text": "

chairs, thanks for organizing this conversation. Roman, thanks for an excellent summarization.

", "time": "2023-11-07T10:27:03Z"}]