Ahoy Jonathan
", "time": "2024-11-05T09:31:23Z"}, {"author": "Barry Leiba", "text": "Carpe\u2026
", "time": "2024-11-05T09:31:24Z"}, {"author": "Tommy Jensen", "text": "Good morning! Glad you can be here at least virtually
", "time": "2024-11-05T09:31:47Z"}, {"author": "Jonathan Hoyland", "text": "@Meetecho, please can we move the speaker camera?
", "time": "2024-11-05T09:36:04Z"}, {"author": "Jonathan Hoyland", "text": "@Meetecho, Thanks :pray:
", "time": "2024-11-05T09:36:46Z"}, {"author": "Martin Thomson", "text": "Orie pointed out that the names here are strikingly similar to the issuer/bearer/verifier terms used in verifiable credentials.
", "time": "2024-11-05T09:40:50Z"}, {"author": "Orie Steele", "text": "issuer, subject/holder, verifier is common in SPICE, JOSE, COSE, SCITT, STIR, etc...
", "time": "2024-11-05T09:41:27Z"}, {"author": "Nick Doty", "text": "yes, some of the use cases seem like three-party model uses of digital credentials
", "time": "2024-11-05T09:41:30Z"}, {"author": "Michael Prorock", "text": "from spice charter:
\n\"The SPICE WG will coordinate with RATS, OAuth, JOSE, COSE, and SCITT working groups that are working on documents pertinent to the identity and credential space.\"
... which is one reason we might not want to cover all the three-party model use cases
", "time": "2024-11-05T09:41:54Z"}, {"author": "Michael Prorock", "text": "seems like a lot of overlap here
", "time": "2024-11-05T09:41:58Z"}, {"author": "Orie Steele", "text": "STIR had a presentation yesterday discussing moving from 2party to \"3party\" credentials.
", "time": "2024-11-05T09:42:07Z"}, {"author": "Orie Steele", "text": "+1 Nick
", "time": "2024-11-05T09:42:31Z"}, {"author": "Ted Hardie", "text": "Emblem= A set of attributes associated with an attestation which may be validated
", "time": "2024-11-05T09:42:40Z"}, {"author": "Rohan Mahy", "text": "I would make a tiny change to the definition of Asset:
\n\"Asset - A person, place, or thing that is designated as having
\ncertain legal treatment\"( instead of \"protections\")
(deleted)
", "time": "2024-11-05T09:42:55Z"}, {"author": "Rohan Mahy", "text": "(deleted)
", "time": "2024-11-05T09:43:26Z"}, {"author": "Jonathan Hoyland", "text": "Is it \"handling\", or is it \"properties\", as in, the thing it's signalling is the property, not the viewers response?
", "time": "2024-11-05T09:44:25Z"}, {"author": "Alex Rosenberg", "text": "I think the legal protection attributes are perhaps optional, like anything else in the data payload. The asset might just be seeking verification (anti-counterfeiting) or even just a way to associate data like a serial number with an asset.
", "time": "2024-11-05T09:44:51Z"}, {"author": "Thomas Hardjono", "text": "Am I correct in assuming an emblem (physical sticker or digital) is covered by an existing copyright?
", "time": "2024-11-05T09:44:53Z"}, {"author": "Rohan Mahy", "text": "Jonathan Hoyland said:
\n\n\nIs it \"handling\", or is it \"properties\", as in, the thing it's signalling is the property, not the viewers response?
\n
I would say the asset has certain legal \"treatment\". the asset has properties. that treatment may be by virtue of having one or more of those properties
", "time": "2024-11-05T09:45:33Z"}, {"author": "Martin Thomson", "text": "There is no question that the product of this group will use the work of other groups.
", "time": "2024-11-05T09:46:06Z"}, {"author": "Michael Prorock", "text": "Asset is just the subject of a credential / token potentially
", "time": "2024-11-05T09:46:16Z"}, {"author": "Jon Geater", "text": "+1 Mike Prorock and Martin - it seems like defining common attributes and encoding is definitely valuable new work. We should look at SPICE and SCITT for the underlying mechanics
", "time": "2024-11-05T09:46:57Z"}, {"author": "Jon Geater", "text": "SPICE WG is at 13:00 today
", "time": "2024-11-05T09:47:12Z"}, {"author": "Martin Thomson", "text": "This question is one of the ones we really want to get some clarity on.
", "time": "2024-11-05T09:47:23Z"}, {"author": "Emma Cunliffe", "text": "@Thomas - in one sense, yes. Use (and misuse) of physical (and potentially digital) emblems is restricted under and governed by IHL and national legislation, rather than under copyright law. Does that answer your question
", "time": "2024-11-05T09:47:26Z"}, {"author": "Martin Thomson", "text": "Is the protection in law an essential part of the definition?
", "time": "2024-11-05T09:47:36Z"}, {"author": "Jonathan Hoyland", "text": "I think being able to signal the jurisdiction that asserts the protection is a key requirement
", "time": "2024-11-05T09:47:46Z"}, {"author": "Tommy Jensen", "text": "Definitely not jurisdictions, I am in favor of base din law, but not defining whose law, that's up to implementors of the generic mechanism
", "time": "2024-11-05T09:48:01Z"}, {"author": "Alex Rosenberg", "text": "@Martin -- no. I think some folks are over-rotating on their own use cases.
", "time": "2024-11-05T09:48:10Z"}, {"author": "Orie Steele", "text": "seems like one of the important parts of attestation is legal interpretation of attestation and its importants.
", "time": "2024-11-05T09:48:12Z"}, {"author": "Orie Steele", "text": "... i need coffee
", "time": "2024-11-05T09:48:38Z"}, {"author": "Thomas Hardjono", "text": "@Emma: yes thanks, that clarifies.
", "time": "2024-11-05T09:48:38Z"}, {"author": "Henk Birkholz", "text": "If die \"attestation\" can be a about any digital assets, in which cases is that not rats evidence or rats endorsements?
", "time": "2024-11-05T09:49:00Z"}, {"author": "Michael Prorock", "text": "i wish the use of the term validator instead of verifier didn't bug me so much
", "time": "2024-11-05T09:49:05Z"}, {"author": "Jonathan Hoyland", "text": "@Tommy I think we're in agreement. I think one of the fields that needs to be validated is jurisdiction.
", "time": "2024-11-05T09:49:07Z"}, {"author": "Michael Prorock", "text": "+1 henk
", "time": "2024-11-05T09:49:22Z"}, {"author": "Shigeya Suzuki", "text": "+1 michael on validator/verifier use..
", "time": "2024-11-05T09:50:00Z"}, {"author": "Rahel Fainchtein", "text": "In response to Juan Carlos' question I think we also need to be careful when it comes to whether what the law requires could be dangerous. Law makers are not technologists and sometimes what the law says does not align well with the technical needs and definitions.
", "time": "2024-11-05T09:50:28Z"}, {"author": "Stephen Farrell", "text": "+1 to woddy, we're overcomplicating things
", "time": "2024-11-05T09:50:34Z"}, {"author": "Alex Rosenberg", "text": "Imagine how wonderful it would be if this standard replaced all those barcode asset tags that every large organization slaps on things they own?
", "time": "2024-11-05T09:50:36Z"}, {"author": "Tommy Jensen", "text": "I agree, so long as the data being conveyed does not change the technical requirements of the protocol. That said, we have observed that it can: \"protective\" use cases bring in the \"don't reveal the validator to the asset\" requirement that otherwise is not present for other use cases
", "time": "2024-11-05T09:50:36Z"}, {"author": "Tommy Jensen", "text": "So I do think it's useful to describe what kinda of emblems need to be in scope, which may warrant multiple subdefinitions of different digital emblems
", "time": "2024-11-05T09:51:14Z"}, {"author": "Martin Thomson", "text": "Something to consider here is whether the thing that Bill described is new work in a new working group. We'll get to that as we get into the charter, but keep it in mind.
", "time": "2024-11-05T09:51:28Z"}, {"author": "Thomas Hardjono", "text": "Am I also correct in assuming that an Emblem belongs to the Issuer, and so there should be no Subject in the set of attributes. (the emblem JPEG file in the Subject).
", "time": "2024-11-05T09:51:55Z"}, {"author": "Michael Prorock", "text": "some of the statements seem to imply we are setting rules on verification of the \"thuthiness\" of the information, not the digital validity and that topic gets sticky
", "time": "2024-11-05T09:51:58Z"}, {"author": "Stephen Farrell", "text": "IMO it is a new set of attributes, pehaps marhalled in a new or old wway, still needs a new WG I think
", "time": "2024-11-05T09:52:05Z"}, {"author": "Rahel Fainchtein", "text": "@Tommy Jensen, fair
", "time": "2024-11-05T09:52:07Z"}, {"author": "Thomas Hardjono", "text": "the emblem JPEG file is the Subject
", "time": "2024-11-05T09:52:17Z"}, {"author": "Orie Steele", "text": "+1 Tommy seems like there is a good opportunity to consider types / subtypes / categories...
", "time": "2024-11-05T09:52:29Z"}, {"author": "Alex Rosenberg", "text": "@Tommy I think we're looking at a hierarchical system of optional data.
", "time": "2024-11-05T09:52:40Z"}, {"author": "Felix Linker", "text": "I feel that the term \"digital emblem\" is now burned because it got overused. Couldn't it be more beneficial to discuss the concrete problems we'd like to solve?
", "time": "2024-11-05T09:53:40Z"}, {"author": "Dennis Jackson", "text": "I think there's a bit of concept drift going on here. In many of the use cases that were discussed at the last BoF, there was no notion of authorisation or identity, which is quite unusual compared to the related working group like SPICE or what folks are coming to the mic to talk about here.
", "time": "2024-11-05T09:54:08Z"}, {"author": "Alex Rosenberg", "text": "@Felix We can bike shed that later. A placeholder name helps.
", "time": "2024-11-05T09:54:35Z"}, {"author": "Nick Doty", "text": "the emblemness should be the encoding of normative protection here. otherwise we are just talking about signed digital metadata, which covers such an enormous set of work, already in many other groups.
", "time": "2024-11-05T09:54:40Z"}, {"author": "Bill Woodcock", "text": "While I don't believe that we need to be talking about legal stuff in high-level definitions, I agree with Rohan that if we're going to talk about legal matters, \"handling\" is certainly more applicable than \"protections.\" The vast majority of legal uses are required markings, rather than protections.
", "time": "2024-11-05T09:55:51Z"}, {"author": "\u00c9ric Vyncke", "text": "@Nick agree, but this could be a simple URI to the protetion definition
", "time": "2024-11-05T09:56:10Z"}, {"author": "\u00c9ric Vyncke", "text": "@Bill 'handling' is indeed less loaded and more generic
", "time": "2024-11-05T09:56:30Z"}, {"author": "Andrew Campling", "text": "\u201c\u2026may convey protection under (international humanitarian) law\u201d?
", "time": "2024-11-05T09:57:35Z"}, {"author": "Nick Doty", "text": "@\u00c9ric, indeed, you can make it more generic, including making the protection just another URI or piece of metadata. that doesn't seem to help with scoping the work besides involving some form of digital metadata.
", "time": "2024-11-05T09:58:47Z"}, {"author": "Henk Birkholz", "text": "\"Digital Nameplates\" (including some associated attributes) for a well-defined set of digital assets under law sounds better than RATS Attestation Evidence/Endorsements about any type of digital asset.
", "time": "2024-11-05T09:58:59Z"}, {"author": "Martin Thomson", "text": "Warren's phrasing was \"informs the validator how they should treat the asset\"
", "time": "2024-11-05T09:58:59Z"}, {"author": "Bill Woodcock", "text": "Of the four proposed definitions on the screen, I think bindings are the most important thing that are missing. That aside, the top one is best, the second is second-best, and the third and fourth are not useful.
", "time": "2024-11-05T09:59:06Z"}, {"author": "Richard Wilhelm", "text": "and following up on @Bill's comment... it's (presumably) a local/situation/temporal decision as to how handling/protection decisions will be applied. But having the required marking is the key and most important first step
", "time": "2024-11-05T09:59:08Z"}, {"author": "Alex Rosenberg", "text": "I'd be thrilled if the optional protection/handling data could also identify that a particular data store might contain attorney-client privileged data, not just international humanitarian law.
", "time": "2024-11-05T09:59:12Z"}, {"author": "Bill Woodcock", "text": "So I'm largely in agreement with Warren.
", "time": "2024-11-05T09:59:19Z"}, {"author": "Stephen Farrell", "text": "FWIW, I still think the \"digital\" in \"digital asset\" isn't needed and may be distracting.
", "time": "2024-11-05T09:59:36Z"}, {"author": "Tommy Jensen", "text": "@Nick this was my point -- we can genericize \"digital emblem\" but that requires us to define sub terms so that we can describe a new WG scope as addressing \"___ digital emblems\" for example
", "time": "2024-11-05T09:59:51Z"}, {"author": "Bill Woodcock", "text": "Yes, \"digital\" is irrelevant.
", "time": "2024-11-05T10:00:22Z"}, {"author": "Martin Thomson", "text": "\"provides attributes that are verifiably linked to the asset and thereby convey information about how the issuer believes the asset should be treated\"
", "time": "2024-11-05T10:00:29Z"}, {"author": "Nick Doty", "text": "@Tommy +1, if we claim \"digital emblem\" is any form of signed metadata, then indeed we would spend most of our work defining subsets
", "time": "2024-11-05T10:00:29Z"}, {"author": "Emma Cunliffe", "text": "@ Stephen / Bill - apologies if I missed this in the chat. could you explain why? (I'm relatively new to this conversation but very intersted)
", "time": "2024-11-05T10:00:49Z"}, {"author": "Tommy Jensen", "text": "@Nick hence I think the legal aspect is necessary at the generic term, otherwise the list discussion around \"are DOI tags emblems?\" applies
", "time": "2024-11-05T10:01:11Z"}, {"author": "Jonathan Hoyland", "text": "@Emma I think the idea is that everything we do here is digital
", "time": "2024-11-05T10:01:36Z"}, {"author": "Bill Woodcock", "text": "Agreed, digital/physical is irrelevant.
", "time": "2024-11-05T10:01:49Z"}, {"author": "Bill Woodcock", "text": "@Emma: Everything we're communicating is communicated digitally, so we don't need to mention it there. And assets are assets, a few of them are digital, most are physical, so there's no need to talk about digital assets unless you're specifically talking about a digital asset, which only a few people are.
", "time": "2024-11-05T10:03:00Z"}, {"author": "Emma Cunliffe", "text": "forgive me if this was covered, but how do you (or do you not) draw a distinction between something that is a digital representation of something with a physical manifestation and something that only exists digitally?
", "time": "2024-11-05T10:03:01Z"}, {"author": "Bill Woodcock", "text": "@Emma: No need to.
", "time": "2024-11-05T10:03:14Z"}, {"author": "Thomas Hardjono", "text": "Am I correct in assuming that a trademarked logo is not an emblem in this BOF context?
", "time": "2024-11-05T10:03:25Z"}, {"author": "Tommy Jensen", "text": "@Emma that's the primary point of contention.
", "time": "2024-11-05T10:03:27Z"}, {"author": "Bill Woodcock", "text": "Just as there's no need to distinguish in HTTP between web sites which are about digital things and web sites which are about cats and web sites which are about abstract thoughts.
", "time": "2024-11-05T10:03:41Z"}, {"author": "Stephen Farrell", "text": "nick is pyhsically chopping (or digitally?) :-)
", "time": "2024-11-05T10:03:47Z"}, {"author": "Emma Cunliffe", "text": "@Bill - I thought that was in part the point of at least the Red Cross use case?
", "time": "2024-11-05T10:03:49Z"}, {"author": "Emma Cunliffe", "text": "@Thomas - yes
", "time": "2024-11-05T10:04:00Z"}, {"author": "Emma Cunliffe", "text": "(At least in the IHL use cases)
", "time": "2024-11-05T10:04:13Z"}, {"author": "Bill Woodcock", "text": "@Thomas: A trademarked logo is a trademarked logo. You could have a digital emblem which makes assertions about the binding of a logo to a person, place, thing, digital data at rest, digital data in transit, or an online service.
", "time": "2024-11-05T10:04:36Z"}, {"author": "Alex Rosenberg", "text": "@Thomas -- I don't see why the data can't also provide reference to a trademarked logo that applies to an asset.
", "time": "2024-11-05T10:04:53Z"}, {"author": "Bill Woodcock", "text": "@Emma: Digital assets are a minor use case for many of the issuers. The ICRC is one of thousands of potential issuers.
", "time": "2024-11-05T10:05:11Z"}, {"author": "Emma Cunliffe", "text": "True
", "time": "2024-11-05T10:05:32Z"}, {"author": "Stephen Farrell", "text": "@emma: for me the \"digital\" in \"digital asset\" isn't needed because all digital things require some physical thing (e.g. storage).
", "time": "2024-11-05T10:05:33Z"}, {"author": "Thomas Hardjono", "text": "So for a trademarked logo in the US, the Issuer would be the USPTO (?)
", "time": "2024-11-05T10:05:50Z"}, {"author": "Hollie Johnston", "text": "bearing in mind @bill that the ICRC is not the only component of the Red Cross. There are also 191 National Red Cross or Red Crescent National Societies who would use the emblem (as they do with the physical emblems) plus all military medical personnel and objects of all states (countries) and more
", "time": "2024-11-05T10:06:56Z"}, {"author": "Nick Doty", "text": "I don't think we need to distinguish types of assets as much as ways of interacting. how you interact with assets is useful and quite different -- you are interacting with it digitally or you are interacting with it physically
", "time": "2024-11-05T10:07:05Z"}, {"author": "Stephen Farrell", "text": "+1 to nick: wrt types of assets point
", "time": "2024-11-05T10:07:36Z"}, {"author": "Benjamin Ang", "text": "I suggest that the attacker can \"bump\" into the digital emblem if it is one of the immediately visible default attributes e.g. filename, directory entry, folder name
", "time": "2024-11-05T10:08:01Z"}, {"author": "Emma Cunliffe", "text": "(And I am here on behalf of Blue Shield International, which is the cultural equivalent of the Red Cross, with National Committees round the world, and we have the blue shield emblem, dictated under a different part of IHL to the Red Cross. We're very interested in protection of digital heritage, e.g. online museums, etc)
", "time": "2024-11-05T10:08:19Z"}, {"author": "Samit D'Cunha", "text": "Indeed. And just to add to what @Hollie said, all 191 National Societies and all 194 states party to the Geneva conventions agree that there is a need for a digital red cross/crescent/crystal and made this point last week by unanimously adopting a Resolution addressing it.
", "time": "2024-11-05T10:08:32Z"}, {"author": "Martin Thomson", "text": "OK, I'm glad we poked on this a little more. This is constructive discussion.
", "time": "2024-11-05T10:08:42Z"}, {"author": "Nick Doty", "text": "+1 tommy (the point I've been trying to make) how you contact it makes for very different implications in protocol design
", "time": "2024-11-05T10:08:46Z"}, {"author": "Daniel Gillmor", "text": "+1 to Tommy's observation about what makes a protective emblem different from other credential systems
", "time": "2024-11-05T10:09:29Z"}, {"author": "Felix Linker", "text": "100% agree with what Dennis said. Would have said the same (but worse)
", "time": "2024-11-05T10:09:35Z"}, {"author": "Bill Woodcock", "text": "@Tommy, are you really saying that we need two working groups, one to handle DEs conveyed in the optical spectrum, and one in the EM spectrum?
", "time": "2024-11-05T10:10:08Z"}, {"author": "Bill Woodcock", "text": "That seems incredibly over-specific to me.
", "time": "2024-11-05T10:10:16Z"}, {"author": "Alex Rosenberg", "text": "@Nick -- I think Bill's presentation at the last BoF touched on that -- there several means to receive data that is a standardized payload.
", "time": "2024-11-05T10:10:22Z"}, {"author": "Tommy Jensen", "text": "@Bill either that or specific milestones within a single WG. Yes, the differences in conveyance warrant a difference, the same way HTTP and OHTTP are different
", "time": "2024-11-05T10:11:14Z"}, {"author": "Alex Rosenberg", "text": "@Tommy -- I think it would be a huge miss if the data payloads were different for those examples.
", "time": "2024-11-05T10:12:16Z"}, {"author": "Nick Doty", "text": "@Alex there are many use cases that involve different ways of communicating metadata. they are quite different and would require different protocol designs and work (whether it's work about describing bindings to physical or it's work about communicating to cyberattackers)
", "time": "2024-11-05T10:12:16Z"}, {"author": "Bill Woodcock", "text": "@Tommy, sure, I think there will be lots of such milestones within a working group... since they don't have any impact upon the data format, though, I don't see them warranting different working groups.
", "time": "2024-11-05T10:12:19Z"}, {"author": "Tommy Jensen", "text": "Data format, yes, but conveyance will be the most difficult part for some use cases. Format is the thing the new WG will do the least novel work on (we will reuse existing work it sounds like)
", "time": "2024-11-05T10:13:04Z"}, {"author": "Bill Woodcock", "text": "@Nick, can you support that assertion? i.e. why they require anything other than record types within the protocol?
", "time": "2024-11-05T10:13:28Z"}, {"author": "Tommy Jensen", "text": "@Alex OHTTP and HTTP don't differ a lot on format, but they do on conveyance, just like this topic, because OHTTP wants to anonymize the client from the server
", "time": "2024-11-05T10:13:32Z"}, {"author": "Tommy Jensen", "text": "hence it has ohai v. httpbis
", "time": "2024-11-05T10:14:05Z"}, {"author": "Bill Woodcock", "text": "The difference between a \"holder\" and an \"asset\" is that the asset is the thing bound to, but it isn't necessarily \"holding\" the DE.
", "time": "2024-11-05T10:15:24Z"}, {"author": "Tommy Jensen", "text": "@chairs at what point do we need to bring up the charter given this discussion has hit the expected dependency between terminology and charter scope?
", "time": "2024-11-05T10:15:49Z"}, {"author": "Bill Woodcock", "text": "As in many of the UNESCO use cases, much of the point is that they're not physically associated with each other.
", "time": "2024-11-05T10:16:03Z"}, {"author": "Stephen Farrell", "text": "I can see some attribute(s) might reflect expected-treatment, not sure that'd always be needed though, could be implicit in other bits of the emblem though
", "time": "2024-11-05T10:17:04Z"}, {"author": "Kathleen Moriarty", "text": "@Stephen agree, as long as it is defined
", "time": "2024-11-05T10:17:33Z"}, {"author": "Nick Doty", "text": "@Bill the work you seem to be interested in on how to communicate all the different ways to bind a record to a physical container or person or geography or movement or sphere or time -- is quite specific, not just a record type or parameter
", "time": "2024-11-05T10:17:42Z"}, {"author": "Bill Woodcock", "text": "@Stephen: Yeah, as Brian is saying right now... If something is handled under Vienna 1961, that implies all of the treatments, for instance.
", "time": "2024-11-05T10:17:54Z"}, {"author": "Bill Woodcock", "text": "But it might have additional special requested treatments, like \"call us if it arrives damaged.\"
", "time": "2024-11-05T10:18:13Z"}, {"author": "\u00c9ric Vyncke", "text": "@stephen let's add an indirection by adding a list of external 'handling procedures'
", "time": "2024-11-05T10:18:18Z"}, {"author": "Bill Woodcock", "text": "@Nalini: Selective disclosure handles that.
", "time": "2024-11-05T10:18:46Z"}, {"author": "Bill Woodcock", "text": "@Eric: Yeah, that was in the draft that included the catalog of record types.
", "time": "2024-11-05T10:19:23Z"}, {"author": "Sarah Jennings", "text": "For many protections conveyed under IHL, the protective treatment is context dependent (during conflict vs not being the obvious one) - so it seems to me that the emblem should signal that there is some protection/affiliation rather than what can/can't be done
", "time": "2024-11-05T10:19:27Z"}, {"author": "Michaela Shapiro", "text": "+1 dkg!
", "time": "2024-11-05T10:19:40Z"}, {"author": "Felix Linker", "text": "+1 as well
", "time": "2024-11-05T10:19:47Z"}, {"author": "Bill Woodcock", "text": "@Sarah, yeah, absolutely.
", "time": "2024-11-05T10:19:57Z"}, {"author": "Nick Doty", "text": "+100 dkg. protective, digital (assets interacted with digitally)
", "time": "2024-11-05T10:20:00Z"}, {"author": "Tommy Jensen", "text": "@Sarah I think we have some wide agreement on that aspect, i.e. \"this asset is protected under ____\" not \"this asset cannot be subjected to DDoS\" and interpreting the ____ law is out of our scope
", "time": "2024-11-05T10:20:18Z"}, {"author": "Andrew Campling", "text": "+1 Sarah
", "time": "2024-11-05T10:20:23Z"}, {"author": "Tommy Jensen", "text": "+1 to DKG, which essentially means moving to the next section of the BoF (which I see the queue is closed and therefore is probably happening soon)
", "time": "2024-11-05T10:20:57Z"}, {"author": "Jon Geater", "text": "Having spent a couple years leading the security WG at the Digital Twin Consortium I am quite sure that tackling physical and digital together is a road to not finishing anything :-/
", "time": "2024-11-05T10:22:04Z"}, {"author": "Felix Linker", "text": "I think that physical use cases are important and worth working on, but is this the right working group? So even if we have many people in the room who would like to work on this, this doesn't mean it should happen _here_.
", "time": "2024-11-05T10:22:23Z"}, {"author": "Daniel Gillmor", "text": "I hear your pain, Jon :hurt:
", "time": "2024-11-05T10:22:27Z"}, {"author": "Jon Geater", "text": "even if you have a great digital twin for the physical item, it\u2019s still the twin you\u2019re interacting with
", "time": "2024-11-05T10:22:34Z"}, {"author": "Nick Doty", "text": "@Jon :)
", "time": "2024-11-05T10:22:36Z"}, {"author": "Tommy Jensen", "text": "@jon +1
", "time": "2024-11-05T10:22:46Z"}, {"author": "Arnaud Taddei", "text": "+1 Jon
", "time": "2024-11-05T10:22:53Z"}, {"author": "Felix Linker", "text": "and also @jon +1
", "time": "2024-11-05T10:22:56Z"}, {"author": "Arnaud Taddei", "text": "+1 Sarah
", "time": "2024-11-05T10:22:57Z"}, {"author": "Bill Woodcock", "text": "@Jon, not in most cases here. In most cases here, the verifier is face-to-face with the asset, and is trying to use the bindings to determine whether the DE is associated with the asset.
", "time": "2024-11-05T10:23:56Z"}, {"author": "Daniel Gillmor", "text": "Rohan, thanks for the reminder about acronyms, my bad.
", "time": "2024-11-05T10:24:06Z"}, {"author": "Hollie Johnston", "text": "@Samit mentioned the protective use of the emblem - ie the object / person displaying the emblem is protected under international humanitarian law (and thus must not be attacked - attacking would be a war crime). There is also the indicative use of the emblem (and ideally of a digital emblem) which (under international humanitarian law) indicates that an entity is part of the International Red Cross and Red Crescent Movement.
", "time": "2024-11-05T10:24:11Z"}, {"author": "Olaf Kolkman", "text": "The requirement that the validator is not disclosed is there consensus for that from previous BoF?
", "time": "2024-11-05T10:24:18Z"}, {"author": "Stephen Farrell", "text": "@felix: ISTM just distracting to want to only apply to a \"digital asset\"
", "time": "2024-11-05T10:24:29Z"}, {"author": "Benjamin Ang", "text": "I'm going to agree with @Samit and build on what he said
", "time": "2024-11-05T10:24:43Z"}, {"author": "Bill Woodcock", "text": "@Olaf, that's a very corner use-case, and all of the selective-disclosure stuff handles that.
", "time": "2024-11-05T10:24:54Z"}, {"author": "Stephen Farrell", "text": "I understood the poll 'till @mt explained it
", "time": "2024-11-05T10:25:21Z"}, {"author": "Arnaud Taddei", "text": "Agree with DKG my understanding is RUSS explaination
", "time": "2024-11-05T10:26:00Z"}, {"author": "Nick Doty", "text": "for people following digital credentials \"selective disclosure\" means something very different than what Olaf and others have referred to about hiding the verifier
", "time": "2024-11-05T10:26:34Z"}, {"author": "Bill Woodcock", "text": "...and this isn't a conversation about digital credentials.
", "time": "2024-11-05T10:26:59Z"}, {"author": "Bill Woodcock", "text": "An issuer can selectively disclose a DE to potential validators.
", "time": "2024-11-05T10:27:13Z"}, {"author": "Nick Doty", "text": "yes, but re-using most of the terminology but having it be totally different is intentionally confusing
", "time": "2024-11-05T10:27:29Z"}, {"author": "Nick Doty", "text": "per dkg, I think \"protective\" is more important than whether codified in law
", "time": "2024-11-05T10:28:23Z"}, {"author": "Tommy Jensen", "text": "@Nick third show of hands?
", "time": "2024-11-05T10:28:47Z"}, {"author": "Emma Cunliffe", "text": "@Nick - for IHL - emblems themselves do not confer protection. the facilitate identification of protected assets.
", "time": "2024-11-05T10:29:12Z"}, {"author": "Emma Cunliffe", "text": "as long as that distinction is clear?
", "time": "2024-11-05T10:29:25Z"}, {"author": "Bill Woodcock", "text": "@Nick: phytosanitary certification is \"codified in law\" but not \"protective.\"
", "time": "2024-11-05T10:29:33Z"}, {"author": "Stephen Farrell", "text": "'case it helps: WRT 1st poll, I hit \"yes\" but think it's ok for a WG that others prefer \"no\"
", "time": "2024-11-05T10:30:02Z"}, {"author": "Daniel Gillmor", "text": "Jensen said: how validated, how conveyed, how discovered. I think we need to add \"how is it scoped?\"
", "time": "2024-11-05T10:31:26Z"}, {"author": "Nick Doty", "text": "@Emma thanks for helping to clarify language! I think it's important to remind us that the use can be protective, and it does that by indicating or signaling.
", "time": "2024-11-05T10:32:22Z"}, {"author": "Orie Steele", "text": "I like these goals
", "time": "2024-11-05T10:32:25Z"}, {"author": "Kathleen Moriarty", "text": "For the second poll, codified in law is outside of our control and can be region dependent. As such, placeholders to accommodate it are ok, but not a reliance.
", "time": "2024-11-05T10:32:39Z"}, {"author": "Stephen Farrell", "text": "the text between \"(1)\" and \"(2)\" seems confusing, if means \"identify requirements by talking to real users/orgs\" that's fine
", "time": "2024-11-05T10:32:43Z"}, {"author": "Daniel Gillmor", "text": "that is, an emblem conveyed and discovered by a client during a TLS handshake: does it cover that TLS session? does it cover the TLS listening service? does it cover the domain name associated with the service? the computer that operates the service? the backend databases (possibly on another server) associated with that TLS session?
", "time": "2024-11-05T10:32:48Z"}, {"author": "Bill Woodcock", "text": "@Kathleen: Completely agreed.
", "time": "2024-11-05T10:32:59Z"}, {"author": "Emma Cunliffe", "text": "@Nick - thanks. it's important, as otherwise no emblem is taken to mean not protected, which is not the case.
", "time": "2024-11-05T10:33:04Z"}, {"author": "Felix Linker", "text": "@Daniel: Agreed.
", "time": "2024-11-05T10:33:12Z"}, {"author": "Richard Barnes", "text": "i really do not understand this digital vs. physical question. we don't do physical stuff here.
", "time": "2024-11-05T10:33:15Z"}, {"author": "Nick Doty", "text": "@emma absolutely, thanks
", "time": "2024-11-05T10:33:21Z"}, {"author": "Daniel Gillmor", "text": "Barnes++
", "time": "2024-11-05T10:33:28Z"}, {"author": "Samit D'Cunha", "text": "Completely agree with @Emma
", "time": "2024-11-05T10:33:34Z"}, {"author": "Bill Woodcock", "text": "@Daniel: people, places, things, digital data at rest, digital data in transit, or online services.
", "time": "2024-11-05T10:33:41Z"}, {"author": "Daniel Gillmor", "text": "Bill, that's a great list -- how does it apply to these emblems.
", "time": "2024-11-05T10:33:56Z"}, {"author": "Bill Woodcock", "text": "@Richard: But we do protocols which can be used to discuss physical things. That's what's being discussed here.
", "time": "2024-11-05T10:34:09Z"}, {"author": "Tommy Jensen", "text": "@DKG to adding the scope, yes agreed.
", "time": "2024-11-05T10:34:32Z"}, {"author": "Bill Woodcock", "text": "@Daniel: That's the list of categories of things that DEs can be applied to.
", "time": "2024-11-05T10:34:35Z"}, {"author": "Nick Doty", "text": "I admire the effort from Tommy and Brian on trying to do the combined generic charter, despite the confusion and conflicts we get into with it.
", "time": "2024-11-05T10:34:37Z"}, {"author": "Daniel Gillmor", "text": "and what does it mean to protect \"digital data at rest\"? are we talking about confidentiality protections? data destruction protections? modification protections?
", "time": "2024-11-05T10:34:39Z"}, {"author": "Bill Woodcock", "text": "So, protocols per se aren't on that list right now.
", "time": "2024-11-05T10:34:42Z"}, {"author": "Bill Woodcock", "text": "But web sites and data are.
", "time": "2024-11-05T10:34:46Z"}, {"author": "Alex Rosenberg", "text": "I'd like to see us talking about hierarchical and extensible protocols/formats and not exclude possible future extensions by narrowing scope too tightly.
", "time": "2024-11-05T10:35:13Z"}, {"author": "Bill Woodcock", "text": "@Daniel: \"Protection\" isn't a thing. this is a marking, not a protection.
", "time": "2024-11-05T10:35:14Z"}, {"author": "Tommy Jensen", "text": "@Nick thanks, we are having a good time (:
", "time": "2024-11-05T10:35:17Z"}, {"author": "Bill Woodcock", "text": "@Alex +1
", "time": "2024-11-05T10:35:29Z"}, {"author": "Daniel Gillmor", "text": "Alex, that sounds like a recipe for something that won't complete, or will have so many side effects that we can't figure out how to safely apply it.
", "time": "2024-11-05T10:35:58Z"}, {"author": "Rahel Fainchtein", "text": "Could we start with an initial (possibly tentative) scope and then based on what we encounter revisit it at later points in time?
", "time": "2024-11-05T10:36:16Z"}, {"author": "Alex Rosenberg", "text": "+1 to Rahel
", "time": "2024-11-05T10:36:27Z"}, {"author": "Daniel Gillmor", "text": "Rahel, yes. updating charters is a thing.
", "time": "2024-11-05T10:36:30Z"}, {"author": "Tommy Jensen", "text": "@Rahel that's definitely one option (ordered milestones of a WG)
", "time": "2024-11-05T10:36:35Z"}, {"author": "Nick Doty", "text": "@dkg +1
", "time": "2024-11-05T10:36:38Z"}, {"author": "Bill Woodcock", "text": "@Daniel: SNMP.
", "time": "2024-11-05T10:36:39Z"}, {"author": "Andrei Popov", "text": "Digital assets and physical assets are different, for the purposes of labeling: they convey labels in fundamentally different ways. IMHO, it does not make sense to cover both digital and physical labeling in the same WG.
", "time": "2024-11-05T10:36:48Z"}, {"author": "Martin Thomson", "text": "Expanding scope is far easier than reducing it
", "time": "2024-11-05T10:36:51Z"}, {"author": "Alex Rosenberg", "text": "+1 Bill. SNMP is a great example.
", "time": "2024-11-05T10:36:56Z"}, {"author": "Tommy Jensen", "text": "(and it's an option I would support, rechartering is a valid thing)
", "time": "2024-11-05T10:37:02Z"}, {"author": "Andrew Campling", "text": "International law or international humanitarian law?
", "time": "2024-11-05T10:37:10Z"}, {"author": "Tommy Jensen", "text": "+1 Martin
", "time": "2024-11-05T10:37:16Z"}, {"author": "Stephen Farrell", "text": "@andrei: I don't understand why you think that fwiw
", "time": "2024-11-05T10:37:17Z"}, {"author": "\u00c9ric Vyncke", "text": "@Peter indeed the 'international' word is probably too much
", "time": "2024-11-05T10:37:25Z"}, {"author": "Daniel Gillmor", "text": "YANG is also a great example. we can be so generic that we don't produce anything useful for the folks with immediate concerns that initiated this discussion.
", "time": "2024-11-05T10:37:31Z"}, {"author": "Tommy Jensen", "text": "@Andrew law, not even \"international\"
", "time": "2024-11-05T10:37:35Z"}, {"author": "Richard Barnes", "text": "To the point @Andrei Popov makes -- IETF will never define physical labels. we might define how a digital structure can state that it goes with a physical asset, i guess?
", "time": "2024-11-05T10:38:10Z"}, {"author": "Dennis Jackson", "text": "@Stephen Farrell - I think there's a pretty strong technical difference. Physical labelling is a completely different set of bindings and to my mind, not part of the IETF.
", "time": "2024-11-05T10:38:19Z"}, {"author": "Bill Woodcock", "text": "@Andrew: A stoplight is municipal law, not international law or international humanitarian law.
", "time": "2024-11-05T10:38:25Z"}, {"author": "Daniel Gillmor", "text": "Stephen: i don't think we even know how to describe the scope of the \"digital assets\" we're talking about. describing the scope of a physical asset is even harder, and we have even less expertise.
", "time": "2024-11-05T10:38:38Z"}, {"author": "Tommy Jensen", "text": "(yes, I know it says that, but list discussion favored genericizing, I just didn't get proposed PRs yet since we were about to have this meeting,)
", "time": "2024-11-05T10:38:40Z"}, {"author": "Bill Woodcock", "text": "@Dennis: That's correct, we don't need to duplicate work that's already been done on, for instance, QRcodes, or printed language.
", "time": "2024-11-05T10:39:04Z"}, {"author": "Bill Woodcock", "text": "We do need to specify data formatting, though.
", "time": "2024-11-05T10:39:16Z"}, {"author": "Stephen Farrell", "text": "@dennis: sure the emblem/label defined here would always a digital artefact but why do we care whether the thing labelled is physical or not? I just don't get it. (And yes, we don't print and glue 'em but that's different)
", "time": "2024-11-05T10:39:29Z"}, {"author": "Richard Barnes", "text": "given that the prior art is entirely unconstrained by technical controls, i wonder if all the crypto-ish proposals here are over-thinking it, and we really just need a single standard byte string (or a template for them) and a way to shove it different places.
", "time": "2024-11-05T10:40:19Z"}, {"author": "Rohan Mahy", "text": "I like the current charter text, but I think we should say something like.
\n\"The Working Group will initially consider Use Cases which <fill in the blanks>, and use cases with a strict subset of those requirements.\"
Digital artefacts bind to digital interfaces or identifiers (e.g. presentation on a particular port, or binding to a particular IP address). If the labelling thing is physical, it needs a presentation interface and a binding to that particular physical object.
", "time": "2024-11-05T10:40:49Z"}, {"author": "Hollie Johnston", "text": "An example of a use case could be the digital infrastructure of a physical hospital (operating in armed conflict and thus protected under international humanitarian law).
", "time": "2024-11-05T10:40:52Z"}, {"author": "Bill Woodcock", "text": "@Richard: Yeah, just like we don't need to redefine QRcodes, we also don't need to reinvent cryptography.
", "time": "2024-11-05T10:41:00Z"}, {"author": "Will Earp", "text": "This is about the verification mechanism of properties that are attached to a digital asset, the use case will be different depending on the asset and the attached properties, which could be infinite, getting that to work would be about a common understanding of the what the attributes mean and how they are handled, and this is surely out of the scope of this currently.
", "time": "2024-11-05T10:41:13Z"}, {"author": "Richard Barnes", "text": "@Bill Woodcock i'm questioning whether we need any cryptography at all
", "time": "2024-11-05T10:41:16Z"}, {"author": "Stephen Farrell", "text": "@dennis: I don't understand \"If the labelling thing is physical, it needs a presentation interface and a binding to that particular physical object.\"
", "time": "2024-11-05T10:41:20Z"}, {"author": "Tommy Jensen", "text": "@rohan I would support that. Same or diff WGs is not as interesting to me as defining a starting goal that is achievable without boiling the ocean for the third work area in the charter
", "time": "2024-11-05T10:41:24Z"}, {"author": "Martin Thomson", "text": "Dennis, the question here is to what extent whether that distinction is important in setting WG scope.
", "time": "2024-11-05T10:41:30Z"}, {"author": "Richard Barnes", "text": "vs just literally b\"ICRC ASSET\"
", "time": "2024-11-05T10:41:34Z"}, {"author": "Bill Woodcock", "text": "@Richard: I'm just saying that's work already done, we can inherit it.
", "time": "2024-11-05T10:41:40Z"}, {"author": "Nick Doty", "text": "@rlb I think there are reasons for signing that are specific to digital application, but it is worth considering how it could be usable even without a specific signed issuer
", "time": "2024-11-05T10:41:59Z"}, {"author": "Emma Cunliffe", "text": "@Stephen - I assume it relates to the person who places it (not your problem) - but e.g. a pysical library might be protected, but the digitised back up might not be. So it could cause confusion about what is protected if someone then placed a digital emblem in cyberspace (spot the entirely non-technical person in the room). But as i said, I assume that's more an issue of correct guidance in use authorisation? Maybe?
", "time": "2024-11-05T10:41:59Z"}, {"author": "Martin Thomson", "text": "Bill, I don't think that you are answering the question Richard has.
", "time": "2024-11-05T10:42:04Z"}, {"author": "Richard Barnes", "text": "@Bill Woodcock certainly there's plenty of cryptography, but even taking something off the shelf could be counterproductive
", "time": "2024-11-05T10:42:18Z"}, {"author": "Orie Steele", "text": "I read the intro as essentially: emblems convey attestations, different types of attestations or attestations about different subjects are in scope, these attestations are recognized in law today in different forms, and the working group is enabling their conveyance in IETF protocols, in their new digital form.
", "time": "2024-11-05T10:42:24Z"}, {"author": "Bill Woodcock", "text": "@Richard: My focus is almost entirely on the binding. What the issuer wants to convey to the validator, beyond the binding, I really don't care.
", "time": "2024-11-05T10:42:26Z"}, {"author": "Richard Barnes", "text": "(and i'm also not really talking about scope, so i may just be a distraction)
", "time": "2024-11-05T10:42:32Z"}, {"author": "Dennis Jackson", "text": "(deleted)
", "time": "2024-11-05T10:42:53Z"}, {"author": "Emma Cunliffe", "text": "@Richard \"vs just literally b\"ICRC ASSET\"\"
\nNot identifying the person who places the emblem is crucial
", "time": "2024-11-05T10:43:15Z"}, {"author": "Stephen Farrell", "text": "@emma: I don't get why there'd be confusion - either the emblem clearly refers to something or it's unclear and a bad emblem (regardless of whether the thing referred to is physical or not)
", "time": "2024-11-05T10:43:16Z"}, {"author": "Richard Barnes", "text": "@Bill yeah, i think that's actually the interesting thing here
", "time": "2024-11-05T10:43:19Z"}, {"author": "Richard Barnes", "text": "@Emma Cunliffe thanks for the clarification. something like b\"IHL PROTECTED ASSET\" maybe
", "time": "2024-11-05T10:43:58Z"}, {"author": "Casey Deccio", "text": "With regard to cryptography, it would be important not only to be able to validate that a given digital emblem goes along with an asset but also that the digital emblem has not been forged or tampered with.
", "time": "2024-11-05T10:44:37Z"}, {"author": "Bill Woodcock", "text": "@Emma: In many cases, it's irrelevant, in some cases it should be anonymous, in other cases it's critical information.
", "time": "2024-11-05T10:44:37Z"}, {"author": "Brian Haberman", "text": "@Bill Isn't binding and delivery?
", "time": "2024-11-05T10:44:37Z"}, {"author": "Andrew Campling", "text": "+1 to keeping it simple and getting something done
", "time": "2024-11-05T10:44:38Z"}, {"author": "Felix Linker", "text": "+1 as well
", "time": "2024-11-05T10:44:45Z"}, {"author": "Bill Woodcock", "text": "@Brian: We have a lot of ways of delivering, but yes, standardizing that is good. :-)
", "time": "2024-11-05T10:45:00Z"}, {"author": "Stephen Farrell", "text": "text on screen seems fine
", "time": "2024-11-05T10:45:16Z"}, {"author": "Rohan Mahy", "text": "I believe that the press use case is a good bench mark. Are the ICRC requirements a strict subset of the press requirements?
", "time": "2024-11-05T10:45:46Z"}, {"author": "Richard Barnes", "text": "_emblem TXT \"IHL PROTECTED ASSET\"
@Richard the door is that way
", "time": "2024-11-05T10:46:09Z"}, {"author": "Bill Woodcock", "text": "@Richard: That doesn't address the binding at all. What does it apply to, and how do we validate it?
", "time": "2024-11-05T10:46:25Z"}, {"author": "Will Earp", "text": "I do think it should be abstract, but should be developed using a specific use case
", "time": "2024-11-05T10:46:29Z"}, {"author": "Rohan Mahy", "text": "Richard Barnes said:
\n\n\nBill Woodcock i'm questioning whether we need any cryptography at all
\n
If we take that approach we might as well just set the evil bit. The no crypto approach isn't going to solve any interesting use cases.
", "time": "2024-11-05T10:46:43Z"}, {"author": "Dennis Jackson", "text": "Richard - I'm not sure how useful it is to discuss the solutions at this point. But fwiw, ADEM, the ICRC precursor design has both crypto and no-crypto modes.
", "time": "2024-11-05T10:47:21Z"}, {"author": "Richard Barnes", "text": "@Rohan Mahy my point is that the current \"paint on a truck\" approach has exactly the same technical properties as the evil bit.
", "time": "2024-11-05T10:47:23Z"}, {"author": "Nick Doty", "text": "discovery, binding and validation will all differ if we try to generically cover every possible use case. those are true statements for the charter. it isn't very helpful in setting a narrow scope for work. I'm fine with it if we want, but it's making it hard for us.
", "time": "2024-11-05T10:47:26Z"}, {"author": "Bill Woodcock", "text": "@Rohan, I agree, I'm just saying that we don't need to reinvent cryptography, merely specify an approach which includes already-developed cryptography. As in the DNSSEC / TLS approaches used by implementors thus far.
", "time": "2024-11-05T10:47:36Z"}, {"author": "Rohan Mahy", "text": "Rohan Mahy said:
\n\n\nRichard Barnes said:
\n\n\nBill Woodcock i'm questioning whether we need any cryptography at all
\nIf we take that approach we might as well just set the evil bit. The no crypto approach isn't going to solve any interesting use cases.
\n
To be clear, I don't think we need to define any new crypto, but we do need to use our existing tools
", "time": "2024-11-05T10:47:38Z"}, {"author": "\u00c9ric Vyncke", "text": "Unsure whether 'audit' should be in scope
", "time": "2024-11-05T10:47:55Z"}, {"author": "Martin Thomson", "text": "I have questions about repudiability.
", "time": "2024-11-05T10:48:20Z"}, {"author": "Rohan Mahy", "text": "Richard Barnes said:
\n\n\nRohan Mahy my point is that the current \"paint on a truck\" approach has exactly the same technical properties as the evil bit.
\n
The threat model for paint on a truck is different than the threat models for the use cases we have discussed in this BoF
", "time": "2024-11-05T10:48:31Z"}, {"author": "Daniel Gillmor", "text": "I agree with \u00c9ric. let's focus on the \"indicator of protection\" use case.
", "time": "2024-11-05T10:48:33Z"}, {"author": "Martin Thomson", "text": "But those questions seem secondary to the more immediate ones.
", "time": "2024-11-05T10:48:35Z"}, {"author": "Stephen Farrell", "text": "to posit another example here where I'm confused: if a USB stick contains an emblem in a file, it's not clear to me how that emblem defines which other things stored on the USB stick are \"covered\" (or if the physical stick itself is claimed to be \"covered\")
", "time": "2024-11-05T10:48:35Z"}, {"author": "Nick Doty", "text": "@rlb the key principle is accountability. in the paint on a truck use case, there are physical means to try to identify misuse and respond to it. in the digital case, that might be harder if there is no cryptography applied
", "time": "2024-11-05T10:48:38Z"}, {"author": "\u00c9ric Vyncke", "text": "@stephen isn't it the 'binding' part ?
", "time": "2024-11-05T10:49:11Z"}, {"author": "Daniel Gillmor", "text": "Stephen: yes, the question of what the emblem applies to is much thornier than any of the vocabulary twiddling we're doing here now.
", "time": "2024-11-05T10:49:19Z"}, {"author": "Jonathan Hoyland", "text": "Some kind of transparency log might be one way of protecting against misuse
", "time": "2024-11-05T10:49:35Z"}, {"author": "Richard Barnes", "text": "Bill Woodcock said:
\n\n\n@Richard: That doesn't address the binding at all. What does it apply to, and how do we validate it?
\n
Answering those questions still doesn't require cryptography. For example, you could define an EDNS parameter that says \"the results in this response are protected by IHL\".
", "time": "2024-11-05T10:49:48Z"}, {"author": "Nick Doty", "text": "@jonathan, +1
", "time": "2024-11-05T10:49:51Z"}, {"author": "Richard Barnes", "text": "(doesn't require cryptography, just clear semantics)
", "time": "2024-11-05T10:50:09Z"}, {"author": "Bill Woodcock", "text": "@Stephen: Are you binding the emblem to the physical USB stick or a file on it? Those are two different things (thing vs data-at-rest).
", "time": "2024-11-05T10:50:29Z"}, {"author": "Jessica Krynitsky", "text": "@Richard Barnes wouldn't that be too easy to spoof and would render it meaningless?
", "time": "2024-11-05T10:50:35Z"}, {"author": "Michael Christie", "text": "Rohan Mahy said:
\n\n\nI believe that the press use case is a good bench mark. Are the ICRC requirements a strict subset of the press requirements?
\n
Rohan, I think the press case and ICRC case are a little distinct - press aren't as directly protected by international law, and would use digital press emblems in very selective circumstances, given concerns about tracking, targeting etc. Could one be a subset of the other? Possibly, so long as there is flexibility.
", "time": "2024-11-05T10:51:07Z"}, {"author": "Henk Birkholz", "text": "If diems should be really trustworthy, that is rats, if you do signature Checking that is well-known
", "time": "2024-11-05T10:51:13Z"}, {"author": "Felix Linker", "text": "@Jonathan: Auditability as you just presented it is certainly a requirement for the Red Cr* use-case.
", "time": "2024-11-05T10:51:26Z"}, {"author": "Stephen Farrell", "text": "@woody: I'm not \"binding\" myself just asking that to try understand how people consider things might work
", "time": "2024-11-05T10:51:31Z"}, {"author": "Bill Woodcock", "text": "@Stephen: Yes, that was what I was trying to address... Those would be two different emblems, and the latter wouldn't apply to other files on the same file system.
", "time": "2024-11-05T10:52:09Z"}, {"author": "Nick Doty", "text": "we could be more specific about requirements, like Jonathan has referred to. for example:
\n authenticatable by multiple, decentralized sources;
\n covert inspection;
\n extendable and removable;
\n accountable for misuse;
\n resilient and implementable, including in times of conflict.
+1 Ted
", "time": "2024-11-05T10:52:25Z"}, {"author": "Daniel Gillmor", "text": "+1 to Ted: we need to explicitly talk about scope of applicability for an emblem.
", "time": "2024-11-05T10:52:25Z"}, {"author": "Kathleen Moriarty", "text": "@Henk A CA issued certificate and keys can also be considered trustworthy
", "time": "2024-11-05T10:52:29Z"}, {"author": "Bill Woodcock", "text": "Three methods have been proposed for associating DEs with data-at-rest.
", "time": "2024-11-05T10:52:29Z"}, {"author": "Jonathan Hoyland", "text": "Because also, if the audit logs are public then you can check whether an asset is protected by downloading the log, without interacting with the asset at all.
", "time": "2024-11-05T10:52:54Z"}, {"author": "Arnaud Taddei", "text": "Nick to continue your path above, where do you put Auditability?
", "time": "2024-11-05T10:53:16Z"}, {"author": "Kathleen Moriarty", "text": "I disagree with Henk
", "time": "2024-11-05T10:53:19Z"}, {"author": "Bill Woodcock", "text": "@Jonathan: That's a use-case, and Whiteflag addresses it. DOesn't need to be in-scope for this protocol.
", "time": "2024-11-05T10:53:23Z"}, {"author": "Kathleen Moriarty", "text": "RATS should not be considered more trustworthy or believable than PKI
", "time": "2024-11-05T10:53:42Z"}, {"author": "Martin Thomson", "text": "Kathleen, do you want to come to the mic and say something?
", "time": "2024-11-05T10:53:48Z"}, {"author": "Jessica Krynitsky", "text": "@Nick Doty agreed, I don't think the proposed charter gets us very far past another BoF-like session similar to this. But maybe that is all we can get consensus on at this point?
", "time": "2024-11-05T10:54:02Z"}, {"author": "Nick Doty", "text": "@arnaud, I think \"accountable for misuse\" is the requirement that is for concern for auditing how it's used. if you mean \"auditing\" like shipping manifest checking, that would be very different.
", "time": "2024-11-05T10:54:07Z"}, {"author": "Kathleen Moriarty", "text": "Or rather TPM/hardware in infrastructure over PKI
", "time": "2024-11-05T10:54:07Z"}, {"author": "Stephen Farrell", "text": "@woody: so were it relevant, IMO the WG could/should define what's needed for both USB-scenario emblems (some of the files/data-at-rest and the entire stick as a thing)
", "time": "2024-11-05T10:54:11Z"}, {"author": "Jonathan Hoyland", "text": "@Bill, I think without the auditability requirement it's impossible to achieve the others.
", "time": "2024-11-05T10:54:22Z"}, {"author": "Ted Hardie", "text": "Same comment about \"discovery\" here as above.
", "time": "2024-11-05T10:54:30Z"}, {"author": "Richard Barnes", "text": "Jessica Krynitsky said:
\n\n\nRichard Barnes wouldn't that be too easy to spoof and would render it meaningless?
\n
The point I'm trying to make is that current emblems do not have any anti-spoofing protections, and people don't seem to regard them as meaningless. So I question whether anti-spoofing is actually a requirement.
", "time": "2024-11-05T10:54:38Z"}, {"author": "Bill Woodcock", "text": "@Stephen: completely agreed. Those are two of the six categories people have been working on.
", "time": "2024-11-05T10:54:38Z"}, {"author": "Arnaud Taddei", "text": "+1 Ted
", "time": "2024-11-05T10:54:39Z"}, {"author": "Samit D'Cunha", "text": "@Michael, I agree with your point but just to clarify, the press are directly protected as civilians, so they are protected. Rather the difference is that they do not have a specific protection under IHL which is what I believe you meant!
", "time": "2024-11-05T10:55:05Z"}, {"author": "Jonathan Hoyland", "text": "@Richard that's because the ICRC vigorously protect use of their emblems.
", "time": "2024-11-05T10:55:26Z"}, {"author": "Tommy Jensen", "text": "Clarify: each bullet could be N documents
", "time": "2024-11-05T10:55:53Z"}, {"author": "Rohan Mahy", "text": "Michael Christie said:
\n\n\nRohan Mahy said:
\n\n\nI believe that the press use case is a good bench mark. Are the ICRC requirements a strict subset of the press requirements?
\nRohan, I think the press case and ICRC case are a little distinct - press aren't as directly protected by international law, and would use digital press emblems in very selective circumstances, given concerns about tracking, targeting etc. Could one be a subset of the other? Possibly, so long as there is flexibility.
\n
Technically, if the press case is using a press emblem and the ICRC is using a RedC* emblem, I don't see how the specific type of protection under law should matter to the technology. The press might turn off advertising their emblem even if the ICRC likely never would. The Verifier Privacy would likely be needed by both.
", "time": "2024-11-05T10:55:59Z"}, {"author": "Stephen Farrell", "text": "eric would like milestones:-)
", "time": "2024-11-05T10:56:06Z"}, {"author": "Nick Doty", "text": "@Richard this is a detail, but the use of a painted Red Cross in person has different ways for accountability than digital would have -- there's a physical truck with a painted cross on it as evidence, for example
", "time": "2024-11-05T10:56:07Z"}, {"author": "Henk Birkholz", "text": "If key protection is not key to rats, I might have misunderstood how rats works. Sry!
", "time": "2024-11-05T10:56:25Z"}, {"author": "\u00c9ric Vyncke", "text": "@stephen YES ;-)
", "time": "2024-11-05T10:56:39Z"}, {"author": "Richard Barnes", "text": "To be clear, I don't have a position here, I'm just trying to make sure we're deliberately taking on requirements as opposed to reflexively throwing crypto on it
", "time": "2024-11-05T10:56:48Z"}, {"author": "Michael Christie", "text": "@Samit D'Cunha correct, yes.
", "time": "2024-11-05T10:56:54Z"}, {"author": "Stephen Farrell", "text": "ICRC being concerned about other use-cases slowing 'em down is.... slowing us down
", "time": "2024-11-05T10:57:53Z"}, {"author": "Alex Rosenberg", "text": "RedC* is a tiny use case.
", "time": "2024-11-05T10:58:25Z"}, {"author": "Henk Birkholz", "text": "I agree that focusing on diem format and discovery is important, maybe assurances are less important.
", "time": "2024-11-05T10:58:33Z"}, {"author": "Daniel Gillmor", "text": "i dunno, i think the folks who are concerned about using this to indicate underwriter's marks or proof of payment of customs (who in fact have very different requirements) are making the scope much wider.
", "time": "2024-11-05T10:58:57Z"}, {"author": "Kathleen Moriarty", "text": "@Henk my point was more that PKI has very strong mechanisms in place to define levels of security/trust. That's not a distinguishing point between those options.
", "time": "2024-11-05T10:59:03Z"}, {"author": "St\u00e9phane Bortzmeyer", "text": "@Alex I disagree, Red Cross is a very important and urgent use case, and it was the initial motivation.
", "time": "2024-11-05T10:59:17Z"}, {"author": "Daniel Gillmor", "text": "Alex, let's prove that we can do the tiny use case. then we recharter
", "time": "2024-11-05T10:59:19Z"}, {"author": "Nick Doty", "text": "@dkg +1
", "time": "2024-11-05T10:59:20Z"}, {"author": "Dennis Jackson", "text": "dkg +1
", "time": "2024-11-05T10:59:37Z"}, {"author": "Hollie Johnston", "text": "@Alex the RedC* would cover the protection of all hospitals operating in armed conflict as just one example. It would also cover the operations of 191 organisations (Red Cross Red Crescent National Societies). They are the key humanitarian organisations of all countries...
", "time": "2024-11-05T10:59:39Z"}, {"author": "Alex Rosenberg", "text": "@Daniel -- convering commercial interests makes building tools for diem actually viable.
", "time": "2024-11-05T10:59:43Z"}, {"author": "Felix Linker", "text": "Ah - I forgot the Australian Red Cross! Sorry, Hollie
", "time": "2024-11-05T10:59:54Z"}, {"author": "Richard Barnes", "text": "i didn't mean to be controversial! i'm just a tourist here, trying to be helpful :)
", "time": "2024-11-05T10:59:59Z"}, {"author": "Stephen Farrell", "text": "@dkg -1 (unusually)
", "time": "2024-11-05T11:00:01Z"}, {"author": "Bill Woodcock", "text": "Agreed with @Alex, we should be focusing on the general use-case, not just one tiny constituent.
", "time": "2024-11-05T11:00:16Z"}, {"author": "Andrew Campling", "text": "+1 to address the specific use case
", "time": "2024-11-05T11:00:22Z"}, {"author": "Daniel Gillmor", "text": "Alex: the commercial interests have a very different set of requirements than the ICRC
", "time": "2024-11-05T11:00:29Z"}, {"author": "Nick Doty", "text": "I don't think we need to limit to the Red Cross emblems in particular. but we can narrow the scope to a cluster of protective use cases that are useful for digital interaction without trying to take on all authenticated digital metadata.
", "time": "2024-11-05T11:00:36Z"}, {"author": "Emma Cunliffe", "text": "@Hollie @St\u00e9phane - agreed.
", "time": "2024-11-05T11:00:38Z"}, {"author": "Alex Rosenberg", "text": "@Hollie -- I understand that scope. I also know a lot of so-called war criminals from the video game industry who used a red cross in their game.
", "time": "2024-11-05T11:00:38Z"}, {"author": "Stephen Farrell", "text": "producing stuff for ICRC could well be the #1 goal but shouldn't be the only, exclusive, goal
", "time": "2024-11-05T11:00:41Z"}, {"author": "Felix Linker", "text": "Broadening later is alwaysy fine
", "time": "2024-11-05T11:01:08Z"}, {"author": "Bill Woodcock", "text": "@Stephane: it's _one_ of thousands of issuers. It makes no sense to say that the IETF will build standards for individual constituents. The entire point is interoperability.
", "time": "2024-11-05T11:01:10Z"}, {"author": "Richard Barnes", "text": "to the degree that commercial vendors' products need to be the one to emit emblems, it makes sense to enlist vendors even if the ultimate goal is to help NGOs, not vendors
", "time": "2024-11-05T11:01:47Z"}, {"author": "Rahel Fainchtein", "text": "It's not whether or not they crossed the line but rather, if they did can we definitively show that they did.
", "time": "2024-11-05T11:01:52Z"}, {"author": "Bill Woodcock", "text": "@Nick, that's a straw man.
", "time": "2024-11-05T11:01:57Z"}, {"author": "Alex Rosenberg", "text": "@Daniel -- the commercial cases will not be solved outside of a group like IETF -- we'll just continue proliferate different ones per use case like today. I think the humanitarian needs should be happy to get covered along the way.
", "time": "2024-11-05T11:02:05Z"}, {"author": "Alex Rosenberg", "text": "+1 Richard
", "time": "2024-11-05T11:02:18Z"}, {"author": "Felix Linker", "text": "@Richard: This is why the ICRC came here. We realized that the solution will potentially interfere with a lot of vendors. We thought it would be great to get agreement that a Digital Red Cr* works for everyone.
", "time": "2024-11-05T11:02:25Z"}, {"author": "Emma Cunliffe", "text": "@Alex - I think games like Arma, who have a lovely IHL package, could be viewed as coming under the educational clause
", "time": "2024-11-05T11:02:50Z"}, {"author": "Jonathan Hoyland", "text": "I thought it applied to the jacket?
", "time": "2024-11-05T11:02:56Z"}, {"author": "Stephen Farrell", "text": "+1 to what dkg just said (brings me back to zero:-)
", "time": "2024-11-05T11:03:04Z"}, {"author": "Kathleen Moriarty", "text": "Scope maybe should be in the Framework
", "time": "2024-11-05T11:03:07Z"}, {"author": "Bill Woodcock", "text": "@Daniel: Person, place, thing, digital data at rest, digital data in transit, or online service. It's _really_ not that complicated.
", "time": "2024-11-05T11:03:14Z"}, {"author": "\u00c9ric Vyncke", "text": "@dkg this is outside of IEF work, we simply provide the means to indicate \"handling/protection\"
", "time": "2024-11-05T11:03:18Z"}, {"author": "Hollie Johnston", "text": "Agree @Emma.
", "time": "2024-11-05T11:03:43Z"}, {"author": "Stephen Farrell", "text": "@eric: there needs to be a way to do it though, hence some fields in some structure
", "time": "2024-11-05T11:03:47Z"}, {"author": "Hollie Johnston", "text": "It's a complex space!
", "time": "2024-11-05T11:03:50Z"}, {"author": "Nick Doty", "text": "@Bill I don't understand. my proposal is just a proposal, so maybe that sounds like a \"straw man\"?
", "time": "2024-11-05T11:03:53Z"}, {"author": "Kathleen Moriarty", "text": "Scope in Framework so it can go into the data model and discovery
", "time": "2024-11-05T11:04:04Z"}, {"author": "Felix Linker", "text": "@Daniel: Agreed. I would call this \"semantics\" of the emblem.
", "time": "2024-11-05T11:04:11Z"}, {"author": "Orie Steele", "text": "+1 DKG, and it echoes thge point Roman made, that data model / validation / discovery are context specific.
", "time": "2024-11-05T11:04:14Z"}, {"author": "\u00c9ric Vyncke", "text": "@stephen agreed but this set of data will probably be specific per use case and the handling will be defined outside of the IETF
", "time": "2024-11-05T11:04:30Z"}, {"author": "Tommy Jensen", "text": "Referencing several above: I agree we should not write a charter that says \"we will build a digital Red Cross\" specifically, but it's the best supported attendee use case that highlights what I think the first scope should be: \"protective digital emblems\"
", "time": "2024-11-05T11:04:37Z"}, {"author": "Nick Doty", "text": "+1 tommy
", "time": "2024-11-05T11:04:51Z"}, {"author": "Richard Barnes", "text": "\"needs to happen quickly\" -- have you met the IETF?
", "time": "2024-11-05T11:04:55Z"}, {"author": "Stephen Farrell", "text": "@felix: so taking the USB stick, subset of files idea: how'd that get into the emblem usefully? I can imagine many bad ways to try that
", "time": "2024-11-05T11:04:57Z"}, {"author": "Nick Doty", "text": "(+1 tommy, for agreeing but also for being more succinct)
", "time": "2024-11-05T11:05:20Z"}, {"author": "Tommy Jensen", "text": "With what Samit is describing, we just got commitment from hundreds of organizations to adopt solutions we build here, and we now have multiple implementors (not just legal guardians of an emblem) here
", "time": "2024-11-05T11:05:28Z"}, {"author": "Felix Linker", "text": "I think we need not label USB sticks with a digital emblem, because all the threat vectors to a USB stick are physical.
", "time": "2024-11-05T11:05:29Z"}, {"author": "Felix Linker", "text": "Just put a Red Cr* sticker on it (I am serious).
", "time": "2024-11-05T11:05:47Z"}, {"author": "Stephen Farrell", "text": "so change from USB stick to 1TB disk, same issue
", "time": "2024-11-05T11:05:55Z"}, {"author": "Alex Rosenberg", "text": "@Felix would an emblem on a USB stick not infer that all of the contents are protected?
", "time": "2024-11-05T11:06:01Z"}, {"author": "Bill Woodcock", "text": "@Stephen: the mechanisms proposed thus far are enclosing, enclosed, or side-by-side. In the case of enclosing, you could bundle the set of marked files.
", "time": "2024-11-05T11:06:10Z"}, {"author": "Andrew Campling", "text": "+1 to Tommy\u2019s 2 points above
", "time": "2024-11-05T11:06:30Z"}, {"author": "Bill Woodcock", "text": "@Alex: yeah, a reasonable person would assume that, if it's the physical thing that's marked.
", "time": "2024-11-05T11:06:38Z"}, {"author": "Andrei Popov", "text": "There is a problem of protecting a USB stick, and there is a problem of protecting files on a USB stick...
", "time": "2024-11-05T11:06:40Z"}, {"author": "Alex Rosenberg", "text": "@Felix I also see no difference between a RedC* logo and a \"attorney-client privilege\" label.
", "time": "2024-11-05T11:06:47Z"}, {"author": "Nick Doty", "text": ":) at rohan spelling out all acronyms
", "time": "2024-11-05T11:06:52Z"}, {"author": "Orie Steele", "text": "XD
", "time": "2024-11-05T11:07:02Z"}, {"author": "Stephen Farrell", "text": "@woody: seems like it might need to be more complcated e.g. part of filesystem to really work
", "time": "2024-11-05T11:07:02Z"}, {"author": "Richard Barnes", "text": "TLS = Transport Layer Security
", "time": "2024-11-05T11:07:03Z"}, {"author": "Daniel Gillmor", "text": "rlb = Richard L Barnes
", "time": "2024-11-05T11:07:22Z"}, {"author": "Emma Cunliffe", "text": "@Felix and Alex, not all files may be protected, and in addition, what happens if you then move the files off the USB. You presumably want the emblem with the specific files.
", "time": "2024-11-05T11:07:26Z"}, {"author": "Nick Doty", "text": "the Red Cross use cases also require the ability to turn off and on, or to extend and remove.
", "time": "2024-11-05T11:07:43Z"}, {"author": "Stephen Farrell", "text": "or rename file, or change modification time, or...
", "time": "2024-11-05T11:07:50Z"}, {"author": "Alex Rosenberg", "text": "@Stephen -- most modern filesystems have a means to have extended metadata associated with files/folders. We need only define the payload.
", "time": "2024-11-05T11:07:51Z"}, {"author": "Bill Woodcock", "text": "@stephen: I think that's possible, but seems like a pretty big bite to take at first.
", "time": "2024-11-05T11:07:58Z"}, {"author": "Felix Linker", "text": "@Alex: Hard for me to comment on the attorney label because I don't know that, but the Red Cr* inform about specific protection under IHL that has been well respected over the last decades, and states agree that there is a need to move this protection into the digital realm.
", "time": "2024-11-05T11:08:02Z"}, {"author": "Bill Woodcock", "text": "Eh, Alex knows more than I do.
", "time": "2024-11-05T11:08:14Z"}, {"author": "Dennis Jackson", "text": "Folks, the best place for the usb / files discussion would have been the IHL side meeting yesterday
", "time": "2024-11-05T11:08:16Z"}, {"author": "Stephen Farrell", "text": "@woody: right, if uses of emblems all turn out to require big bites we probably should understand that
", "time": "2024-11-05T11:08:29Z"}, {"author": "Alex Rosenberg", "text": "@Felix -- both describe how an asset should be handled.
", "time": "2024-11-05T11:08:33Z"}, {"author": "Bill Woodcock", "text": "@Dennis, no, a side-meeting is never the best place to discuss standardization.
", "time": "2024-11-05T11:08:39Z"}, {"author": "Daniel Gillmor", "text": "another similar use case to the ICRC and journalism cases (but with very different authorities) is \"indicators of surrender\". How do you wave a white flag digitally? these are bound by IHL, but they're asserted independently by the parties in a conflict, rather than by an external third party.
", "time": "2024-11-05T11:09:05Z"}, {"author": "Stephen Farrell", "text": "@dennis: feel free to use dkfg's TLS scope questions instead - same problems
", "time": "2024-11-05T11:09:14Z"}, {"author": "Alex Rosenberg", "text": "@Dennis -- people need to describe their preferred scope in common terms. The USB example is useful as a proxy.
", "time": "2024-11-05T11:09:31Z"}, {"author": "Stephen Farrell", "text": "how is a server a digital asset? those are noisy physical things!
", "time": "2024-11-05T11:10:15Z"}, {"author": "Felix Linker", "text": "I disagree that press labelling is a strict subset of the Red Cr* use case. I know there is disagreement on this, but labelling physical assets and digital assets each come with their own problems.
", "time": "2024-11-05T11:10:18Z"}, {"author": "Daniel Gillmor", "text": "Stephen: for that matter, what is a server?
", "time": "2024-11-05T11:10:31Z"}, {"author": "Tommy Jensen", "text": "@Stephen really? At Microsoft, they're all virtual containers :P
", "time": "2024-11-05T11:10:35Z"}, {"author": "Daniel Gillmor", "text": "is a VPS a server?
", "time": "2024-11-05T11:10:37Z"}, {"author": "Stephen Farrell", "text": "noisy
", "time": "2024-11-05T11:10:38Z"}, {"author": "Bill Woodcock", "text": "@Felix: Rohan said superset, not subset.
", "time": "2024-11-05T11:10:47Z"}, {"author": "Stephen Farrell", "text": "all your VPS's are mine serverless anyway aren't they?
", "time": "2024-11-05T11:11:14Z"}, {"author": "Richard Barnes", "text": "\"this lambda is protected by IHL\"
", "time": "2024-11-05T11:11:44Z"}, {"author": "Benjamin Ang", "text": "I agree with the previous statement that this has become overcomplicated, what is needed is like a marker \"anything beyond that is interesting but not necessary\"
", "time": "2024-11-05T11:11:57Z"}, {"author": "Stephen Farrell", "text": "@rlb: guess we'll need a LISP-like syntax
", "time": "2024-11-05T11:12:12Z"}, {"author": "Bill Woodcock", "text": "Yes, this is standardization of marking, not law.
", "time": "2024-11-05T11:12:19Z"}, {"author": "Ted Hardie", "text": "@Stephen I have a stock of curly braces that I am happy to share with the group.
", "time": "2024-11-05T11:12:43Z"}, {"author": "Andrei Popov", "text": "For digital assets, the protection should probably apply to the entire \"service\", not a particular TLS connection, server or file.
", "time": "2024-11-05T11:12:47Z"}, {"author": "Felix Linker", "text": "@Bill: Sub/super... Doesn't matter. The problems have an overlap but are distinct.
", "time": "2024-11-05T11:12:58Z"}, {"author": "Martin Thomson", "text": "Dennis, are you going to solve all our problems quickly?
", "time": "2024-11-05T11:13:04Z"}, {"author": "Andrew Campling", "text": "Marker but with validation
", "time": "2024-11-05T11:13:08Z"}, {"author": "Alex Rosenberg", "text": "@Stephen -- humor aside, I'd prefer we not define anything Turing-complete here.
", "time": "2024-11-05T11:13:09Z"}, {"author": "Tommy Jensen", "text": "@MT of course, why would you ask that
", "time": "2024-11-05T11:13:18Z"}, {"author": "Stephen Farrell", "text": "@andrei: I dunno what an \"entire service\" is tbh
", "time": "2024-11-05T11:13:34Z"}, {"author": "Daniel Gillmor", "text": "Andrei, does \"service\" mean \"dns name\" or \"IP address and port\" or \"underlying logical components that make up this service\"?
", "time": "2024-11-05T11:13:53Z"}, {"author": "Daniel Gillmor", "text": "or something else?
", "time": "2024-11-05T11:14:03Z"}, {"author": "Nick Doty", "text": "I disagree that everyone knows who is who on the Internet
", "time": "2024-11-05T11:14:12Z"}, {"author": "\u00c9ric Vyncke", "text": "the data model can be very flexible in the pure data part (IETF can define the header/security of it) with external bodies defiing the actual parts they want to have in the data part
", "time": "2024-11-05T11:14:16Z"}, {"author": "Andrei Popov", "text": "Underlying components that deliver a protected service.
", "time": "2024-11-05T11:14:16Z"}, {"author": "Martin Thomson", "text": "Nick++
", "time": "2024-11-05T11:14:21Z"}, {"author": "Daniel Gillmor", "text": "Nick++
", "time": "2024-11-05T11:14:25Z"}, {"author": "Tommy Jensen", "text": "@David I think it's been made clear that problem is not solved (and Nick++)
", "time": "2024-11-05T11:14:35Z"}, {"author": "Dennis Jackson", "text": "My observation was going to be that everyone who is speaking to 'this seems complex and nuanced' - it also a strong argument for a narrow scope. I don't understand how folks can argue this is both complex and should have a general scope.
", "time": "2024-11-05T11:14:43Z"}, {"author": "Martin Thomson", "text": "The BBC is also not exclusively a press organization.
", "time": "2024-11-05T11:14:46Z"}, {"author": "Ted Hardie", "text": "@Nick Doty +1
", "time": "2024-11-05T11:15:02Z"}, {"author": "Daniel Gillmor", "text": "narrow scope belongs in the charter, please
", "time": "2024-11-05T11:15:28Z"}, {"author": "Stephen Farrell", "text": "1st thing to tackle, not in charter
", "time": "2024-11-05T11:15:37Z"}, {"author": "Tommy Jensen", "text": "+1 DKG
", "time": "2024-11-05T11:15:39Z"}, {"author": "Benjamin Ang", "text": "I suggest the marker does not even need validation, just as the physical red cross is not validated. It can be abused by a military object masquerading as a hospital, but then the abuser would be in breach of international law.
", "time": "2024-11-05T11:15:45Z"}, {"author": "Felix Linker", "text": "Yes, scope in charter
", "time": "2024-11-05T11:15:46Z"}, {"author": "Alex Rosenberg", "text": "We should be defining a hierarchical and extensible data format. Legal protections are just part of the data.
", "time": "2024-11-05T11:15:54Z"}, {"author": "Felix Linker", "text": "I would also be fine to say that we may work on different things later
", "time": "2024-11-05T11:16:06Z"}, {"author": "St\u00e9phane Bortzmeyer", "text": "@Benjmain Agreed (ad this is why cryptography may not be necessary)
", "time": "2024-11-05T11:16:13Z"}, {"author": "Richard Barnes", "text": "@Alex Rosenberg that is the way to failure
", "time": "2024-11-05T11:16:14Z"}, {"author": "Andrew Campling", "text": "Narrow charter to avoid distractions - can expand later
", "time": "2024-11-05T11:16:16Z"}, {"author": "Felix Linker", "text": "But okay - that's quite an empty statement
", "time": "2024-11-05T11:16:16Z"}, {"author": "Alex Rosenberg", "text": "@Richard -- SNMP exists.
", "time": "2024-11-05T11:16:28Z"}, {"author": "Richard Barnes", "text": "@Alex Rosenberg \"first you must invent the universe\"
", "time": "2024-11-05T11:16:30Z"}, {"author": "Andrei Popov", "text": "Extrapolating from the physical to the digital world is a mistake. Properties absent in the physical world may be very much needed in the digital world.
", "time": "2024-11-05T11:16:46Z"}, {"author": "Rohan Mahy", "text": "Daniel Gillmor said:
\n\n\nanother similar use case to the ICRC and journalism cases (but with very different authorities) is \"indicators of surrender\". How do you wave a white flag digitally? these are bound by IHL, but they're asserted independently by the parties in a conflict, rather than by an external third party.
\n
I don't think anybody has come to the BoF specifically asking for this. It is covered as one of the things under WhiteFlag, but the users of whiteflag have not specifically said \"we want diem to do this\"
", "time": "2024-11-05T11:16:52Z"}, {"author": "Jonathan Hoyland", "text": "Narrow scope as milestone one?
", "time": "2024-11-05T11:17:22Z"}, {"author": "Tommy Jensen", "text": "Rohan +1, in fact I recall Timo (sp?) specifically saying this
", "time": "2024-11-05T11:17:25Z"}, {"author": "Daniel Gillmor", "text": "Rohan, tell me more about WhiteFlag!
", "time": "2024-11-05T11:17:27Z"}, {"author": "Alex Rosenberg", "text": "It sure feels like there's a lot of astroturfing happening in this process, just like some companies do to ISO meetings. I am very disappointed.
", "time": "2024-11-05T11:17:27Z"}, {"author": "\u00c9ric Vyncke", "text": "or putting a sequence of deliverable
", "time": "2024-11-05T11:17:36Z"}, {"author": "Jim Reid", "text": "+1 to what dkg just said
", "time": "2024-11-05T11:19:05Z"}, {"author": "Nick Doty", "text": "I would prefer narrower scope in the charter, but I would be okay with 'start with the narrower item but continue with others or make recommendations of work to other WGs'
", "time": "2024-11-05T11:19:10Z"}, {"author": "\u00c9ric Vyncke", "text": "Time check: we need to answer the questions on the screen
", "time": "2024-11-05T11:19:34Z"}, {"author": "Tommy Jensen", "text": "Asking those questions literally may not be informative -- we may want to ask specifically if this \"protective digital\" narrow scope has support
", "time": "2024-11-05T11:20:10Z"}, {"author": "Andrew Campling", "text": "Perhaps pivot to series of showing of hands?
", "time": "2024-11-05T11:20:16Z"}, {"author": "Tommy Jensen", "text": "yes, let's close queue and do show of hands
", "time": "2024-11-05T11:20:38Z"}, {"author": "Alex Rosenberg", "text": "Show of hands is astroturfing in action.
", "time": "2024-11-05T11:20:51Z"}, {"author": "Daniel Gillmor", "text": "Alex, what are your claims of astroturfing supposed to mean? who is the fake grassroots here? who are they fronting for?
", "time": "2024-11-05T11:21:28Z"}, {"author": "Alex Rosenberg", "text": "@Daniel -- I think getting into specifics is perhaps too personal.
", "time": "2024-11-05T11:21:55Z"}, {"author": "Andrew Campling", "text": "Polite reminder re note well
", "time": "2024-11-05T11:21:59Z"}, {"author": "Richard Barnes", "text": "pch = packet clearing house
", "time": "2024-11-05T11:22:28Z"}, {"author": "St\u00e9phane Bortzmeyer", "text": "@Alex So your accusations are entirely unsupported.
", "time": "2024-11-05T11:22:34Z"}, {"author": "Jim Reid", "text": "Who's doing the astroturfing here? What could those \"bad actors\" hope to gain from that in this BoF?
", "time": "2024-11-05T11:22:36Z"}, {"author": "Alex Rosenberg", "text": "+1 to what Bill is saying.
", "time": "2024-11-05T11:22:54Z"}, {"author": "Tommy Jensen", "text": "To be clear, we're not talking about \"qhat the IETF should do\" but \"what an initial WG should scope to at first\"
", "time": "2024-11-05T11:22:58Z"}, {"author": "Dennis Jackson", "text": "Bill: Who is this 'one party'?
", "time": "2024-11-05T11:23:06Z"}, {"author": "Nick Doty", "text": "I don't understand the \"thought experiment\" about proposing a standard to make it easier to kill people
", "time": "2024-11-05T11:23:25Z"}, {"author": "Felix Linker", "text": "I have said it multiple times, but my intent is not to stop any work on things like labelling cargo in transit. I think this work could progress very well independently of the work on the digital Red Cr*s.
", "time": "2024-11-05T11:23:28Z"}, {"author": "Daniel Gillmor", "text": "There are fundamentally different requirements for a customs use case than for a protective digital emblem case. ICRC is a \"use case\" -- a concrete example, not the only party able to use this mechanism.
", "time": "2024-11-05T11:23:31Z"}, {"author": "Alex Rosenberg", "text": "I have personally experienced companies attending ISO meetings en masse simply to swing \"show of hands\" in their direction. I think we're seeing that here too.
", "time": "2024-11-05T11:23:43Z"}, {"author": "St\u00e9phane Bortzmeyer", "text": "@Alex Groundless accusations.
", "time": "2024-11-05T11:24:05Z"}, {"author": "Stephen Farrell", "text": "@alex: bah, this is normal IETF (dis)agreement
", "time": "2024-11-05T11:24:08Z"}, {"author": "Nick Doty", "text": "+1 Felix. I think IETF could do work on the customs use case in spice, for example
", "time": "2024-11-05T11:24:13Z"}, {"author": "Daniel Gillmor", "text": "Alex, i've seen it here too, in the TLS WG about forward secrecy.
", "time": "2024-11-05T11:24:19Z"}, {"author": "Daniel Gillmor", "text": "but i don't think it's happening here.
", "time": "2024-11-05T11:24:23Z"}, {"author": "Nick Doty", "text": "could \"show of hands\" include a ranked-choice-voting functionality?
", "time": "2024-11-05T11:24:53Z"}, {"author": "Michaela Shapiro", "text": "+1 dkg - having a narrrow use case to focus on and a narrow scope does not preclude future work or others from benefitting
", "time": "2024-11-05T11:25:00Z"}, {"author": "Daniel Gillmor", "text": "rechartering just isn't that complicated.
", "time": "2024-11-05T11:25:19Z"}, {"author": "Daniel Gillmor", "text": "Nick, we have a hard enough time with yes/no/don'tknow
", "time": "2024-11-05T11:25:38Z"}, {"author": "Richard Barnes", "text": "rechartering is far easier than initial chartering
", "time": "2024-11-05T11:25:42Z"}, {"author": "Alex Rosenberg", "text": "@Daniel -- a perfect example of failing to be extensible is RADIUS. They're having a bad time now over it.
", "time": "2024-11-05T11:25:50Z"}, {"author": "Richard Barnes", "text": "richard \"let me be concrete\" barnes
", "time": "2024-11-05T11:25:51Z"}, {"author": "Stephen Farrell", "text": "that was a clear unclear outcome! ;-)
", "time": "2024-11-05T11:25:54Z"}, {"author": "Daniel Gillmor", "text": "That's what the L stands for!
", "time": "2024-11-05T11:26:07Z"}, {"author": "Alex Rosenberg", "text": "And by hierarchical and extensible, I mean simple things like JSON/YAML/etc. It's not overly-complex.
", "time": "2024-11-05T11:26:28Z"}, {"author": "Daniel Gillmor", "text": "Alex, of course we'll use a data format that makes sense.
", "time": "2024-11-05T11:26:48Z"}, {"author": "Murray Kucherawy", "text": "This is BoF #2, correct?
", "time": "2024-11-05T11:27:10Z"}, {"author": "Jonathan Hoyland", "text": "@Alex, focusing on the ICRC use case doesn't preclude JSON.
", "time": "2024-11-05T11:27:16Z"}, {"author": "Ted Hardie", "text": "@Murray Yes
", "time": "2024-11-05T11:27:20Z"}, {"author": "Brian Haberman", "text": "@Murray Yes
", "time": "2024-11-05T11:27:22Z"}, {"author": "Daniel Gillmor", "text": "Murray, it is, and we seem to be coming back to boil the ocean, again.
", "time": "2024-11-05T11:27:27Z"}, {"author": "Rohan Mahy", "text": "Felix Linker said:
\n\n\nI think we need not label USB sticks with a digital emblem, because all the threat vectors to a USB stick are physical.
\n
That seems reasonable.
", "time": "2024-11-05T11:27:38Z"}, {"author": "Murray Kucherawy", "text": "So it would be non-good to still not understand the problem
", "time": "2024-11-05T11:27:41Z"}, {"author": "Alex Rosenberg", "text": "So why is there such a disagreement over the difference between handling an asset tag for a USB stick vs. an IHL-protected asset? They only differ by minor bits of metadata.
", "time": "2024-11-05T11:27:55Z"}, {"author": "Nick Doty", "text": "I believe the IESG/IAB refused an earlier approach to propose split work in this second BoF, and that may have been unhelpful.
", "time": "2024-11-05T11:28:09Z"}, {"author": "Dennis Jackson", "text": "Nick +1
", "time": "2024-11-05T11:28:17Z"}, {"author": "Murray Kucherawy", "text": "Watching these polls feels life foreshadowing.
", "time": "2024-11-05T11:28:23Z"}, {"author": "Stephen Farrell", "text": "scope is understood but there's disagreement between people
", "time": "2024-11-05T11:28:26Z"}, {"author": "Murray Kucherawy", "text": "like*
", "time": "2024-11-05T11:28:50Z"}, {"author": "St\u00e9phane Bortzmeyer", "text": "@Stephen Fair summary
", "time": "2024-11-05T11:28:59Z"}, {"author": "Stephen Farrell", "text": "I think both narrow and broader scopes are understood, we just don't agree
", "time": "2024-11-05T11:29:00Z"}, {"author": "Tommy Jensen", "text": "+1 Stephen
", "time": "2024-11-05T11:29:12Z"}, {"author": "Nick Doty", "text": "+1 Stephen, I actually think the scope is understood, there are just disagreements about whether we should do 1 or 2 places, or 1 thing first
", "time": "2024-11-05T11:29:22Z"}, {"author": "Jonathan Hoyland", "text": "@Alex, probably because it's about whether we should actively consider the other requirements
", "time": "2024-11-05T11:29:22Z"}, {"author": "Kathleen Moriarty", "text": "Just get started with the refinements discussed
", "time": "2024-11-05T11:29:37Z"}, {"author": "Stephen Farrell", "text": "next steps: bash charter text about scope I'd suggest
", "time": "2024-11-05T11:30:16Z"}, {"author": "Will Earp", "text": "Seems to me that any use case is probably out of scope, but you need a use-case to implement something
", "time": "2024-11-05T11:30:19Z"}, {"author": "Kathleen Moriarty", "text": "We can do work on the mailinglist to refine
", "time": "2024-11-05T11:30:20Z"}, {"author": "Stephen Farrell", "text": "two charters is still a bad plan, just bash text, that's what we do:-)
", "time": "2024-11-05T11:31:43Z"}, {"author": "Emma Cunliffe", "text": "I would just like to thank you all for a useful and informative discussion, as a stakeholder in IHL emblem (from Blue Shield International). It's been very valuable for us.
", "time": "2024-11-05T11:31:52Z"}, {"author": "Nick Doty", "text": "I don't think we need two charters, I think we need a charter and expanding work in other WGs
", "time": "2024-11-05T11:32:14Z"}, {"author": "Stephen Farrell", "text": "2 WGs for emblems would be dim
", "time": "2024-11-05T11:32:17Z"}, {"author": "Emma Cunliffe", "text": "(how do I join the mailing list? Can I join it?)
", "time": "2024-11-05T11:32:21Z"}, {"author": "Nick Doty", "text": "@Emma, yes, please do
", "time": "2024-11-05T11:32:32Z"}, {"author": "Jonathan Hoyland", "text": "@Emma mailing lists are public
", "time": "2024-11-05T11:32:35Z"}]