[{"author": "Eliot Lear", "text": "I think jabber has been retired
", "time": "2022-06-16T15:59:59Z"}, {"author": "Robert Moskowitz", "text": "then what is the zulipbot doing as Jabber user?
", "time": "2022-06-16T16:00:37Z"}, {"author": "cabo", "text": "https://notes.ietf.org/notes-ietf-interim-2022-scitt-01-scitt
", "time": "2022-06-16T16:02:04Z"}, {"author": "Roman Danyliw", "text": "Direct link to meeting notes = https://notes.ietf.org/notes-ietf-interim-2022-scitt-01-scitt
", "time": "2022-06-16T16:02:10Z"}, {"author": "Roman Danyliw", "text": "Direct link to meeting materials (e.g., slides) = https://datatracker.ietf.org/meeting/interim-2022-scitt-01/session/scitt
", "time": "2022-06-16T16:02:33Z"}, {"author": "Orie Steele", "text": "hello world
", "time": "2022-06-16T16:03:11Z"}, {"author": "Roman Danyliw", "text": "@Robert = Zulipbot is proxying this chat to IETF Zulip
", "time": "2022-06-16T16:03:18Z"}, {"author": "Kay Williams", "text": "Good morning everyone!
", "time": "2022-06-16T16:03:23Z"}, {"author": "Antoine Delignat-Lavaud", "text": "you can detach chat as well in the top right corner of the chat box
", "time": "2022-06-16T16:03:24Z"}, {"author": "Carsten Bormann", "text": "jabber WFM
", "time": "2022-06-16T16:03:25Z"}, {"author": "Roman Danyliw", "text": "Hi! I'm the responsible Area Director.
", "time": "2022-06-16T16:06:25Z"}, {"author": "Dick Brooks", "text": "no objections to the agenda
", "time": "2022-06-16T16:07:16Z"}, {"author": "Michael Richardson", "text": "I'm curious how many people were at the secdispatch session at IETF113? How many were not, and for how many this is their first IETF engagement?
", "time": "2022-06-16T16:07:51Z"}, {"author": "cabo", "text": "(Chairs might do a poll)
", "time": "2022-06-16T16:08:13Z"}, {"author": "MichaelRichardson", "text": "One reason I want to know how many are new to the IETF, is that it might be that meeting in person at IETF114 might not have the same community, and we are better to stick to virtual interim (BOFs).
", "time": "2022-06-16T16:10:00Z"}, {"author": "Roman Danyliw", "text": "IETF-114 will also have healthy remote participation.
", "time": "2022-06-16T16:11:03Z"}, {"author": "Roy Williams", "text": "Good introduction. Thanks Eliot and Hannes
", "time": "2022-06-16T16:11:38Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) I finally got it working, wow!
", "time": "2022-06-16T16:11:41Z"}, {"author": "cabo", "text": "Eliot: you can hand the controls to Yogesh
", "time": "2022-06-16T16:13:19Z"}, {"author": "Eliot Lear", "text": "he's new
", "time": "2022-06-16T16:13:42Z"}, {"author": "cabo", "text": "Yes, and you are screen sharing.
", "time": "2022-06-16T16:13:54Z"}, {"author": "MichaelRichardson", "text": "Roman, I guess since we have auto-matic blue-sheets, that in theory, the IESG could ask the DT how many people who attended today had also attended another previous IETF meeting.
", "time": "2022-06-16T16:17:02Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) IoT folks, please explain to me why is this IoT related?
", "time": "2022-06-16T16:18:06Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) Or send me a link?
", "time": "2022-06-16T16:19:03Z"}, {"author": "MichaelRichardson", "text": "IoT connection: Product C is an IoT device (transfusion device), which makes use of Product A (openssl).
", "time": "2022-06-16T16:19:04Z"}, {"author": "MichaelRichardson", "text": "But, also if Product C is a hammer which makes use of Steel as Product A.
", "time": "2022-06-16T16:19:45Z"}, {"author": "Orie Steele", "text": "Thats right, there are cases where physical supply chain is powered by software supply chain, as well. Attacks move both ways on that front
", "time": "2022-06-16T16:20:09Z"}, {"author": "MichaelRichardson", "text": "and there are, for instance, concerns that product A might be made from radioactive chromium.
", "time": "2022-06-16T16:20:13Z"}, {"author": "Orie Steele", "text": "+1 ^
", "time": "2022-06-16T16:20:20Z"}, {"author": "MichaelRichardson", "text": "and of course, ethical fishing and chips.
", "time": "2022-06-16T16:20:39Z"}, {"author": "Michael Prorock", "text": "big +1 - especially also items like forced or child labor as well
", "time": "2022-06-16T16:20:57Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) Ooh man, don't get into social issues \ud83d\ude04
", "time": "2022-06-16T16:23:54Z"}, {"author": "MichaelRichardson", "text": "The WG is not making judgements about social issues, but providing a way to validate them.
", "time": "2022-06-16T16:24:24Z"}, {"author": "MichaelRichardson", "text": "If you want your artillery cannon to be polished by forced child labour (because their hands are small: cf: Schindlers List), then this protocol would let you be sure.
", "time": "2022-06-16T16:25:06Z"}, {"author": "Steve Lasker", "text": "@MichaelRichardson, yes to the issue around radioative. You may know up front, or it may be learned at a later date that the steel was \"polluted\" with bad materials. How would you identify that specific item, or range of items are bad, without exploding everything even closely related?
", "time": "2022-06-16T16:25:08Z"}, {"author": "cabo", "text": "That's very close to handling a CVE
", "time": "2022-06-16T16:25:50Z"}, {"author": "Orie Steele", "text": "exactly
", "time": "2022-06-16T16:26:32Z"}, {"author": "MichaelRichardson", "text": "@Steve, I've been putting off fixing my bathroom ceiling for ~~15 years, because the insulation in the attic above *might* be contaminated with small amounts of Asbestos. Testing isn't cheap, but if only I could know from the supply chain...
", "time": "2022-06-16T16:26:45Z"}, {"author": "Orie Steele", "text": "there are common building blocks where standardization can help secure cyber physical supply chain.
", "time": "2022-06-16T16:27:04Z"}, {"author": "Steve Lasker", "text": "lol: yup: https://stevelasker.blog/2022/01/11/roles-and-responsibilities-of-signing-sboms-and-security-scanners/
But, if you have a fire, you'll be safe :)
", "time": "2022-06-16T16:27:19Z"}, {"author": "Dick Brooks", "text": "I can confirm that the problem statement and issues described by Yogesh do impact energy industry cybersecurity standards and guidelines for a software consumer to verify authenticity, integrity and trust among software suppliers and software consumers.
", "time": "2022-06-16T16:28:03Z"}, {"author": "Steve Lasker", "text": "and, once you know, you have to claim knowledge...
", "time": "2022-06-16T16:28:06Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) Robots will solve that don't worry
", "time": "2022-06-16T16:28:39Z"}, {"author": "Steve Lasker", "text": ":clap:
", "time": "2022-06-16T16:28:44Z"}, {"author": "Orie Steele", "text": "great job!
", "time": "2022-06-16T16:28:48Z"}, {"author": "Kay Williams", "text": "Thank you, Yogesh.
", "time": "2022-06-16T16:29:03Z"}, {"author": "Robert Moskowitz", "text": "I have been in similar virtual meeings for aviation. Will hae to see what interest I find in those areas.
", "time": "2022-06-16T16:29:12Z"}, {"author": "Dick Brooks", "text": "Agree, great job Yogesh. well done, Sir.
", "time": "2022-06-16T16:29:32Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) That is child labor
", "time": "2022-06-16T16:29:33Z"}, {"author": "Sylvan Clebsch", "text": ":clap:
", "time": "2022-06-16T16:29:35Z"}, {"author": "Roman Danyliw", "text": "I'm not seeing Kate's video, but do hear the audio clearly.
", "time": "2022-06-16T16:29:56Z"}, {"author": "Eliot Lear", "text": "I'll ask her at the change of slides
", "time": "2022-06-16T16:30:44Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) It seems like Kate not using video
", "time": "2022-06-16T16:31:58Z"}, {"author": "Steve Lasker", "text": "Hello Kate
", "time": "2022-06-16T16:32:08Z"}, {"author": "Kay Williams", "text": "We see you. Thank you Kate.
", "time": "2022-06-16T16:32:14Z"}, {"author": "Orie Steele", "text": "hello!
", "time": "2022-06-16T16:32:15Z"}, {"author": "Dick Brooks", "text": "+1 to Kate's analysis. Spot on!
", "time": "2022-06-16T16:33:10Z"}, {"author": "Orie Steele", "text": "Especially interested in the over time component, and keeping that scalable.
", "time": "2022-06-16T16:33:59Z"}, {"author": "Dick Brooks", "text": "Some of these \"over time\" requirements are being addressed by NIST in their May 5, 2022 EO 14028 recommendations.
", "time": "2022-06-16T16:34:57Z"}, {"author": "Orie Steele", "text": "https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity
", "time": "2022-06-16T16:36:17Z"}, {"author": "Michael Prorock", "text": "+1
", "time": "2022-06-16T16:36:31Z"}, {"author": "Orie Steele", "text": "Thats a link to EO 14028.
", "time": "2022-06-16T16:36:54Z"}, {"author": "Dick Brooks", "text": "Here's teh NIST SBOM guidance: https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-security-supply-chains-software-1
", "time": "2022-06-16T16:37:06Z"}, {"author": "Dick Brooks", "text": "issued on May 5, 2022.
", "time": "2022-06-16T16:37:16Z"}, {"author": "Michael Prorock", "text": "big open questions around critical infrastructure deployments of software as well as extrenal resource loading, machine learning models and related assets, etc
", "time": "2022-06-16T16:37:29Z"}, {"author": "Orie Steele", "text": "I love this slide!
", "time": "2022-06-16T16:37:51Z"}, {"author": "Michael Prorock", "text": "yes!
", "time": "2022-06-16T16:37:57Z"}, {"author": "Dick Brooks", "text": "This NIST item is also germane to this disucssion: https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-security-supply-chains-attesting
", "time": "2022-06-16T16:38:31Z"}, {"author": "Orie Steele", "text": "This same issue happens in physical supply chains, in cases of contamination, or compromise.
", "time": "2022-06-16T16:39:33Z"}, {"author": "Orie Steele", "text": "Great job!
", "time": "2022-06-16T16:41:08Z"}, {"author": "Roman Danyliw", "text": "Is the thinking that most (all) of these details would be opaque to the proposed protocol work? These particular data fields would be \"blobs\" in some \"standardized container\" and some API to enable reasoning about it?
", "time": "2022-06-16T16:41:09Z"}, {"author": "Steve Lasker", "text": "Turns out, it's kinda normal to not knowing everything at the time of creation. Having a means to communicate new information around previously \"shipped\" stuff is accepting reality
", "time": "2022-06-16T16:41:16Z"}, {"author": "Orie Steele", "text": "^ yes!
", "time": "2022-06-16T16:41:38Z"}, {"author": "Michael Prorock", "text": "the after the fact is norm in many situations
", "time": "2022-06-16T16:41:59Z"}, {"author": "cabo", "text": "Legally meaningful \u2794 forensically ready.
", "time": "2022-06-16T16:42:14Z"}, {"author": "Kay Williams", "text": "+1
", "time": "2022-06-16T16:42:37Z"}, {"author": "Steve Lasker", "text": "after the fact, there's new facts, Not different facts, but new facts. :)
", "time": "2022-06-16T16:42:40Z"}, {"author": "Michael Prorock", "text": "yep
", "time": "2022-06-16T16:42:49Z"}, {"author": "Orie Steele", "text": "knowledge evolves over time, as new information becomes available.
", "time": "2022-06-16T16:43:06Z"}, {"author": "Michael Prorock", "text": "\"fact\" might be a bit strong though
", "time": "2022-06-16T16:43:10Z"}, {"author": "Steve Lasker", "text": "> breaking into jail...
", "time": "2022-06-16T16:43:24Z"}, {"author": "Dick Brooks", "text": "Just an FYI: our SAG-PM (TM) software collects 13 separate evidence files during a C-SCRM risk assessment for EO 14028, following NIST recommendations.
", "time": "2022-06-16T16:43:27Z"}, {"author": "Jon Geater", "text": "+1 thanks Cabo and Kate
", "time": "2022-06-16T16:43:45Z"}, {"author": "Steve Lasker", "text": "In all seriousness, this is why the verifiable identity is so important to put context to whom is making statements
", "time": "2022-06-16T16:43:46Z"}, {"author": "Kay Williams", "text": "Thank you, Kate!
", "time": "2022-06-16T16:43:58Z"}, {"author": "Steve Lasker", "text": ":clap: Kate
", "time": "2022-06-16T16:44:07Z"}, {"author": "Dick Brooks", "text": "+1 @steve re: verifiable identity.
", "time": "2022-06-16T16:44:16Z"}, {"author": "MichaelRichardson", "text": "clarifying question for: Henk says he prefers \"forensic capable\" over \"legally meaningful\". Did I get that right?
", "time": "2022-06-16T16:44:17Z"}, {"author": "cabo", "text": "Forensically ready.
", "time": "2022-06-16T16:44:28Z"}, {"author": "Robert Moskowitz", "text": "In terms of signing things, some in aviation are expecting to use certs from the ICAO PKI. But there is recognition on the need to trust other PKI from items coming for, say, COTs stuff.
", "time": "2022-06-16T16:44:52Z"}, {"author": "Dick Brooks", "text": "Great job, Kate. FYI: SPDX V 2.3 contains enhancements to support vulnerability disclosure reporting.
", "time": "2022-06-16T16:45:09Z"}, {"author": "cabo", "text": "That term essentially means that we design systems to be usable as evidence in a forensic sense.
", "time": "2022-06-16T16:45:14Z"}, {"author": "MichaelRichardson", "text": "ah, Cabo said, \"forensically ready\" above.
", "time": "2022-06-16T16:45:18Z"}, {"author": "Steve Lasker", "text": "Robert: ^ interesting
", "time": "2022-06-16T16:45:26Z"}, {"author": "MichaelRichardson", "text": "cabo, does this go beyond chain of custody?
", "time": "2022-06-16T16:45:49Z"}, {"author": "Orie Steele", "text": "Im interested in interoperable verifiable identity for supply chain actors and their products, and disclosures regarding those products over time... with respect to the existing CVE ecosystem.
", "time": "2022-06-16T16:45:56Z"}, {"author": "Michael Prorock", "text": "same
", "time": "2022-06-16T16:46:24Z"}, {"author": "cabo", "text": "It really requires understanding the term \"evidence\" and what that means in various legal systems/jurisdictions.
", "time": "2022-06-16T16:46:24Z"}, {"author": "cabo", "text": "https://www.dagstuhl.de/de/programm/kalender/semhp/?semnr=14092
", "time": "2022-06-16T16:46:56Z"}, {"author": "Orie Steele", "text": "append only, but with the ability to support non monotonic reasoning :)
", "time": "2022-06-16T16:48:26Z"}, {"author": "Steve Lasker", "text": "The concept of a Notary is about verifying the identity, without making any statement about the validity of the \"evidence\". Just as a Notary verifies the identity of the people signing a contract, the Notary makes no statement about the contract. A separate Notary entity (perhaps a Judge) weighs in on the contract, with the acceptance the identities are valid.
It's a classic separation of concerns.
", "time": "2022-06-16T16:48:36Z"}, {"author": "Steve Lasker", "text": "^ @cabo, in the spirit of separating the types of evidence from the identity.
", "time": "2022-06-16T16:49:06Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) Now forensic discussion, what next, crime?
", "time": "2022-06-16T16:51:06Z"}, {"author": "Carl Wallace", "text": "\"Verifiable and Non-Repudiable for an indefinite period\" where digital signatures are involved is a hard problem. Is that in scope?
", "time": "2022-06-16T16:52:02Z"}, {"author": "cabo", "text": "Indefinite is very hard. Defines timeline (5 years, 30 years) are more accessible.
", "time": "2022-06-16T16:52:42Z"}, {"author": "cabo", "text": "(Non-repudiable is a legal term again, we mostly care about 3rd-party verifiability.)
", "time": "2022-06-16T16:53:14Z"}, {"author": "Orie Steele", "text": "Time is the enemy of all cryptography, I think we are interested in reasonable timelines for the use of the product.
", "time": "2022-06-16T16:53:17Z"}, {"author": "Eliot Lear", "text": "have a look at draft-santesson-svt re time and crypto
", "time": "2022-06-16T16:53:35Z"}, {"author": "Steve Lasker", "text": "If your great, great great granparents bought a property 150 years ago, the identity and the contract are considered valid, until proven invalid. Don't we need the same capability in a digital world?
", "time": "2022-06-16T16:54:09Z"}, {"author": "Michael Prorock", "text": "there is software and hardware from the 60s still being patched and in use on critical items
", "time": "2022-06-16T16:54:10Z"}, {"author": "Michael Prorock", "text": "+1 steve
", "time": "2022-06-16T16:54:30Z"}, {"author": "cabo", "text": "There is a good bit of work on Long-Term Archive and Notary Services (IETF ltans working group, https://datatracker.ietf.org/wg/ltans/about/).
", "time": "2022-06-16T16:54:36Z"}, {"author": "Dick Brooks", "text": "Long live the PDP-8
", "time": "2022-06-16T16:54:40Z"}, {"author": "Kay Williams", "text": "Can we say these things are 'in scope' but will come later in the roadmap? Storage, Query and Retrieval are important for interoperability.
", "time": "2022-06-16T16:54:40Z"}, {"author": "Orie Steele", "text": "^ yes
", "time": "2022-06-16T16:54:48Z"}, {"author": "Ned Smith", "text": "What isn't defined somewhere else that IETF needs to define?
", "time": "2022-06-16T16:54:51Z"}, {"author": "Michael Prorock", "text": "+1
", "time": "2022-06-16T16:54:52Z"}, {"author": "MichaelRichardson", "text": "@Michael, there is software and hardware from the 1960s running Ontario's nuclear plants which are not being patched :-(
", "time": "2022-06-16T16:54:54Z"}, {"author": "Michael Prorock", "text": "this does not suprise me
", "time": "2022-06-16T16:55:19Z"}, {"author": "MichaelRichardson", "text": "@Kay, we can write them in the charter as \"out of scope for now\", or \"to include XYZ, a recharter will be necessary\"
", "time": "2022-06-16T16:55:49Z"}, {"author": "Robert Moskowitz", "text": "No programmers that can understand the code, more than likely.
", "time": "2022-06-16T16:55:50Z"}, {"author": "cabo", "text": "We are not doing charter right now, but keep that though...
", "time": "2022-06-16T16:56:12Z"}, {"author": "MichaelRichardson", "text": "No, lack of management will to actually fund maintenance.
", "time": "2022-06-16T16:56:12Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) @Bob assembly or Cobol languages?
", "time": "2022-06-16T16:56:48Z"}, {"author": "MichaelRichardson", "text": "so, if your supply chain includes electricity from Ontario, you may want a statement about the reliability of the maintenance of the power plants (to bring this back to SCITT scope...)
", "time": "2022-06-16T16:57:03Z"}, {"author": "Orie Steele", "text": "Specific claims are out of scope, we are interested in what happens to them, not all the unique ways that claims might be expressed.
", "time": "2022-06-16T16:57:12Z"}, {"author": "Orie Steele", "text": "We want general applicability.
", "time": "2022-06-16T16:57:31Z"}, {"author": "Kay Williams", "text": "+1 to general applicability
", "time": "2022-06-16T16:57:48Z"}, {"author": "Michael Prorock", "text": "+1
", "time": "2022-06-16T16:57:56Z"}, {"author": "Carl Wallace", "text": "@cabo something like DSSC from LTANS could be useful here for handling crypto over time. No idea if that's used anywhere.
", "time": "2022-06-16T16:58:17Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) @Orie yes we need things like that
", "time": "2022-06-16T16:58:24Z"}, {"author": "MichaelRichardson", "text": "who will create the specific claims? What infrastructure do we need to provide in order to enable those claims to be defined? We don't want to repeat X.500, which profiles of profiles of profiles of ... There is a difference between being general (and saying nothing), and building something that is easily and clearly extensible.
", "time": "2022-06-16T16:58:29Z"}, {"author": "Pieter Kasselman", "text": "How would we identify all these different components that make up a SBOM?
", "time": "2022-06-16T16:58:55Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) where are the meeting notes?
", "time": "2022-06-16T16:59:50Z"}, {"author": "MichaelRichardson", "text": "click on the notes button.
", "time": "2022-06-16T17:00:14Z"}, {"author": "MichaelRichardson", "text": "https://notes.ietf.org/notes-ietf-interim-2022-scitt-01-scitt
", "time": "2022-06-16T17:00:33Z"}, {"author": "Roman Danyliw", "text": "There is significant art specifying a scope specific enough that it can get consensus; but if needed, also describing the broader context.
", "time": "2022-06-16T17:01:19Z"}, {"author": "Hannes Tschofenig", "text": "Completely agree.
", "time": "2022-06-16T17:01:34Z"}, {"author": "Roman Danyliw", "text": "I don't think this question can be answered in the abstract.
", "time": "2022-06-16T17:01:54Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) @MCR thanks
", "time": "2022-06-16T17:01:57Z"}, {"author": "cabo", "text": "@Carl: Sure. May need some adjustment after 13 years, but data in this form can help with assessment and planning of renewal procedures (Beweiswerterhaltung).
", "time": "2022-06-16T17:02:07Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) how long is this meeting?
", "time": "2022-06-16T17:02:52Z"}, {"author": "cabo", "text": "2 h
", "time": "2022-06-16T17:03:04Z"}, {"author": "Ned Smith", "text": "Is there a workflow definition language that will be used? Two of the 3 scope items are to define workflow.
", "time": "2022-06-16T17:03:24Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) @cabo Thx
", "time": "2022-06-16T17:03:47Z"}, {"author": "MichaelRichardson", "text": "Do the workflows need to be machine readable? That's not clear to me.
", "time": "2022-06-16T17:03:53Z"}, {"author": "Hannes Tschofenig", "text": "What would be a workflow definition language?
", "time": "2022-06-16T17:04:09Z"}, {"author": "Roman Danyliw", "text": "I don't know what a \"workflow\" would look like in IETF artifacts machine readable or not
", "time": "2022-06-16T17:04:22Z"}, {"author": "cabo", "text": "We generally do not define security flows in machine-processable form, but we should be moving in that direction
", "time": "2022-06-16T17:04:23Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) lots of unknowns lots of unknown acronyms
", "time": "2022-06-16T17:04:58Z"}, {"author": "Orie Steele", "text": "Ahh so response format maybe, but response protocol maybe not?
", "time": "2022-06-16T17:05:27Z"}, {"author": "Orie Steele", "text": "(as in apis out of scope, but api response formats maybe)
", "time": "2022-06-16T17:06:00Z"}, {"author": "cabo", "text": "It is hard to distinguish protocols and formats. A format is a protocol.
", "time": "2022-06-16T17:06:22Z"}, {"author": "Thomas Hardjono", "text": "Whats an example \"Building Block\" ?
", "time": "2022-06-16T17:06:27Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) agreed is IETF right place
", "time": "2022-06-16T17:06:46Z"}, {"author": "Roman Danyliw", "text": "Is the mic line open for discussion?
", "time": "2022-06-16T17:07:41Z"}, {"author": "Orie Steele", "text": "Thanks for the clarification, I'm still a bit concerned on what will be testable without looking at input / output formats / apis... but I agree, that its potentially slippery slope.
", "time": "2022-06-16T17:08:52Z"}, {"author": "Orie Steele", "text": "+1 to what Mike is saying.
", "time": "2022-06-16T17:09:00Z"}, {"author": "Antoine Delignat-Lavaud", "text": "to Orie's point - Certificate Transparency (RFC9162) does define standard API for querying the transparency log in https://www.rfc-editor.org/rfc/rfc9162.html#name-log-client-messages
", "time": "2022-06-16T17:09:06Z"}, {"author": "Christopher Wood", "text": "+1 Antoine
", "time": "2022-06-16T17:09:13Z"}, {"author": "Christopher Wood", "text": "Specifying HTTP-based APIs is common practice these days.
", "time": "2022-06-16T17:09:20Z"}, {"author": "Orie Steele", "text": "^ exactly
", "time": "2022-06-16T17:09:22Z"}, {"author": "zulipbot", "text": "(Behcet Sarikaya) Folks I have to go but will check the notes
", "time": "2022-06-16T17:09:41Z"}, {"author": "Antoine Delignat-Lavaud", "text": "for people who are trying to discover SBOMs stored on other SCITT servers having standardization of these querying APIs is definitely valuable
", "time": "2022-06-16T17:09:59Z"}, {"author": "Isaac Hepworth", "text": "@Thomas I had the same question about building blocks. I think it's the six items in standardization scope: Identity, Data Format for Claims, Storage Requirements for Claims, Receipts, Audit, Notary
", "time": "2022-06-16T17:10:05Z"}, {"author": "Orie Steele", "text": "^ +1
", "time": "2022-06-16T17:10:08Z"}, {"author": "MichaelRichardson", "text": "In my radioactive hammer, who would I ask the question to. Who would host this RESTful API?
", "time": "2022-06-16T17:10:46Z"}, {"author": "Sylvan Clebsch", "text": "Please ask, @MichaelRichardson!
", "time": "2022-06-16T17:11:03Z"}, {"author": "cabo", "text": "When you buy it, you need to find out.
", "time": "2022-06-16T17:11:11Z"}, {"author": "MichaelRichardson", "text": "I'm in a really noisy place, so I will decline to activate mic. (I really needed lunch)
", "time": "2022-06-16T17:11:38Z"}, {"author": "Orie Steele", "text": "check your receipt... imo sorta similar to the qr codes that point to quality tests.
", "time": "2022-06-16T17:11:39Z"}, {"author": "Orie Steele", "text": "but for software.
", "time": "2022-06-16T17:11:49Z"}, {"author": "Steve Lasker", "text": "@Michael, when you say \"who would host\", the premise is any org can host the API, as each org owns their content. This is why interchange is so important.
", "time": "2022-06-16T17:11:51Z"}, {"author": "Antoine Delignat-Lavaud", "text": "the recall may be originally issued by the steel manufacturer but it will eventually flow to the retailer, that's likely the place you would find out about your hammer
", "time": "2022-06-16T17:11:52Z"}, {"author": "Orie Steele", "text": "+1
", "time": "2022-06-16T17:12:09Z"}, {"author": "Sylvan Clebsch", "text": "+1 @Steve Lasker
", "time": "2022-06-16T17:12:11Z"}, {"author": "MichaelRichardson", "text": "@Orie, so if it's on my receipt, then the web server is operated by the store and/or hammer maker. That's a good question, but I want to make sure that if we are specifying an API, then we need to know what the constituency for providing it and using it.
", "time": "2022-06-16T17:12:40Z"}, {"author": "Jon Geater", "text": "We have a RESTful API for SBOMs based around conformance with the NTIA minimal elements. CDX has a minimal repository API and is now updating to a broader one. They're all good, but they all do different things for different scales of use caseThe potential problem with going straight to the client REST API is that it very quickly starts to pull in tentacles or what the contents of the things are.And that's before considering air-gapped supply chains where sneaker net is your only option.I think we will lose the benefit of quickly standardising claims if we try to boil the whole ocean in one go.
", "time": "2022-06-16T17:12:52Z"}, {"author": "cabo", "text": "The radioactive hammer points out another potential party: The investigator\u2026
", "time": "2022-06-16T17:12:52Z"}, {"author": "Carl Wallace", "text": "I got a note from my grocer about my peanut butter recently. similar thing.
", "time": "2022-06-16T17:13:10Z"}, {"author": "Orie Steele", "text": "(my comment was hypothetical, I suppose we will work together on the specifics).
", "time": "2022-06-16T17:13:19Z"}, {"author": "Orie Steele", "text": ":)
", "time": "2022-06-16T17:13:23Z"}, {"author": "Steve Lasker", "text": "@Antoine, yes, the \"supply chain\" infers content moves from source to destination. Just as we all don't get milk directly from the cow, software also \"flows\" from source to destination, needing interchange of data in a consistent, reliable manner.
", "time": "2022-06-16T17:13:23Z"}, {"author": "Steve Lasker", "text": "@carl - yes, exactly!
", "time": "2022-06-16T17:14:17Z"}, {"author": "Orie Steele", "text": "yes, linear flows are rare, networks with cycles, etc... it gets very complicated very quickly.
", "time": "2022-06-16T17:14:20Z"}, {"author": "Orie Steele", "text": "I would say \"interoperable identifiers\" are a requirement, but their specific formats, might need further refinement...
", "time": "2022-06-16T17:16:07Z"}, {"author": "Robert Moskowitz", "text": "Back for the moment. That swectio of track was at 110MPH. Maybe that was why it couldn't stay on.
", "time": "2022-06-16T17:16:14Z"}, {"author": "Orie Steele", "text": "and certainly backwards compatibility will be a requirement for initial application / adoption.
", "time": "2022-06-16T17:16:37Z"}, {"author": "MichaelRichardson", "text": "@Jon, great to have you here today!
", "time": "2022-06-16T17:17:12Z"}, {"author": "Jon Geater", "text": "@ChristopherWood We're interested (me and Rusty from RKVST) - we run these services already and are quite standards-minded
", "time": "2022-06-16T17:17:17Z"}, {"author": "Thomas Hardjono", "text": "In the SAT protocol, we are assuming entities will use DID and VCs
", "time": "2022-06-16T17:17:25Z"}, {"author": "Orie Steele", "text": "^ thats awesome!
", "time": "2022-06-16T17:17:36Z"}, {"author": "Jon Geater", "text": "Yes Hi @Michael! Been a while :-)
", "time": "2022-06-16T17:17:36Z"}, {"author": "MichaelRichardson", "text": "it seems that sneaker-net, to a public/publish side is just fine.
", "time": "2022-06-16T17:17:37Z"}, {"author": "MichaelRichardson", "text": "Can even use UUCP for that if you want :-)
", "time": "2022-06-16T17:17:44Z"}, {"author": "MichaelRichardson", "text": "(onto mag-tape)
", "time": "2022-06-16T17:17:54Z"}, {"author": "Thomas Hardjono", "text": "The most minimal DID is just an X509 items wrapped inside a DID.
", "time": "2022-06-16T17:18:08Z"}, {"author": "Michael Prorock", "text": "@thomas - similar on our side in cyber / physical areas
", "time": "2022-06-16T17:18:29Z"}, {"author": "Orie Steele", "text": "^ exactly
", "time": "2022-06-16T17:18:58Z"}, {"author": "Thomas Hardjono", "text": "@Michael: Its just easier to use an existing standard like DIDs and VCs.
", "time": "2022-06-16T17:19:13Z"}, {"author": "Kay Williams", "text": "Microsoft is investing not just in research, but also in active product development.
", "time": "2022-06-16T17:19:25Z"}, {"author": "cabo", "text": "Plurality of providers, plurality of technologies (!)
", "time": "2022-06-16T17:19:33Z"}, {"author": "Orie Steele", "text": "+1 to not solving the identity problem.
", "time": "2022-06-16T17:20:05Z"}, {"author": "Thomas Hardjono", "text": "+1 Sylvan
", "time": "2022-06-16T17:20:13Z"}, {"author": "cabo", "text": "We need certain properties of an identity, not all DID methods will provide them
", "time": "2022-06-16T17:20:30Z"}, {"author": "Orie Steele", "text": "^ yes!
", "time": "2022-06-16T17:20:36Z"}, {"author": "Steve Lasker", "text": "+1
", "time": "2022-06-16T17:20:46Z"}, {"author": "Thomas Hardjono", "text": "I think thisa group should define the REST API at the endpoint of the DID Method
", "time": "2022-06-16T17:20:46Z"}, {"author": "cabo", "text": "But we can make sure that DID methods we use have them once we understand them
", "time": "2022-06-16T17:20:47Z"}, {"author": "Pieter Kasselman", "text": "Agreed on having flexibility when it comes to identity
", "time": "2022-06-16T17:20:53Z"}, {"author": "Michael Prorock", "text": "+1 not solve the identity problem here
", "time": "2022-06-16T17:20:57Z"}, {"author": "MichaelRichardson", "text": "@Sylvan, the question is, what's the business reason for walmart/homedepot to run such a system for radioactive hammers? Does it scale down to the single location store (whether hammers or software)?
", "time": "2022-06-16T17:20:59Z"}, {"author": "Orie Steele", "text": "I love this hammer analogy :)
", "time": "2022-06-16T17:21:17Z"}, {"author": "Thomas Hardjono", "text": "Is this the Loki hammer? :-)
", "time": "2022-06-16T17:21:34Z"}, {"author": "Steve Lasker", "text": "For something as big as walmar, microsoft, home depot, etc. it's up to them for the scope.
For instance, should Microsoft have one? Or, do we have one for XBox, Office, Azure?
It's a decision of each entity.
", "time": "2022-06-16T17:21:48Z"}, {"author": "Orie Steele", "text": "There are cases where suppliers must meet regulatory guidelines, particularly when considering global supply chains.
", "time": "2022-06-16T17:21:53Z"}, {"author": "Michael Prorock", "text": "Jeremy Clarkson hammer
", "time": "2022-06-16T17:21:55Z"}, {"author": "Pieter Kasselman", "text": "There are already multiple identity systems deployed, and more being developed - being flexible to use what's there and be open to new identity approaches will be a great help
", "time": "2022-06-16T17:22:20Z"}, {"author": "Orie Steele", "text": "Excellent answer IMO.
", "time": "2022-06-16T17:22:25Z"}, {"author": "Michael Prorock", "text": "+1 orie - esp export contols on software and digital assets
", "time": "2022-06-16T17:22:33Z"}, {"author": "MichaelRichardson", "text": "@Steve, you missed the question. The question is why will smaller parts of the industry be willing to invest.
", "time": "2022-06-16T17:22:48Z"}, {"author": "Steve Lasker", "text": "hmm
Re-reading.
", "time": "2022-06-16T17:23:17Z"}, {"author": "Christopher Wood", "text": "Sounds good -- thanks for the clarifying answers!
", "time": "2022-06-16T17:23:39Z"}, {"author": "Steve Lasker", "text": "@Michael, maybe its the radioactive hammers aspect. Are you asking if each store might surface data about a specific hammer? Or a timeline release of a hammer supply line?
", "time": "2022-06-16T17:24:21Z"}, {"author": "MichaelRichardson", "text": "Loki's hammer (I thought it was Thor that had a Hammer) would be made of the most pure un-obtainium from the first generation of super-novas. And he'd have a credential to prove it.
", "time": "2022-06-16T17:24:23Z"}, {"author": "Steve Lasker", "text": "lol
", "time": "2022-06-16T17:24:33Z"}, {"author": "Thomas Hardjono", "text": "@Michael: LOL :-)
", "time": "2022-06-16T17:24:44Z"}, {"author": "MichaelRichardson", "text": "@Steve, if I sell you a hammer from my garage sale, what then?
", "time": "2022-06-16T17:24:53Z"}, {"author": "Steve Lasker", "text": "ahh, yes. So, it's not the small distributions of a large entity (wallmart), rather what is associated from small vendors?
", "time": "2022-06-16T17:25:31Z"}, {"author": "MichaelRichardson", "text": "(If you think it's silly, remember that people sell cars privately, and there are requirements about having a history on the vehicle)
", "time": "2022-06-16T17:25:41Z"}, {"author": "Steve Lasker", "text": "Yup, got it.
", "time": "2022-06-16T17:25:50Z"}, {"author": "Michael Prorock", "text": "lol @orie
", "time": "2022-06-16T17:26:39Z"}, {"author": "Steve Lasker", "text": "This is a great case of location is decoupled from identity.
The premise is regardless of where it was sold, it would have an identity that can be tracked back.
There's a receipt that provides original location to get updated info.
", "time": "2022-06-16T17:26:43Z"}, {"author": "MichaelRichardson", "text": "maybe this is a new opportunity for entities like Southeby's, etc for high-value items.
", "time": "2022-06-16T17:26:44Z"}, {"author": "Steve Lasker", "text": "+1 to orie's comment. Great chat discussions, but hard to track the vocal conversations at the same time.
", "time": "2022-06-16T17:27:23Z"}, {"author": "Michael Prorock", "text": "we also need to balance existing enterprise and gov requirements and needs with the identity and signing question as well
", "time": "2022-06-16T17:27:46Z"}, {"author": "cabo", "text": "LTANS has shown you don't need to maintain a key to maintain evidence.
", "time": "2022-06-16T17:29:12Z"}, {"author": "Thomas Hardjono", "text": "If a company goes out of business, then the DID will remain onchain.
", "time": "2022-06-16T17:29:15Z"}, {"author": "Steve Lasker", "text": "yup, this is why we're focusing on DiD, as we need lots of different, and evolving identity providers. There's a policy for what each entity might accept.
When I'm buying a house, can I show my gym ID to prove who I am?
When I travel domestically, can I show my state issued license?
Can I use my state issued license when traveling internationally?
When I travel internationally, are all passports equal?
Policy is defined for what identity providers and specific entities that would be acceptable or denied
", "time": "2022-06-16T17:29:18Z"}, {"author": "Thomas Hardjono", "text": "The Global LEI Foundation issues LEI numbers as a legal numbering schchme.
", "time": "2022-06-16T17:30:31Z"}, {"author": "Thomas Hardjono", "text": "GLEIF also now using DIDs
", "time": "2022-06-16T17:30:46Z"}, {"author": "Steve Lasker", "text": "nice!
", "time": "2022-06-16T17:30:55Z"}, {"author": "Michael Prorock", "text": "+1 re GLEIF
", "time": "2022-06-16T17:30:57Z"}, {"author": "Thomas Hardjono", "text": "Easy for current device manufacturers to get a LEI number
", "time": "2022-06-16T17:31:17Z"}, {"author": "Michael Prorock", "text": "provide the standards and some of us will provide implementations
", "time": "2022-06-16T17:32:17Z"}, {"author": "cabo", "text": "Building blocks. We could define TLS without defining global e-commerce.
", "time": "2022-06-16T17:33:17Z"}, {"author": "Michael Prorock", "text": "+1 cabo
", "time": "2022-06-16T17:33:55Z"}, {"author": "Thomas Hardjono", "text": "+1
", "time": "2022-06-16T17:34:04Z"}, {"author": "Steve Lasker", "text": "+1 cabo - yes!!!
", "time": "2022-06-16T17:34:47Z"}, {"author": "Thomas Hardjono", "text": "Could this group define the SBOM-summary data structure, independent of any specific ledger.
", "time": "2022-06-16T17:35:24Z"}, {"author": "Michael Prorock", "text": "+1 Thomas - that base structure - especially in a ledger independent way seems important
", "time": "2022-06-16T17:36:14Z"}, {"author": "Steve Lasker", "text": "We're building some \"email scenarios\". However, we'd like to define a set of standards so that anyone can build email servers and clients and interchange.
We don't want to define \"the email server and client\", rather a set of products that adhere to a set of standards so we can all continue to lift the quality bar up.
", "time": "2022-06-16T17:36:21Z"}, {"author": "Thomas Hardjono", "text": "So you could \"park\" the SBOM-Record (blob) on any ledger
", "time": "2022-06-16T17:36:24Z"}, {"author": "Steve Lasker", "text": "The SBOM on the ledger is an interesting question. This is where we're thinking of separating evidence from verifiable claims about evidence.
", "time": "2022-06-16T17:37:14Z"}, {"author": "Kay Williams", "text": "RATS = Remote Attestation Procedures
", "time": "2022-06-16T17:37:21Z"}, {"author": "Steve Lasker", "text": "If you think of a \"Notary Ledger\", it has a reference to the \"document\", but doesn't contain the document.
", "time": "2022-06-16T17:37:36Z"}, {"author": "Michael Prorock", "text": "@thomas - yep - we are anchoring VCs for other supply chain items against different stores - but what that ledger is feels out of scope - what can go on the ledger and the structure of that feels important
", "time": "2022-06-16T17:37:45Z"}, {"author": "Roman Danyliw", "text": "What is the difference between a \"Supply Chain Claim\" and a claim/evidence in RATS architecture?
", "time": "2022-06-16T17:39:22Z"}, {"author": "Roman Danyliw", "text": "RATS architecture = https://datatracker.ietf.org/doc/draft-ietf-rats-architecture/
", "time": "2022-06-16T17:40:22Z"}, {"author": "MichaelRichardson", "text": "@Roman, I think that that claims that might go into a Supply Chain Claim would look more like Attestation Results. It might be more that a RP would document that \"when product X was produced, machine Y was validated as being secured to spec Z\"
", "time": "2022-06-16T17:43:06Z"}, {"author": "cabo", "text": "Re Eliot: I'm not sure we can ignore access control policies. These need to be transitive over transparency providers.
", "time": "2022-06-16T17:43:23Z"}, {"author": "Michael Prorock", "text": "define oauth scopes for instance
", "time": "2022-06-16T17:43:27Z"}, {"author": "MichaelRichardson", "text": "The details of machiine Y that produced product X would not necessarily be public. Nor would the specific configuration Z.
", "time": "2022-06-16T17:43:42Z"}, {"author": "Orie Steele", "text": "I think identifiers at the AuthZ layer and identifiers in the claims don't need to necessarily be the same set... but its an interesting question.
", "time": "2022-06-16T17:43:52Z"}, {"author": "Thomas Hardjono", "text": "The SAT Protocol has a Data Sharing mode that permits a gateway to export a signed summary of the records of a private ledger.
", "time": "2022-06-16T17:44:00Z"}, {"author": "Steve Lasker", "text": "I agree we can't ignore access control. This is the airport example. Just because you can get through one gate, doesn't mean you can get through another.
Shouldn't each have a policy for what/whom they accept.
", "time": "2022-06-16T17:44:20Z"}, {"author": "Thomas Hardjono", "text": "The querier has to prove its identity to the gateway.
", "time": "2022-06-16T17:44:27Z"}, {"author": "Roy Williams", "text": "In the case of RATS it is a claim based on listed evidence and my personal believe that for Supply Chains you need an endorsement model.
", "time": "2022-06-16T17:44:34Z"}, {"author": "cabo", "text": "Most legal systems allow a form of discovery where not all hat is discovered becomes public knowledge.
", "time": "2022-06-16T17:44:50Z"}, {"author": "Roy Williams", "text": "The latter allows someone to state their position without listing what evidence they looked at.
", "time": "2022-06-16T17:44:59Z"}, {"author": "Orie Steele", "text": "if you want to implement read receipts, then you end up persisting the access control layer identity into the transparency serivce.
", "time": "2022-06-16T17:45:01Z"}, {"author": "Steve Lasker", "text": "^ yes
", "time": "2022-06-16T17:45:02Z"}, {"author": "Steve Lasker", "text": "ok, that ^ was for Cabo
", "time": "2022-06-16T17:45:13Z"}, {"author": "Roman Danyliw", "text": "Isn't the endorsement model, \"I attest that it is so\" and some audit function needs to actually check that claim?
", "time": "2022-06-16T17:45:27Z"}, {"author": "Orie Steele", "text": "(possibly, there is potential complexity there)
", "time": "2022-06-16T17:45:28Z"}, {"author": "Roy Williams", "text": "That is important to limit what bad actors can muck with without giving them a targeted map.
", "time": "2022-06-16T17:45:35Z"}, {"author": "Steve Lasker", "text": "Discovery and query is super important. We need to get info into, so we can get out...
", "time": "2022-06-16T17:45:41Z"}, {"author": "Thomas Hardjono", "text": "I think there will be many industry-vertical ledgers in the future. Eg. semi conductor industry; auto industry; etc.
", "time": "2022-06-16T17:45:46Z"}, {"author": "Thomas Hardjono", "text": "Cannot assume one public ledger
", "time": "2022-06-16T17:46:04Z"}, {"author": "Steve Lasker", "text": "yup, we expect there will be ISV ledgers, and industry ledgers.
", "time": "2022-06-16T17:46:10Z"}, {"author": "MichaelRichardson", "text": "@roman, I don't know what other endorsement models exist, but that's not how endorsements fit into the RATS architecture. But I don't think it's the only use of that term.
", "time": "2022-06-16T17:46:24Z"}, {"author": "Roy Williams", "text": "The question Roman is whether customers want a higher Attestation or want a statement they can trust the product.
", "time": "2022-06-16T17:46:33Z"}, {"author": "Orie Steele", "text": "^ i hope there will be come interoperability there... or it will be expensive... at the same time, there will be some defense from diversity.
", "time": "2022-06-16T17:46:36Z"}, {"author": "Orie Steele", "text": "agree, you cannot assume 1 ledger.
", "time": "2022-06-16T17:46:59Z"}, {"author": "Orie Steele", "text": "strongly
", "time": "2022-06-16T17:47:02Z"}, {"author": "MichaelRichardson", "text": "I can vote yes twice :-)
", "time": "2022-06-16T17:47:12Z"}, {"author": "cabo", "text": "How many people think that they understand \"clear\"?
", "time": "2022-06-16T17:47:19Z"}, {"author": "MichaelRichardson", "text": "How many people think that the word \"clear\" is \"clear\"?
", "time": "2022-06-16T17:47:48Z"}, {"author": "Steve Lasker", "text": "tough crowd :)
", "time": "2022-06-16T17:48:02Z"}, {"author": "MichaelRichardson", "text": "asking it this way identifies how many participate.
", "time": "2022-06-16T17:48:34Z"}, {"author": "MichaelRichardson", "text": "we have 47 entities in the \"room\"...
", "time": "2022-06-16T17:48:55Z"}, {"author": "MichaelRichardson", "text": "what were the results?
", "time": "2022-06-16T17:49:04Z"}, {"author": "Roman Danyliw", "text": "@Roy. Right. I don't have a handle on the model we are after.
", "time": "2022-06-16T17:49:10Z"}, {"author": "MichaelRichardson", "text": "2 said not clear.
", "time": "2022-06-16T17:49:35Z"}, {"author": "MichaelRichardson", "text": "36 said was clear.
", "time": "2022-06-16T17:49:45Z"}, {"author": "cabo", "text": "Click on the \"statistics\" button, 4th to the right
", "time": "2022-06-16T17:49:48Z"}, {"author": "MichaelRichardson", "text": "30 on first, 37 on second.
", "time": "2022-06-16T17:49:52Z"}, {"author": "Roman Danyliw", "text": "Let's focus on the poll
", "time": "2022-06-16T17:50:05Z"}, {"author": "cabo", "text": "(Where first is second, and second is first)
", "time": "2022-06-16T17:50:13Z"}, {"author": "cabo", "text": "36/37 clear, 28/30 not not clear
", "time": "2022-06-16T17:50:36Z"}, {"author": "MichaelRichardson", "text": "that's a different question.
", "time": "2022-06-16T17:51:37Z"}, {"author": "MichaelRichardson", "text": "If I don't understand the PS, then I can't be sure I don't want to work on it.
", "time": "2022-06-16T17:51:51Z"}, {"author": "cabo", "text": "But few do not understand, so can ignore.
", "time": "2022-06-16T17:52:09Z"}, {"author": "MichaelRichardson", "text": "This is an important problem that I'm not going to work on :-)
", "time": "2022-06-16T17:53:13Z"}, {"author": "cabo", "text": "30/34 want to work on this problem.
", "time": "2022-06-16T17:53:41Z"}, {"author": "Christopher Wood", "text": "I am totally interested in solving a _subset_ of this problem. I think it's far too generic right now.
", "time": "2022-06-16T17:53:50Z"}, {"author": "Jari Arkko", "text": "Problem stmt may be clear, you may want to work on it, and we may understand what piece exactly needs doing/is to be addressed by ietf. Three different questions, not all may have same answer
", "time": "2022-06-16T17:53:54Z"}, {"author": "cabo", "text": "Most of us can't chew of the whole problem.
", "time": "2022-06-16T17:54:09Z"}, {"author": "Sylvan Clebsch", "text": "@Christopher Wood - helping to scope the problem properly is working on it! :)
", "time": "2022-06-16T17:54:18Z"}, {"author": "Christopher Wood", "text": "Yep, and I am willing to help!
", "time": "2022-06-16T17:54:26Z"}, {"author": "Orie Steele", "text": "^ exactly
", "time": "2022-06-16T17:54:28Z"}, {"author": "Orie Steele", "text": ":)
", "time": "2022-06-16T17:54:30Z"}, {"author": "Sylvan Clebsch", "text": "Excellent!
", "time": "2022-06-16T17:54:34Z"}, {"author": "Steve Lasker", "text": "Excellent +1
", "time": "2022-06-16T17:54:47Z"}, {"author": "Michael Prorock", "text": "+1
", "time": "2022-06-16T17:55:14Z"}, {"author": "Ned Smith", "text": "is statement = claim?
", "time": "2022-06-16T17:55:34Z"}, {"author": "Orie Steele", "text": "interoperable transparency ~~= CT but not limited to claims of only 1 format...since we need to support claims that apply to software supply chain.
", "time": "2022-06-16T17:55:44Z"}, {"author": "Orie Steele", "text": "IMO, thats one way of viewing why we need to work together.
", "time": "2022-06-16T17:56:08Z"}, {"author": "MichaelRichardson", "text": "@Roy write emails, send pull requests.
", "time": "2022-06-16T17:56:10Z"}, {"author": "cabo", "text": "Ned: we usually define these terms how we need them. But generally speaking, yes.
", "time": "2022-06-16T17:56:36Z"}, {"author": "Ned Smith", "text": "focus on what interoperability problems need to be solved by IETF
", "time": "2022-06-16T17:56:45Z"}, {"author": "cabo", "text": "https://www.ietf.org/mailman/listinfo/scitt
", "time": "2022-06-16T17:57:23Z"}, {"author": "cabo", "text": "Subscribe at ^
", "time": "2022-06-16T17:58:10Z"}, {"author": "Christopher Wood", "text": "Thanks to all the presenters!
", "time": "2022-06-16T18:00:03Z"}, {"author": "Steve Lasker", "text": "Thank you all for the great engagement. We really appreciate all the great questions and discussions.
", "time": "2022-06-16T18:00:09Z"}, {"author": "cabo", "text": "https://jabber.ietf.org/jabber/logs/scitt/2022-06-16.html
", "time": "2022-06-16T18:00:30Z"}, {"author": "Stephen Chin", "text": "Thanks for organizing!
", "time": "2022-06-16T18:00:48Z"}, {"author": "Thomas Hardjono", "text": "Bye all.
", "time": "2022-06-16T18:00:48Z"}, {"author": "Kay Williams", "text": "Thanks everyone!
", "time": "2022-06-16T18:00:55Z"}, {"author": "Sylvan Clebsch", "text": "Thanks everyone!
", "time": "2022-06-16T18:00:55Z"}, {"author": "Michael Prorock", "text": "thanks all
", "time": "2022-06-16T18:00:56Z"}, {"author": "Thomas Hardjono", "text": "Thanks
", "time": "2022-06-16T18:00:59Z"}, {"author": "Steve Lasker", "text": "good night lol
", "time": "2022-06-16T18:01:09Z"}, {"author": "Cedric Fournet", "text": "Thanks!
", "time": "2022-06-16T18:01:14Z"}, {"author": "Antoine Delignat-Lavaud", "text": "there was a lot of questions on identity, please write your thoughts on the technical thread on DID on the ML
", "time": "2022-06-16T18:01:41Z"}]