[{"author": "Dick Brooks", "text": "
BRB
", "time": "2023-01-09T16:04:14Z"}, {"author": "Roy Williams", "text": "Have you started working on a work back schedule yet Hannes?
", "time": "2023-01-09T16:04:26Z"}, {"author": "Hannes Tschofenig", "text": "https://github.com/ietf-scitt/draft-birkholz-scitt-software-supply-chain-use-cases
", "time": "2023-01-09T16:06:55Z"}, {"author": "Dick Brooks", "text": "Back again
", "time": "2023-01-09T16:08:44Z"}, {"author": "Zachary Newman", "text": "having audio issues but i think joshua lock is on the call
", "time": "2023-01-09T16:11:25Z"}, {"author": "Zachary Newman", "text": "he hopes to add some content to the existing use cases
", "time": "2023-01-09T16:11:36Z"}, {"author": "Zachary Newman", "text": "and possibly add a new one
", "time": "2023-01-09T16:11:45Z"}, {"author": "Hannes Tschofenig", "text": "https://github.com/ietf-scitt/draft-birkholz-scitt-software-supply-chain-use-cases/pull/4
", "time": "2023-01-09T16:14:01Z"}, {"author": "Henk Birkholz", "text": "No audio issues here
", "time": "2023-01-09T16:14:42Z"}, {"author": "Jon Geater", "text": "Yes sorry I was late, had trouble getting into Datatracker
", "time": "2023-01-09T16:15:00Z"}, {"author": "Dick Brooks", "text": "The new proposed use case is based on the NIST Consumer Software Label concept and Microsoft's comment filing with NIST: https://www.nist.gov/document/cybersecurity-labeling-position-paper-microsoft-corporation
", "time": "2023-01-09T16:20:32Z"}, {"author": "Dick Brooks", "text": "NIST's consumer labeling recommendation is here: https://doi.org/10.6028/NIST.CSWP.02042022-1
", "time": "2023-01-09T16:21:33Z"}, {"author": "Roy Williams", "text": "Labeling is going to be a deep deep topic.
", "time": "2023-01-09T16:27:04Z"}, {"author": "Roy Williams", "text": "It will vary based on audience and who the auditors.
", "time": "2023-01-09T16:27:25Z"}, {"author": "Jon Geater", "text": "Audio all good for me
", "time": "2023-01-09T16:28:46Z"}, {"author": "Dick Brooks", "text": "I agree Roy. Here again it's really just about identifying possible use cases where SCITT may be the answer.
", "time": "2023-01-09T16:28:47Z"}, {"author": "Yogesh Deshpande", "text": "Here is the open issue on Terminology: https://github.com/ietf-scitt/draft-birkholz-scitt-architecture/issues/37
", "time": "2023-01-09T16:37:41Z"}, {"author": "Steve Lasker", "text": "@ray, it's a great example of disclosure information.
", "time": "2023-01-09T16:43:36Z"}, {"author": "Hannes Tschofenig", "text": "https://www.rfc-editor.org/rfc/rfc4949
", "time": "2023-01-09T16:46:38Z"}, {"author": "Hannes Tschofenig", "text": "(Terminology)
", "time": "2023-01-09T16:46:44Z"}, {"author": "Henk Birkholz", "text": "+1 to Definition first!
", "time": "2023-01-09T16:51:23Z"}, {"author": "Dick Brooks", "text": "possible alternatives re: trust bond replacement: trust relationship, verified trusting parties, authoritative entities, Totally willing to withdraw use of \"trust bond\" with a more acceptable option to describe the concept in which \"trust bond\" was first applied.
", "time": "2023-01-09T16:52:30Z"}, {"author": "Raymond Lutz", "text": "@steve yes, definitely the election data use case has a component where the data exists and needs to be locked down, and potentially can be pubic later. Except for more robust remote references, I think the current architecture is fine. I am working on that remote refs document now, and we worked on a E2E election security doc in a prior technical meeting, which I will revise based on that meeting and then submit to the WG.
", "time": "2023-01-09T16:53:15Z"}, {"author": "Henk Birkholz", "text": "use case description are intended to use colloquial language / layman's terms
", "time": "2023-01-09T16:53:43Z"}, {"author": "Hannes Tschofenig", "text": "Here is the document to review: https://github.com/ietf-scitt/draft-birkholz-scitt-software-supply-chain-use-cases/blob/main/draft-birkholz-scitt-software-use-cases.md (move to \"Trust Bond between Package Supplier and the Signing Authority\")
", "time": "2023-01-09T16:53:57Z"}, {"author": "Hannes Tschofenig", "text": "https://mailarchive.ietf.org/arch/msg/scitt/KzuJj5xCEfSDRGg7UuyPM3gycdg/
", "time": "2023-01-09T16:54:46Z"}, {"author": "Henk Birkholz", "text": "Yes, I checked the case studies
", "time": "2023-01-09T16:55:27Z"}, {"author": "Zachary Newman", "text": "Thank you Hannes! We're hoping to fold some of the important aspects of the case studies into the existing use case documents.
", "time": "2023-01-09T16:56:59Z"}, {"author": "Dick Brooks", "text": "Proposed replacement: Trust Relationship between Package Supplier and the Signing Authority
", "time": "2023-01-09T16:57:01Z"}, {"author": "Dick Brooks", "text": "Henk, what do you think about the proposed language?
", "time": "2023-01-09T16:58:09Z"}, {"author": "Zachary Newman", "text": "Exactly :)
", "time": "2023-01-09T16:58:13Z"}, {"author": "Charles Hart", "text": "Gotta run gang. +1 on just the 1 call weekly for now. Thanks!
", "time": "2023-01-09T17:01:37Z"}, {"author": "Joshua Lock", "text": "gtg, look forward to engaging on the use-cases
", "time": "2023-01-09T17:02:20Z"}, {"author": "Steve Lasker", "text": "Thanks folks, welcome to the new year...
", "time": "2023-01-09T17:03:52Z"}]