[{"author": "Dick Brooks", "text": "

BRB

", "time": "2023-01-09T16:04:14Z"}, {"author": "Roy Williams", "text": "

Have you started working on a work back schedule yet Hannes?

", "time": "2023-01-09T16:04:26Z"}, {"author": "Hannes Tschofenig", "text": "

https://github.com/ietf-scitt/draft-birkholz-scitt-software-supply-chain-use-cases

", "time": "2023-01-09T16:06:55Z"}, {"author": "Dick Brooks", "text": "

Back again

", "time": "2023-01-09T16:08:44Z"}, {"author": "Zachary Newman", "text": "

having audio issues but i think joshua lock is on the call

", "time": "2023-01-09T16:11:25Z"}, {"author": "Zachary Newman", "text": "

he hopes to add some content to the existing use cases

", "time": "2023-01-09T16:11:36Z"}, {"author": "Zachary Newman", "text": "

and possibly add a new one

", "time": "2023-01-09T16:11:45Z"}, {"author": "Hannes Tschofenig", "text": "

https://github.com/ietf-scitt/draft-birkholz-scitt-software-supply-chain-use-cases/pull/4

", "time": "2023-01-09T16:14:01Z"}, {"author": "Henk Birkholz", "text": "

No audio issues here

", "time": "2023-01-09T16:14:42Z"}, {"author": "Jon Geater", "text": "

Yes sorry I was late, had trouble getting into Datatracker

", "time": "2023-01-09T16:15:00Z"}, {"author": "Dick Brooks", "text": "

The new proposed use case is based on the NIST Consumer Software Label concept and Microsoft's comment filing with NIST: https://www.nist.gov/document/cybersecurity-labeling-position-paper-microsoft-corporation

", "time": "2023-01-09T16:20:32Z"}, {"author": "Dick Brooks", "text": "

NIST's consumer labeling recommendation is here: https://doi.org/10.6028/NIST.CSWP.02042022-1

", "time": "2023-01-09T16:21:33Z"}, {"author": "Roy Williams", "text": "

Labeling is going to be a deep deep topic.

", "time": "2023-01-09T16:27:04Z"}, {"author": "Roy Williams", "text": "

It will vary based on audience and who the auditors.

", "time": "2023-01-09T16:27:25Z"}, {"author": "Jon Geater", "text": "

Audio all good for me

", "time": "2023-01-09T16:28:46Z"}, {"author": "Dick Brooks", "text": "

I agree Roy. Here again it's really just about identifying possible use cases where SCITT may be the answer.

", "time": "2023-01-09T16:28:47Z"}, {"author": "Yogesh Deshpande", "text": "

Here is the open issue on Terminology: https://github.com/ietf-scitt/draft-birkholz-scitt-architecture/issues/37

", "time": "2023-01-09T16:37:41Z"}, {"author": "Steve Lasker", "text": "

@ray, it's a great example of disclosure information.

", "time": "2023-01-09T16:43:36Z"}, {"author": "Hannes Tschofenig", "text": "

https://www.rfc-editor.org/rfc/rfc4949

", "time": "2023-01-09T16:46:38Z"}, {"author": "Hannes Tschofenig", "text": "

(Terminology)

", "time": "2023-01-09T16:46:44Z"}, {"author": "Henk Birkholz", "text": "

+1 to Definition first!

", "time": "2023-01-09T16:51:23Z"}, {"author": "Dick Brooks", "text": "

possible alternatives re: trust bond replacement: trust relationship, verified trusting parties, authoritative entities, Totally willing to withdraw use of \"trust bond\" with a more acceptable option to describe the concept in which \"trust bond\" was first applied.

", "time": "2023-01-09T16:52:30Z"}, {"author": "Raymond Lutz", "text": "

@steve yes, definitely the election data use case has a component where the data exists and needs to be locked down, and potentially can be pubic later. Except for more robust remote references, I think the current architecture is fine. I am working on that remote refs document now, and we worked on a E2E election security doc in a prior technical meeting, which I will revise based on that meeting and then submit to the WG.

", "time": "2023-01-09T16:53:15Z"}, {"author": "Henk Birkholz", "text": "

use case description are intended to use colloquial language / layman's terms

", "time": "2023-01-09T16:53:43Z"}, {"author": "Hannes Tschofenig", "text": "

Here is the document to review: https://github.com/ietf-scitt/draft-birkholz-scitt-software-supply-chain-use-cases/blob/main/draft-birkholz-scitt-software-use-cases.md (move to \"Trust Bond between Package Supplier and the Signing Authority\")

", "time": "2023-01-09T16:53:57Z"}, {"author": "Hannes Tschofenig", "text": "

https://mailarchive.ietf.org/arch/msg/scitt/KzuJj5xCEfSDRGg7UuyPM3gycdg/

", "time": "2023-01-09T16:54:46Z"}, {"author": "Henk Birkholz", "text": "

Yes, I checked the case studies

", "time": "2023-01-09T16:55:27Z"}, {"author": "Zachary Newman", "text": "

Thank you Hannes! We're hoping to fold some of the important aspects of the case studies into the existing use case documents.

", "time": "2023-01-09T16:56:59Z"}, {"author": "Dick Brooks", "text": "

Proposed replacement: Trust Relationship between Package Supplier and the Signing Authority

", "time": "2023-01-09T16:57:01Z"}, {"author": "Dick Brooks", "text": "

Henk, what do you think about the proposed language?

", "time": "2023-01-09T16:58:09Z"}, {"author": "Zachary Newman", "text": "

Exactly :)

", "time": "2023-01-09T16:58:13Z"}, {"author": "Charles Hart", "text": "

Gotta run gang. +1 on just the 1 call weekly for now. Thanks!

", "time": "2023-01-09T17:01:37Z"}, {"author": "Joshua Lock", "text": "

gtg, look forward to engaging on the use-cases

", "time": "2023-01-09T17:02:20Z"}, {"author": "Steve Lasker", "text": "

Thanks folks, welcome to the new year...

", "time": "2023-01-09T17:03:52Z"}]