:wave:
", "time": "2023-06-05T15:02:11Z"}, {"author": "Orie Steele", "text": "statement identifiers
", "time": "2023-06-05T15:04:29Z"}, {"author": "Orie Steele", "text": "and transparent statement identifiers
", "time": "2023-06-05T15:04:40Z"}, {"author": "Orie Steele", "text": "I have the calendar links working in google calendar
", "time": "2023-06-05T15:07:51Z"}, {"author": "Henk Birkholz", "text": "https://datatracker.ietf.org/meeting/upcoming?show=scitt
", "time": "2023-06-05T15:08:11Z"}, {"author": "Orie Steele", "text": "please link to things in chat
", "time": "2023-06-05T15:09:53Z"}, {"author": "Orie Steele", "text": "so we can review as we go
", "time": "2023-06-05T15:10:00Z"}, {"author": "Hannes Tschofenig", "text": "Here is the link: https://github.com/ietf-wg-scitt/draft-ietf-scitt-architecture/issues
", "time": "2023-06-05T15:11:10Z"}, {"author": "Orie Steele", "text": "why are we trying to make the transparency log mutable?
", "time": "2023-06-05T15:12:14Z"}, {"author": "Orie Steele", "text": "seems to be degrading the security characteristics
", "time": "2023-06-05T15:12:32Z"}, {"author": "Orie Steele", "text": "perhaps key trans will choose better language regarding the service provider's data structures.
", "time": "2023-06-05T15:13:00Z"}, {"author": "Orie Steele", "text": "You mean proof of possession.
", "time": "2023-06-05T15:15:34Z"}, {"author": "Charles Hart", "text": "@orie - I don't think \"mutable\" is the intent, but to specify a particular implementation such as Merkle trees is at odds with some design choices, esp. for a trusted 3rd party implementation
", "time": "2023-06-05T15:18:02Z"}, {"author": "Orie Steele", "text": "making things not append only is the same as making a log mutable.
", "time": "2023-06-05T15:18:28Z"}, {"author": "Orie Steele", "text": "the append only property is important
", "time": "2023-06-05T15:18:53Z"}, {"author": "Orie Steele", "text": "merkle tree is implementation detail.
", "time": "2023-06-05T15:19:04Z"}, {"author": "Charles Hart", "text": "right
", "time": "2023-06-05T15:19:13Z"}, {"author": "Charles Hart", "text": "is there an inherent requirement for \"no user is allowed to add records except at the end of the data stream\"?
", "time": "2023-06-05T15:20:34Z"}, {"author": "Charles Hart", "text": "Though I ask the question, I am not advocating that
", "time": "2023-06-05T15:21:47Z"}, {"author": "Raymond Lutz", "text": "@Charlie:
\nMy solution for this is to use the link to the meetings page and then click on \"Materials\" for the latest meeting. Takes one extra click. Use this link:
\nhttps://datatracker.ietf.org/wg/scitt/meetings/
+1 -- my understanding of the KEYTRANS charter is consistent with what Orie says
", "time": "2023-06-05T15:23:34Z"}, {"author": "Charles Hart", "text": "thanks Ray. That sounds like it will be effective. Still pretty hokey however IMO
", "time": "2023-06-05T15:24:07Z"}, {"author": "Kevin Lewi", "text": "+1 as well, agreeing with Orie about keytrans
", "time": "2023-06-05T15:25:05Z"}, {"author": "Olle Johansson", "text": "https://datatracker.ietf.org/meeting/116/session/keytrans
", "time": "2023-06-05T15:25:41Z"}, {"author": "Olle Johansson", "text": "Contains links to slides and videos
", "time": "2023-06-05T15:25:47Z"}, {"author": "Hannes Tschofenig", "text": "https://www.youtube.com/watch?v=rVaORqIY6gg
\n\"The KEYTRANS working group will develop a standard for authenticating information about artifacts in an end-to-end encrypted messaging system with the above properties. This standardized approach will allow shared validation of the end-to-end encrypted communication service\u2019s security properties and allows applications to share code.\"
", "time": "2023-06-05T15:26:44Z"}, {"author": "Olle Johansson", "text": "They focus on end2end encryption
", "time": "2023-06-05T15:26:52Z"}, {"author": "Orie Steele", "text": "https://mailarchive.ietf.org/arch/msg/keytrans/Rq1U8dps7p4DDEN5dY4zt86kb5E/
", "time": "2023-06-05T15:29:24Z"}, {"author": "Olle Johansson", "text": "https://datatracker.ietf.org/doc/html/draft-adams-notary-00
", "time": "2023-06-05T15:30:50Z"}, {"author": "Hannes Tschofenig", "text": "It would be interesting to work out the differences and commonalities
", "time": "2023-06-05T15:30:58Z"}, {"author": "Christopher Wood", "text": "At the current rate of development, it feels like KEYTRANS will come to a solution quicker than SCITT
", "time": "2023-06-05T15:31:07Z"}, {"author": "Olle Johansson", "text": "\"A Notary Authority (NA) is a Trusted Third Party that verifies the
\ncorrectness of specific data submitted to it. The Notary Authority
\nprovides the notary service in order that non-repudiation evidence may
\nbe constructed relating to the validity and correctness of an entity's
\nclaim to possess data, the validity and revocation status of an entity's
\npublic key certificate and/or the validity and correctness of various
\ntypes of data at a particular instant in time. \"
An old draft, but a definition of a \"Notary\"
", "time": "2023-06-05T15:31:28Z"}, {"author": "Orie Steele", "text": "https://github.com/ietf-scitt/draft-steele-cose-merkle-tree-proofs
", "time": "2023-06-05T15:33:22Z"}, {"author": "Orie Steele", "text": "^ CoMetre draft
", "time": "2023-06-05T15:33:34Z"}, {"author": "Orie Steele", "text": "defines basically 2 COSE Sign1 with custom unprotected header. data to account for \"append only log proofs\"
", "time": "2023-06-05T15:34:33Z"}, {"author": "Hannes Tschofenig", "text": "Where is the up-to-date version?
", "time": "2023-06-05T15:35:12Z"}, {"author": "Orie Steele", "text": "", "time": "2023-06-05T15:35:27Z"}, {"author": "Hannes Tschofenig", "text": "(This is the March version)
", "time": "2023-06-05T15:35:28Z"}, {"author": "Orie Steele", "text": "see open PRs
", "time": "2023-06-05T15:35:54Z"}, {"author": "Orie Steele", "text": "https://github.com/ietf-scitt/draft-steele-cose-merkle-tree-proofs/pulls
", "time": "2023-06-05T15:35:55Z"}, {"author": "Hannes Tschofenig", "text": "Where is the profile document?
", "time": "2023-06-05T15:36:23Z"}, {"author": "Hannes Tschofenig", "text": "How is the implementation work going?
", "time": "2023-06-05T15:37:38Z"}, {"author": "Orie Steele", "text": "", "time": "2023-06-05T15:37:49Z"}, {"author": "Orie Steele", "text": "", "time": "2023-06-05T15:38:01Z"}, {"author": "Raymond Lutz", "text": "The secure messaging technology area can be better understood by reviewing the leading solution, which is signal. I think it uses the ratchet algorithm to allow use of constantly changing encryption keys using a change algorithm which is used on both sides and the keys can be occasionally exchanged. The public keys are essential of course to indentify the endpoints.
", "time": "2023-06-05T15:38:10Z"}, {"author": "Orie Steele", "text": "Implementation prototype exists
", "time": "2023-06-05T15:38:14Z"}, {"author": "Orie Steele", "text": "those larger links contain examples of inclusion proofs
", "time": "2023-06-05T15:38:32Z"}, {"author": "Orie Steele", "text": "scitt relies on inclusion proofs
", "time": "2023-06-05T15:38:58Z"}, {"author": "Orie Steele", "text": "", "time": "2023-06-05T15:40:44Z"}, {"author": "Orie Steele", "text": "is the demo
", "time": "2023-06-05T15:40:49Z"}, {"author": "Orie Steele", "text": "here is the cose implementation: https://github.com/transmute-industries/cose
", "time": "2023-06-05T15:41:06Z"}, {"author": "Orie Steele", "text": "that powers the demo
", "time": "2023-06-05T15:41:13Z"}, {"author": "Raymond Lutz", "text": "Thanks @Orie that is fantastic work.
", "time": "2023-06-05T15:42:28Z"}, {"author": "Orie Steele", "text": "thanks! its mostly just using COSE with RFC9162, so it was not hard... and it uses IndexDB as the append only log...
", "time": "2023-06-05T15:44:01Z"}, {"author": "Orie Steele", "text": "so it has no server side persistence
", "time": "2023-06-05T15:44:11Z"}, {"author": "Orie Steele", "text": "currently
", "time": "2023-06-05T15:44:14Z"}, {"author": "Raymond Lutz", "text": "This example helps
", "time": "2023-06-05T15:45:33Z"}, {"author": "Orie Steele", "text": "log's can contain policies
", "time": "2023-06-05T15:47:49Z"}, {"author": "Orie Steele", "text": "so a policy has a natural identifier when added to a log
", "time": "2023-06-05T15:48:02Z"}, {"author": "Orie Steele", "text": "For example:
\nhttps://service.example/urn:tree_alg:leaf:index
", "time": "2023-06-05T15:49:04Z"}, {"author": "Hannes Tschofenig", "text": "What should this URL tell me?
", "time": "2023-06-05T15:49:25Z"}, {"author": "Orie Steele", "text": "then you can refer to the policy in a tree.
", "time": "2023-06-05T15:49:25Z"}, {"author": "Hannes Tschofenig", "text": "Give me an example of a policy
", "time": "2023-06-05T15:49:35Z"}, {"author": "Orie Steele", "text": "only arm signed binaries are allowed in this tree
", "time": "2023-06-05T15:49:50Z"}, {"author": "Orie Steele", "text": "only sboms in spdx format are allowed in this tree
", "time": "2023-06-05T15:50:15Z"}, {"author": "Orie Steele", "text": "only keys in jwk format are allowed in this tree
", "time": "2023-06-05T15:50:32Z"}, {"author": "Orie Steele", "text": "only certificates for .gov origins are allowed in this tree
", "time": "2023-06-05T15:50:47Z"}, {"author": "Orie Steele", "text": "key trans seems like a better alternative.
", "time": "2023-06-05T15:53:17Z"}, {"author": "Olle Johansson", "text": "I think there may be different policies for different areas. For some, anchoring a PKI or a CERT or a key in DNS is good enough.
", "time": "2023-06-05T15:54:01Z"}, {"author": "Olle Johansson", "text": "If we can avoid the Web PKI we save a lot of time and complications.
", "time": "2023-06-05T15:54:24Z"}, {"author": "Orie Steele", "text": "the service provider that controls the policies in the transparency service.
", "time": "2023-06-05T15:54:41Z"}, {"author": "Orie Steele", "text": "controls the signed statements allowed in that service
", "time": "2023-06-05T15:54:55Z"}, {"author": "Raymond Lutz", "text": "Policy seems too complex to burden core SCITT system with but we can allow policies to be submitted, of course.
", "time": "2023-06-05T15:54:58Z"}, {"author": "Orie Steele", "text": "policy is out of scope for scitt
", "time": "2023-06-05T15:55:08Z"}, {"author": "Raymond Lutz", "text": "Thx
", "time": "2023-06-05T15:55:17Z"}, {"author": "Orie Steele", "text": "scitt signed statements are opaque bytes with a known content type.
", "time": "2023-06-05T15:55:30Z"}, {"author": "Raymond Lutz", "text": "Yay
", "time": "2023-06-05T15:55:39Z"}, {"author": "Orie Steele", "text": "https://www.iana.org/assignments/media-types/media-types.xhtml
", "time": "2023-06-05T15:56:19Z"}, {"author": "Raymond Lutz", "text": "I say we deem this out of scope for now.
", "time": "2023-06-05T15:56:21Z"}, {"author": "Orie Steele", "text": "^ we already did, when we chartered.
", "time": "2023-06-05T15:56:32Z"}, {"author": "Orie Steele", "text": "It looks like the issue has no comments
", "time": "2023-06-05T15:58:08Z"}, {"author": "Orie Steele", "text": "so perhaps it should be closed for lack of interest?
", "time": "2023-06-05T15:58:22Z"}, {"author": "Orie Steele", "text": "related to policy tools, see https://www.openpolicyagent.org/docs/latest/rest-api/
", "time": "2023-06-05T15:58:52Z"}, {"author": "Orie Steele", "text": "See also https://github.com/open-policy-agent/opa/issues/5907
", "time": "2023-06-05T15:59:13Z"}, {"author": "Raymond Lutz", "text": "Or just say that policy issue is out of scope and will be up to the user(s) of the log, and the policies may differ, as a single log may have many policies
", "time": "2023-06-05T15:59:15Z"}, {"author": "Orie Steele", "text": "For example \"application/vnd.openpolicyagent.bundles\"
", "time": "2023-06-05T15:59:50Z"}, {"author": "Orie Steele", "text": "", "time": "2023-06-05T16:00:32Z"}, {"author": "Orie Steele", "text": "Thanks all, good to see focus on issues
", "time": "2023-06-05T16:01:04Z"}, {"author": "Orie Steele", "text": "and pull requests
", "time": "2023-06-05T16:01:10Z"}]