https://notes.ietf.org/notes-ietf-interim-2023-scitt-23-scitt
", "time": "2023-07-03T15:10:02Z"}, {"author": "Hannes Tschofenig", "text": "https://www.ietf.org/archive/id/draft-ietf-scitt-architecture-01.html
", "time": "2023-07-03T15:11:56Z"}, {"author": "Dick Brooks", "text": "I agree with Roy - trust in the TS is sufficient to trust the data provided
", "time": "2023-07-03T15:26:59Z"}, {"author": "Orie Steele", "text": "\"registration policy\" remains confusing, when compared to \"issuer enrollment\"
", "time": "2023-07-03T15:27:41Z"}, {"author": "Orie Steele", "text": "registration policy applies to adding signed statements
", "time": "2023-07-03T15:27:56Z"}, {"author": "Orie Steele", "text": "knowing who you trust to sign statements applies to \"issuer enrollment\".
", "time": "2023-07-03T15:28:14Z"}, {"author": "Hannes Tschofenig", "text": "If you have a better term, Orie, happy to take it
", "time": "2023-07-03T15:32:56Z"}, {"author": "Orie Steele", "text": "there is also this PR, which I welcome any feedback on: https://github.com/ietf-scitt/draft-steele-cose-merkle-tree-proofs/pull/18
", "time": "2023-07-03T15:36:49Z"}, {"author": "Hannes Tschofenig", "text": "https://github.com/ietf-wg-scitt/draft-ietf-scitt-architecture
", "time": "2023-07-03T15:37:14Z"}, {"author": "Mitja Goroshevsky", "text": "https://ietf-wg-scitt.github.io/draft-ietf-scitt-architecture/draft-ietf-scitt-architecture.html
", "time": "2023-07-03T15:39:20Z"}, {"author": "Orie Steele", "text": "might be better to describe feed as being the \"transparency services accepted name\"... issuer proposes it, but transparency service registration policy determins if it will be accepted.
", "time": "2023-07-03T15:43:07Z"}, {"author": "Orie Steele", "text": "feed is an \"identifier\" for a \"topic\"... could be about anything, since identifier can refer to anything.
", "time": "2023-07-03T15:44:19Z"}, {"author": "Henk Birkholz", "text": "a \"registration policy\" feed?
", "time": "2023-07-03T15:51:07Z"}, {"author": "Orie Steele", "text": "you might consider asking the TS for transparency regarding its issuers
", "time": "2023-07-03T15:52:19Z"}, {"author": "Orie Steele", "text": "but that is different than asking for transparency regarding artifacts
", "time": "2023-07-03T15:52:39Z"}, {"author": "Orie Steele", "text": "sounds like this question is actually about key transparency
", "time": "2023-07-03T15:52:58Z"}, {"author": "Orie Steele", "text": "the consumer is trusting the TS... thats the whole point.
", "time": "2023-07-03T15:53:36Z"}, {"author": "Orie Steele", "text": "the consumer does not trust \"author signatures\"
", "time": "2023-07-03T15:53:50Z"}, {"author": "Orie Steele", "text": "the consumer trusts \"package management signatures\"
", "time": "2023-07-03T15:54:01Z"}, {"author": "Cedric Fournet", "text": "Let's discuss it as a separate issue. (We considered a few solutions, but none of them may fully solve this issue.)
", "time": "2023-07-03T15:54:02Z"}, {"author": "Raymond Lutz", "text": "I think it will help if we have some specific usage examples of the service in gory detail.
", "time": "2023-07-03T15:54:34Z"}, {"author": "Cedric Fournet", "text": "And yes, a registration policy feed + a way to refer to the last registered statement on that feed is one of these solutions.
", "time": "2023-07-03T15:54:48Z"}, {"author": "Orie Steele", "text": "You used to trust Apple app store, but then they started letting anyone publish apps... how did you learn they lowered there standards? What can you do as a consumer of apps?
", "time": "2023-07-03T15:55:46Z"}, {"author": "Orie Steele", "text": "etc...
", "time": "2023-07-03T15:55:49Z"}, {"author": "Orie Steele", "text": "im, you are really asking for an endorsement on a TS
", "time": "2023-07-03T15:56:09Z"}, {"author": "Orie Steele", "text": "an answer to \"which TS should I trust for statements about xyz artifacts\"
", "time": "2023-07-03T15:56:35Z"}, {"author": "Orie Steele", "text": "first part TS (where the issuer and the TS are the same) is less trustworthy, because incentives are not aligned
", "time": "2023-07-03T15:57:08Z"}, {"author": "Mitja Goroshevsky", "text": "You should trust no one actually.
", "time": "2023-07-03T15:57:24Z"}, {"author": "Orie Steele", "text": "^ true story : )
", "time": "2023-07-03T15:57:48Z"}, {"author": "Orie Steele", "text": "+1 Hannes! VRFs def interesting
", "time": "2023-07-03T15:58:26Z"}, {"author": "Raymond Lutz", "text": "It seems that the TS mainly provides a way to assess blame if something goes wrong. If users know they can be blamed, then they start to be more honest. We hope.
", "time": "2023-07-03T15:58:29Z"}, {"author": "Orie Steele", "text": "yes, consensus call is for the charter.
", "time": "2023-07-03T16:00:23Z"}, {"author": "Hannes Tschofenig", "text": "https://bren2010.github.io/draft-key-transparency/draft-mcmillion-key-transparency.html
", "time": "2023-07-03T16:00:31Z"}, {"author": "Raymond Lutz", "text": "Not sure if we can avoid sometimes parallel structures even if we try to avoid them. I see no reason to duplicate KT structures.
", "time": "2023-07-03T16:01:07Z"}, {"author": "Orie Steele", "text": "they need \"search proofs\" and \"proofs of non inclusion\"
", "time": "2023-07-03T16:01:43Z"}, {"author": "Raymond Lutz", "text": "registries might have different structures btween SCITT and KT.
", "time": "2023-07-03T16:02:31Z"}]