IETF Logo Mail Archive

Re: [SCITT] [Keytrans] FW: Call for consensus on KEYTRANS

Orie Steele <orie@transmute.industries> Fri, 15 September 2023 16:37 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F818C14CE2F for <scitt@ietfa.amsl.com>; Fri, 15 Sep 2023 09:37:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.085
X-Spam-Level:
X-Spam-Status: No, score=-7.085 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0xPnDPPYuhw3 for <scitt@ietfa.amsl.com>; Fri, 15 Sep 2023 09:37:25 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1269AC151060 for <scitt@ietf.org>; Fri, 15 Sep 2023 09:37:25 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id 2adb3069b0e04-500cfb168c6so3868085e87.2 for <scitt@ietf.org>; Fri, 15 Sep 2023 09:37:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1694795843; x=1695400643; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=1wI5nDE0usNdFPhyVopPNERRmhPdMBMpPLwoZn1kSuw=; b=gUckNHxye0fF1T0FXdwSJ4JHcz0xnTiU0mZFQ1kBNd6M9NL6VSGicaPgsmggYuW5Xf hgHD2McvlRBSLI6GFGuboQ3oj4r2nZiD3JRUBHHUkjduhWycT4MOMKDt+NYtdqn1EX9/ iA+V95NHebzyclGB5WyFpddzposAVSfbRoIfCHH923cY/A/M4zg3qTOgU0+6P71vdgk/ wwaJjF+pXM7tyHfc1RXmoDaVxq4ZVmGMqBOG+nMCAW6j0x/Gbik8WqWVQTA8+5a4LOIs BHrSdDzh2aVR0RxbvGnqWjObIwM+dbZxSXPisF27c5BSwwPc+feVHVI4x4nmVLfx9RHM hyOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694795843; x=1695400643; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=1wI5nDE0usNdFPhyVopPNERRmhPdMBMpPLwoZn1kSuw=; b=qMa5iJvAQTC/OJPFBDzMf2LVHKItsF0AUqBmQQtH2h17Qlf2CGDDqU8azTkV0OHZpj Il6Sd6VTdo+inQMr6XbivhFzYcCQKniZDsbiOynYBHwBA+4kKCewnYpKrvMW98pzXzYv YD0wcVfUCfCxRR/xTVXLQXjGbQPINFWRUoniPUYw4Z8javRSgq5z2n3Ji+lEjTJz9aKO Xmf+V2yFEDeqPEExRxqiXIixnpjJvBm/oTxwtZiO2sdGvFQ+P4ppZgTfFCOB6XsBDO+X PJvnh/3tITJGzvVzFJz8wkk/G6Jn29pIJEpswDQGlP2vjTwQwQ8e/dQgx1FFZh9i/E41 KPvw==
X-Gm-Message-State: AOJu0Yxj7KPsM8x5lvS77zEy+/DqWfCgtdi35qOw52sXpRzkI2ZUZyqL zy/D6CgHMIihGwTKIaScVdGQg33nAQWKQkAEQL8wdA==
X-Google-Smtp-Source: AGHT+IFKMq8gOru5Sbfz044xuGIh9rPawuAsMgvE2u9UJqFdyqySn72V8rpDKG03dP6g0KxHgL4fC2elLEKbAMN8vLc=
X-Received: by 2002:ac2:4a8c:0:b0:500:77c4:108 with SMTP id l12-20020ac24a8c000000b0050077c40108mr1877657lfp.9.1694795843006; Fri, 15 Sep 2023 09:37:23 -0700 (PDT)
MIME-Version: 1.0
References: <BN2P110MB110745F1714FF54A92EE75B2DC25A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <BN2P110MB1107F231D92B0F718C383C40DC30A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <05d98a89-ae8c-fd02-5ee5-6e315839e135@gmx.net> <CAN8C-_L_mYu_1a2MDdovNi=OwFXP4FdaaoMVD3Q6P_doR4wwWw@mail.gmail.com> <31573926-b31e-e3ec-777e-6ad9891a53f7@sit.fraunhofer.de> <PH1P110MB11161FF0796B6005702D3037DCF6A@PH1P110MB1116.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <PH1P110MB11161FF0796B6005702D3037DCF6A@PH1P110MB1116.NAMP110.PROD.OUTLOOK.COM>
From: Orie Steele <orie@transmute.industries>
Date: Fri, 15 Sep 2023 11:37:12 -0500
Message-ID: <CAN8C-_L7PM0Y0ttrKD==16GNbwg0Ktovr2XEOMFovGAv-paBxw@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: "keytrans@ietf.org" <keytrans@ietf.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "scitt@ietf.org" <scitt@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003090ab06056868aa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/crMzZy_LWn7g9MNJAIG91gQqGlc>
Subject: Re: [SCITT] [Keytrans] FW: Call for consensus on KEYTRANS
X-BeenThere: scitt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scitt>, <mailto:scitt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt/>
List-Post: <mailto:scitt@ietf.org>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scitt>, <mailto:scitt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Sep 2023 16:37:29 -0000

As I recall we did discuss key formats, and I was initially hostile to the
idea of not specifying specific key representations that are used within
IETF, for example JWK and COSE Key.

After some discussion, and based on the "cross service interop as a none
goal", it seemed that binding to a specific key format was not necessary,
since unlike SCITT where I might need to make a JWK transparent and then
share it with another transparency service as part of their trust
infrastructure, and they don't want to support every key format under the
sun....

KT receipts are meant to be consumed in a closed ecosystem, where the key
format is chosen by the comsec service provider, and there is no worry
about whether other service providers will need to understand the chosen
format.

See this thread for previous discussion:

-
https://mailarchive.ietf.org/arch/msg/keytrans/9YYciExSfmEJMJg4k5mGLHEOHcQ/
-
https://mailarchive.ietf.org/arch/msg/keytrans/vskxiCbgwTfWBF06v9YGD7x8XmQ/

Regards,

OS

On Fri, Sep 15, 2023 at 6:31 AM Roman Danyliw <rdd@cert.org> wrote:

> Hi!
>
> It would be beneficial to hear from those hoping to work on KEYTRANS what
> the early thinking might be on binding to specific key formats.
>
> I also appreciate that other WGs, like the ones on which this proposed
> charter is patterned in the space of "end-to-end encrypted communication
> services" (e.g., MLS and MIMI), did not early bind or even mention the
> details of the encoding formats at all in the charter.
>
> Roman
>
> > -----Original Message-----
> > From: Keytrans <keytrans-bounces@ietf.org> On Behalf Of Henk Birkholz
> > Sent: Monday, July 17, 2023 10:57 AM
> > To: Orie Steele <orie@transmute.industries>; Hannes Tschofenig
> > <hannes.tschofenig@gmx.net>
> > Cc: Roman Danyliw <rdd@cert.org>; scitt@ietf.org; keytrans@ietf.org
> > Subject: Re: [Keytrans] [SCITT] FW: Call for consensus on KEYTRANS
> >
> > Hi keytrans,
> >
> > I'd like to voice an opinion that probably sounds similar to Orie's
> w.r.t. to
> > potentially chartering this WG:
> >
> > * on the one hand, the charter text about work on algorithms and proofs
> (also
> > beyond inclusion & consistency... freshness, for example) seems
> excitingly
> > useful and encouraging
> > * on the other hand, the lack of commitment to a set of 'formats' (I am
> just
> > using that word, I apologize) that are well-established standards in the
> IETF
> > feels like an adoption threshold and rather discouraging.
> >
> > That said, the work of algorithms and proofs is useful enough to charter
> the
> > WG, I think. I am a bit surprised by the lack of interaction with other
> efforts
> > though. I'd have preferred to see a list of common IETF formats, such as
> > provided by Orie, included in the charter text.
> >
> > Viele Grüße,
> >
> > Henk
> >
> > On 17.07.23 16:32, Orie Steele wrote:
> > > I'm active in SCITT, and I joined the KT mailing list and slack
> > > channel and had a few discussions with Richard, Brendan and Kevin.
> > >
> > > My take on why there is no engagement is that it is format preference
> > > related.
> > >
> > > SCITT cares a lot about COSE, and leveraging algorithms that are
> > > defined in CT/KT for COSE.
> > >
> > > KT seems to be more focused on defining algorithms, similar to how CT
> > > defined things.... With no preference towards COSE, or JOSE, or x509.
> > >
> > > At this point, I think it would be fair to say there is interest in
> > > implementing any algorithms KT might define in COSE, but that the work
> > > to do that would probably happen outside of KT... Just like it is
> > > happening outside of SCITT.
> > >
> > > KT seems to have ambitions of being relevant to MLS and MIMI, but
> > > potentially not so much COSE...
> > > Possibly because MLS and MIMI don't depend on COSE.
> > >
> > > I think at a minimum, you would expect "key trans" at IETF to
> > > acknowledge other IETF key representations, but you can imagine that
> > > for KT to be supportive of:
> > >
> > > - application/cose-key
> > > <https://www.iana.org/assignments/media-types/application/cose-key>
> > > - application/jwk+json
> > > <https://www.iana.org/assignments/media-types/application/jwk+json>
> > > - application/pem-certificate-chain
> > > <https://www.iana.org/assignments/media-types/application/pem-certific
> > > ate-chain>
> > > - application/pgp-keys
> > > <https://www.iana.org/assignments/media-types/application/pgp-keys>
> > >
> > > ... etc...
> > >
> > > KT might need to stay at a higher level, and define algorithms without
> > > picking serialization or envelope formats, the way SCITT has.
> > >
> > > ... SCITT chose COSE for good reasons, KT might avoid picking a side
> > > for similarly good reasons.
> > >
> > > Regards,
> > >
> > > OS
> > >
> > >
> > >
> > >
> > >
> > > On Mon, Jul 17, 2023 at 2:13 AM Hannes Tschofenig
> > > <hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>> wrote:
> > >
> > >     Hi Roman, Hi all,
> > >
> > >
> > >     there is one aspect that puzzles me: repeated attempts to involve
> > >     KEYTRANS participants into a discussion with the SCITT group have
> been
> > >     not been successful.
> > >
> > >
> > >     It appears to be a low-hanging fruit to reach out to a group that
> is
> > >     working on a very similiar problem / where there is an obvious
> overlap.
> > >
> > >
> > >     Ciao
> > >
> > >     Hannes
> > >
> > >
> > >     Am 10.07.2023 um 19:14 schrieb Roman Danyliw:
> > >      > Hi MLS and SCITT WGs!
> > >      >
> > >      > Cross posting to raise visibility given the discussion of key
> > >     transparency on the SCITT mailing list and the promise of MLS
> > >     integration in the proposed KEYTRANS charter.
> > >      >
> > >      > Please respond to the KEYTRANS@ietf list by Thursday, July 13th
> > >     with feedback on the proposed charter.  See
> > >     https://datatracker.ietf.org/doc/charter-ietf-keytrans/00-05/
> > >     <https://datatracker.ietf.org/doc/charter-ietf-keytrans/00-05/>.
> > >     This will help chart the next steps.
> > >      >
> > >      > Thanks,
> > >      > Roman
> > >      >
> > >      > -----Original Message-----
> > >      > From: Roman Danyliw
> > >      > Sent: Thursday, June 29, 2023 2:35 PM
> > >      > To: keytrans@ietf.org <mailto:keytrans@ietf.org>
> > >      > Subject: Call for consensus on KEYTRANS
> > >      >
> > >      > Hi!
> > >      >
> > >      > At IETF 116, the initial BoF on KEYTRANS was convened [1].  The
> > >     meeting provided a strong consensus signal around a well-defined
> > >     problem being presented and IETF interest in solving it.  There
> also
> > >     appeared to a critical mass of energy to do the work (write and
> > >     review drafts).  The next step was to produce a draft charter to
> > >     more concretely capture a defined WG scope.
> > >      >
> > >      > In recent months there have been a few charter versions and
> > >     robust discussion on their contents.  As we approach final planning
> > >     for IETF 117, I'd like to assess where we stand with a formal
> > >     consensus check with the charter.  Please see
> > >     https://datatracker.ietf.org/doc/charter-ietf-keytrans/00-04/
> > >     <https://datatracker.ietf.org/doc/charter-ietf-keytrans/00-04/>
> > >     (00-04) and respond to the list by Thursday, July 13 (two weeks
> from
> > >     now):
> > >      >
> > >      > ==[ consensus check questions ]==
> > >      > (1) Do you support the charter text? Or do you have objections
> or
> > >     blocking concerns (please describe what they might be)?
> > >      >
> > >      > If you do support the charter text:
> > >      > (2) Are you willing to author or participate in the developed of
> > >     the WG drafts?
> > >      >
> > >      > (3) Are you willing to review the WG drafts?
> > >      >
> > >      > (4) Are you interested in implementing the WG drafts?
> > >      >
> > >      > ==[ consensus check questions ]==
> > >      >
> > >      > If you previously spoke up at the BoF, please repeat yourself
> here.
> > >      >
> > >      > The outcome of this consensus check will inform how to planned
> > >     for the second KEYTRANS BoF scheduled at IETF 117.  Options
> include:
> > >      >
> > >      > ** If we find consensus on the mailing with the current charter
> > >     text, no BoF is needed, and it will be canceled (note: this should
> > >     be viewed as a success.  The entire point of the BoF is to produce
> a
> > >     charter and that goal would have been realized)
> > >      >
> > >      > ** If there are blocking concerns which cannot be resolved on
> the
> > >     mailing list, these will form the basis of the IETF 117 BoF agenda
> > >      >
> > >      > Thanks,
> > >      > Roman
> > >      >
> > >      > [1] https://datatracker.ietf.org/doc/agenda-116-keytrans/
> > >     <https://datatracker.ietf.org/doc/agenda-116-keytrans/>
> > >
> > >     --
> > >     SCITT mailing list
> > >     SCITT@ietf.org <mailto:SCITT@ietf.org>
> > >     https://www.ietf.org/mailman/listinfo/scitt
> > >     <https://www.ietf.org/mailman/listinfo/scitt>
> > >
> > >
> > >
> > > --
> > >
> > >
> > > ORIE STEELE
> > > Chief Technology Officer
> > > www.transmute.industries
> > >
> > > <https://transmute.industries>
> > >
> > >
> >
> > --
> > Keytrans mailing list
> > Keytrans@ietf.org
> > https://www.ietf.org/mailman/listinfo/keytrans
>


-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries

<https://transmute.industries>

v2.23.0 | Report a Bug | By Email