Re: [SCITT] [EXTERNAL] Re: SCITT Working Group Meeting (Dec 5th 2022)

["Hart, Charlie" <charlie.hart@hal.hitachi.com>]

Sorry in advance for the length of this message.

Terms are extremely important for common understanding. So are other things.

I suggest we spend some time looking at the big picture to see where we have gaps. i.e. what gaps are between our current status and an implementation. We should then prioritize filling those gaps.

I see at least four so far:

  *   Terminology
  *   Cross reference/rationalize/define dependencies on other IETF and non-IETF projects
  *   Use case validation - i.e. once we have a fully fledged design we can validate it against some key use cases.
  *   Exercise/prototype/PoC

Personally, I think terminology is as important as use cases if not more. Use cases are fairly infinite and several of us already have our use cases in mind as we discuss design. Correct terms allow precise specifications that will serve us for the life of the project and incorrect ones will hinder us similarly. Further, terms that are well understood will immensely aid in adoption by reducing the learning curve for newbies.

I continue to urge the use of plain English terms that capture the action we are trying to model. Records, recording, receipts, attestations, endorsements, signatures, notarization, registries, and authentication are all intuitive terms that suggest the correct SCITT usage. These are among the most logical terms I think we should use.

@Ray, as you know, "record" implies a single entry on some computer systems but it has a more generic English meaning "the memorialization of an action". SCITT "records" are IMO the latter and are unambiguous (I learned COBOL in school so I feel like I have street cred on this). Records of a registry of deeds, the records of proceedings, court records, etc I think most closely match the intended design of SCITT. Not married to it though.

I also think it would be good if we had a facility for storing these "records" with RBAC for a self-contained high-integrity system in addition to using an external pointer, but again I'm not married to if. I am ok with a box labeled "magic" on this part of the architecture for now.

Charlie
________________________________
From: SCITT <scitt-bounces@ietf.org> on behalf of Jon Geater <jon.geater@rkvst.com>
Sent: Friday, December 2, 2022 8:24 AM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; Roy Williams (COSINE) <roywill@exchange.microsoft.com>; Kiran Karunakaran <kkarunakaran=40microsoft.com@dmarc.ietf.org>; scitt@ietf.org <scitt@ietf.org>
Subject: [EXT]Re: [SCITT] [EXTERNAL] Re: SCITT Working Group Meeting (Dec 5th 2022)

Yes, that’s also what I suggested at the past meeting. The words are_ important, but we should only argue over the ones we actually need  to use!

—
Jon Geater
Chief Technology Officer, RKVST (formerly Jitsuin)
+44 7500 786537
________________________________
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Sent: Friday, December 2, 2022 1:00:17 PM
To: Roy Williams (COSINE) <roywill@exchange.microsoft.com>; Kiran Karunakaran <kkarunakaran=40microsoft.com@dmarc.ietf.org>; scitt@ietf.org <scitt@ietf.org>; Jon Geater <jon.geater@rkvst.com>
Subject: RE: [SCITT] [EXTERNAL] Re: SCITT Working Group Meeting (Dec 5th 2022)


Hi Roy,



My approach is quite pragmatic with regards to terminology. IMHO it is indeed better to make progress on the use cases and the overall problem description (which goes into the architecture draft) before fine-tuning the terminology



Ciao

Hannes



From: SCITT <scitt-bounces@ietf.org> On Behalf Of Roy Williams (COSINE)
Sent: Friday, December 2, 2022 1:33 AM
To: Kiran Karunakaran <kkarunakaran=40microsoft.com@dmarc.ietf.org>; scitt@ietf.org; Hannes Tschofenig <Hannes.Tschofenig@arm.com>; Jon Geater <jon.geater@rkvst.com>
Subject: Re: [SCITT] [EXTERNAL] Re: SCITT Working Group Meeting (Dec 5th 2022)



On the terminology discussion, I am wondering if it is not more efficient to pull out the other use case terminology before we spend time sorting through.  What are people’s thoughts?



From: SCITT <scitt-bounces@ietf.org<mailto:scitt-bounces@ietf.org>> On Behalf Of Kiran Karunakaran
Sent: Thursday, December 1, 2022 10:44 AM
To: scitt@ietf.org<mailto:scitt@ietf.org>; Hannes Tschofenig <hannes.tschofenig@arm.com<mailto:hannes.tschofenig@arm.com>>; Jon Geater <jon.geater@rkvst.com<mailto:jon.geater@rkvst.com>>
Subject: [EXTERNAL] Re: [SCITT] SCITT Working Group Meeting (Dec 5th 2022)



Hi,



Please let me know if we’re OK with the topics identified below. I was out last Monday on PTO but based on the notes provided, I’m assuming the path forward is to continue with our use cases and terminology discussion:



Agenda:



Updates from the Chairs:

  1.  Update on tooling, cadence for interim Working Group meetings
  2.  Prioritization of discussion topics
     *   Working backwards from IETF116
     *   In scope vs out of scope



Use cases:

  1.  Review Dick’s (see attached) SW use case and provide feedback- See attached email ([SCITT] DRAFT NEW Use Case: Software Package Authenticity and Trust)
  2.  Yogesh’s pull request for reformatting (align with SUIT use case doc format) software supply chain use case ID- Sw use case rewrite by yogeshbdeshpande · Pull Request #7 · ietf-scitt/draft-birkholz-scitt-software-supply-chain-use-cases (github.com)<https://secure-web.cisco.com/1kP6UDSNG6PnpgEC5PoMyMO73mNTnDpaYKcNWAg3ENmcfeXDgIYHjFpX1MzRGr4mfmhh2McQaLaGQb5Ffw3h4NjXAWbHFVoJqgeQlZkx_kJq5ugt0n98SYM9NZSOdPKXceSsjTwrX6l7Fa2nqWHvsPndwpOt9kArFEI5rXdr_qmypz_sCsBqYLwobu5hYiQKKSn56MMuzB0hSrI_ZIvdE5K9U5vpDtiIuekVmF4QMnRtJXQUSS-i_33RLVy9ieScv9x2q8lxHk7FbsPlnTsKJzyMGbylcK8VzKKDMQgMZYc7lgv9ZJcmnaSBndC0viHoA/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fdraft-birkholz-scitt-software-supply-chain-use-cases%252Fpull%252F7%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055399525%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DBikCmQWYEM2E34Og%252Bhx1rTKYwGCi6vvqYyywXMxcyaI%253D%26reserved%3D0>



Terminology Discussion:

  1.  Continue terminology discussion that’s happening via email- See attached email ([SCITT] Terminology for EO\Software Supplychain.)



Kiran



From: Kiran Karunakaran
Sent: Wednesday, November 23, 2022 10:24 AM
To: Yogesh Deshpande <yogesh.deshpande@arm.com<mailto:yogesh.deshpande@arm.com>>; Birkholz, Henk <henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>>; scitt@ietf.org<mailto:scitt@ietf.org>
Cc: Kay Williams <kayw@microsoft.com<mailto:kayw@microsoft.com>>; Hannes Tschofenig <hannes.tschofenig@arm.com<mailto:hannes.tschofenig@arm.com>>; Jon Geater <jon.geater@rkvst.com<mailto:jon.geater@rkvst.com>>
Subject: RE: SCITT Working Group Meeting (Nov 28th)



Hi Yogesh and Henk,



Hope all is well. The topic we chose for our next working group discussion ( Monday Nov 28th,2022) was ‘RATS and SCITT relationship/intersection’. An issue has been already created on GitHub to track documentation (RATS and SCITT · Issue #37 · ietf-scitt/draft-birkholz-scitt-architecture (github.com)<https://secure-web.cisco.com/1lBbJobpWyam_r22vvr-OE6l6RdN90njKHgnxnh2bOm1OJVWmbvo_I8jDpsSJtRZWlzupJDfSSVZ2N-yOE-nYhN74CCaT05SA9cXWuA7FxGpz1Hh28FkFu1a_KS6XTZO2iodsHHrgp-B5VMPoslPxLVbO4z7MmCaq-CHFjS6VlHs1nM3AROd2RCmBQ-E8wrlhPl75D1j-QX-X15Ljwj1226qItBtyUA6_m1HgFSw6t22lBzQ7QCmmIRtJdIIGh6A2MRr9zvkLj7tEiTjMbIlNnYylQxQRdlpfIBY00C9JpvXchdehbK-rg8-IhOTXA3nA/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fdraft-birkholz-scitt-architecture%252Fissues%252F37%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055399525%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DwF0ESpPiSWoPlVEPXlV3vd8BTf0r3P9OUk%252Fn7sqK934%253D%26reserved%3D0>) and it would be great if you could provide a write up in there for working group members to get up to speed on the topic. I’m assuming the goal here is to align on concepts (what RATS does, what SCITT does, how do they intersect) and terminology with help of Ned Smith and other RATS working group members.



I’m sending this email on Wednesday to make sure that this in fact the topic we’d like to discuss and we have enough time to provide context around the issue for discussion.



All known working group issues are temporarily being tracked here: IETF: SCITT Backlog - HackMD<https://secure-web.cisco.com/1GqV4BXsNz9I0RH4qp8Jh_cEBtYHFZgPVA1P8uHdxd2B9oRYRV_sLCn-uxCNQGxBY5a644Fi91C41qs_Lbim5T246Yh8gsNfMKKFXOWPqOK0AtP2bP-OQDnw7H3cIEnWVtk5LBDIdD0c3f7hqTLWTxC60yGz3octFQra2cszmhxdMMH91Vwd-PIx7aaKsstFUY4moTOvd7vmiav4dG8285EJF2Lknx0ctFME3zic9zP9-gk_0wJ34PL_tB1M7BUAnBLTATqTRDh7rXrTPvpqj_d0BRo1UsSMJ0t6FHhjL8ioKgenEgvacSER06bHQi7EN/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fhackmd.io%252FWvkjLafURbqZCyygMa0JmA%253Fview%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055399525%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DLkuhqwo4yiZClOaJhJ%252F5sOGHxYZBC6I41yPsHK3yPhY%253D%26reserved%3D0>. Some of these have GitHub issues opened against them in the architecture repo, some of them don’t. This should get more cleaned up once we have the IETF working group org setup in GitHub, and a mechanism defined on how to prioritize the right issues for the working group. Jon and Hannes are already working on this, and we’ll wait to hear from them on next steps.



Kiran





From: Kiran Karunakaran
Sent: Saturday, November 19, 2022 6:48 PM
To: 'scitt@ietf.org' <scitt@ietf.org<mailto:scitt@ietf.org>>
Subject: RE: SCITT Working Group Meeting



Hi,



Please see below for Monday (11/21) working group meeting agenda:



Link to doc: SCITT General Meeting Agenda and Notes - Google Docs<https://secure-web.cisco.com/1oGVOHvtpJKfclWG0vfX0Qo_5YSnk_3Vn-ps5N7yhZeFmfTF4rZ6UYnlUWEWy8aHI2qoB51LObtuJSryvIZEqLWAJ0hbTLNjRTqIfRv368Ad8GeRu3yeg-Rj9hn0NVV6ti3iC5GOuWoNfi2sr5qDMoMTcv6v_byJapWCCBMO4jNELpFC-07Jo3ym5-ilwr9SQU2wRJtbPtZQV7B36g7fe53LWXPExlV9xsJI6_bqGei5sLwu0H-1HbZUIElc9R-dCpV9P0a8k3c0JsoARgLUs0J_pSMy1eHON2Sp7mH2wRN1aK8BqVW5os-ZxZcbzcCrE/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.google.com%252Fdocument%252Fd%252F1vf-EliXByhg5HZfgVbTqZhfaJFCmvMdQuZ4tC-Eq6wg%252Fedit%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055399525%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DvasMXQE1KIqKjmnXINc4s7OUbBwEQABS74Wol8Pn24s%253D%26reserved%3D0>



Agenda:

  1.  New members introduction
  2.  Topic#1- Statements as References: Statement by reference · Issue #35 · ietf-scitt/draft-birkholz-scitt-architecture (github.com)<https://secure-web.cisco.com/1IfHapkvudO1gzFP7pOXNFKazSxy0TN0rnNwJABuYQnZBgiUlg_lJpXSeL765bAvWo-xQpktcx_Ul_TqL7xoYig-TTMga22rWpk1d-v5kEoWQKHl31mRFb1GIaLvDN8K71S63A5j4inTc7f41KiIjI6OygtwD8Nc1AuFpjLFWDFK4tLcbx6YW1bpZbFoNJA8rySxVe2Olcka25XhHc-bohuAdyxvNMg9ve3RJBiii0Yml-hG0XB3gYG8yctD25kAZxu1dBBPaRuhzKE-BoJgHroDsSsKYwwl8GaSDv6Kox7cMmF8Kk2nCAj_OXtn8nb4Z/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fdraft-birkholz-scitt-architecture%252Fissues%252F35%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055399525%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3Dk0fJTqNkrzyJHAuSiuX82LEGnWveJh63mTUkQcyhCBw%253D%26reserved%3D0>. (Maik)
  3.  Topic#2 (if we have time)- Terminology: Converge Claim and Statement · Issue #34 · ietf-scitt/draft-birkholz-scitt-architecture (github.com)<https://secure-web.cisco.com/1N-nlRbeA_q1r32G6av6BYV9-VZDthe-C48FFXdoqgqhLo45X8KLe5yPkIbHDBxPLKITvCJ_tACr6LCy3KglhQCzTf1-AJ3ED1i4zwkjy-a0QBT-8pgOCy8NNWecnyERaONHcwyQpOF4v_cJp1eh-UvMjeYjakOksMFtFxCcmxBqny6OY9KQqnAhbWq8LVCwP_Yn_cQmXZVWBnsBUHvYuWYBm85v7y_LjVdT3NBJqf6Bq6E_WXv8DBmauIey2o9q5ac0O5b1LnYfU9glY2Lr5MYPLL6I59foodkshJDHOoqoruOpfAaAwB0ApNqyp_9Z4/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fdraft-birkholz-scitt-architecture%252Fissues%252F34%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055399525%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DEAO842br5g7%252Bu%252BfiHaeLbJKhYy0cs0daq7rx60sNqmI%253D%26reserved%3D0> and Refine definition of feed · Issue #36 · ietf-scitt/draft-birkholz-scitt-architecture (github.com)<https://secure-web.cisco.com/1rBGJQ_V7vWVJKQ9PIYcTigfEQp_NV6asj7AVIWstj_IjdAZt5tYAwkWo-s2B20nxc0NJwgqV8a4hemCGK9DaCWhd4xv19bZgMvNRLiUCpQ6kaeoFBi5w-0Y5caQqfaFycPwCGEZxbD60qNlHx_tOY0vGBksh05yrDyrMkUbZIDDICZOcPbVJQP-0h7088PckI7yI2zcJWmGpxfHQvSjQl2DELl0Pkff26zpyqUR2f7Up39E7LEMDLfPMdsQrb4WNLkHpoyCor3ueycEJ8uH7OIV8aq-DchMcotTgso-5kItIQLh6SJJ9uOFEZeewUKPL/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fdraft-birkholz-scitt-architecture%252Fissues%252F36%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055399525%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DlO1tBQXKwruuTqNA2GXgwgMufWCWxhS1WFeQbvXIq8o%253D%26reserved%3D0>.



Proposed topics for the following week:



  1.  Software supply chain use case: https://github.com/ietf-scitt/draft-birkholz-scitt-software-supply-chain-use-cases/issues/6<https://secure-web.cisco.com/138XyEhDXHJDlTEgvpZ18SYZaOoFv5AsBzCmCstRimabmqjDWZRyB6OPSDlB9nrz0Z0M2xd6AMv_PdEeIKUdFNwTEyY371xvE7okMWvQLHj08gdij4EkRmvXYmSf7-90gs0V90VGTz1T2zsBqkMvLR3byg4ncqHwhlok7ExPNqaOIdtF_sIU4TuPTdn4c0E8iDdpYm1R1aZAsOsYt7OrL3lWT_JAX2rwIDe1Z5M4JD-_HygGgemw55QaAJIQdsRe1HoVL5ljDuQwEGIy0GANjuujOCRXVVr7cAEm45Ka2W1PpGgC_4DY2u2QgvZiK6wtZ/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fdraft-birkholz-scitt-software-supply-chain-use-cases%252Fissues%252F6%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055399525%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DDjUomoUrTTdoGVxycYRI2xfA9GJ8Auu1GfxDkWC0WNk%253D%26reserved%3D0>. Re-write software supply chain use case to be only focused on requirements without reference to the solution (Ref: draft-ietf-ace-usecases-05<https://secure-web.cisco.com/1Mbrfoj1oy96vuY6tmrdNXgQQ9bOBz3_ok5KQebDxf2Wc7shTWa6RKqgt2mwjtMwTHPDQnVf0tLcwKCyb2Ue4tRagu4zbhAPbVE3PPP3STMaB7DV5muY3_ZjTNFouOCm2pLcoC6Vck4TGDTXoN9gHZEm3eHpT5d-zspQMtsb-AY9vJ917lSYH_v9StE9ad7P3pP6QZM6bLuQt3zM6I3YTr2wUdor0TUingB_oShMW5BHNvVhEIefEK9uO2BIoMYDV3bV-YK3FsFRZ3zoYpZLkF5cshdX8Yy-IDjIW0zZca8gpkT4hw7Am36ioPgF3fnAq/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdatatracker.ietf.org%252Fdoc%252Fhtml%252Fdraft-ietf-ace-usecases-05%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055399525%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3D%252FGkEBGgnjKTIysCWguk0aTaIQZYaWChZffAREegQhZY%253D%26reserved%3D0>).
  2.  SCITT and RATS intersection: RATS and SCITT · Issue #37 · ietf-scitt/draft-birkholz-scitt-architecture (github.com)<https://secure-web.cisco.com/1lBbJobpWyam_r22vvr-OE6l6RdN90njKHgnxnh2bOm1OJVWmbvo_I8jDpsSJtRZWlzupJDfSSVZ2N-yOE-nYhN74CCaT05SA9cXWuA7FxGpz1Hh28FkFu1a_KS6XTZO2iodsHHrgp-B5VMPoslPxLVbO4z7MmCaq-CHFjS6VlHs1nM3AROd2RCmBQ-E8wrlhPl75D1j-QX-X15Ljwj1226qItBtyUA6_m1HgFSw6t22lBzQ7QCmmIRtJdIIGh6A2MRr9zvkLj7tEiTjMbIlNnYylQxQRdlpfIBY00C9JpvXchdehbK-rg8-IhOTXA3nA/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fdraft-birkholz-scitt-architecture%252Fissues%252F37%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055399525%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DwF0ESpPiSWoPlVEPXlV3vd8BTf0r3P9OUk%252Fn7sqK934%253D%26reserved%3D0>. We need documentation around SCITT and RATS focusing on how they interact, overlap and what specific problems they solve to avoid any future confusion. Should this be part of the use case document or should this be defined within the architecture?



Kiran



From: Kiran Karunakaran
Sent: Sunday, November 13, 2022 8:10 PM
To: 'scitt@ietf.org' <scitt@ietf.org<mailto:scitt@ietf.org>>
Subject: RE: SCITT Community Meeting



Hi,



Please see below for Monday (11/14) community meeting’s agenda:



Link to doc: SCITT General Meeting Agenda and Notes - Google Docs<https://secure-web.cisco.com/1oGVOHvtpJKfclWG0vfX0Qo_5YSnk_3Vn-ps5N7yhZeFmfTF4rZ6UYnlUWEWy8aHI2qoB51LObtuJSryvIZEqLWAJ0hbTLNjRTqIfRv368Ad8GeRu3yeg-Rj9hn0NVV6ti3iC5GOuWoNfi2sr5qDMoMTcv6v_byJapWCCBMO4jNELpFC-07Jo3ym5-ilwr9SQU2wRJtbPtZQV7B36g7fe53LWXPExlV9xsJI6_bqGei5sLwu0H-1HbZUIElc9R-dCpV9P0a8k3c0JsoARgLUs0J_pSMy1eHON2Sp7mH2wRN1aK8BqVW5os-ZxZcbzcCrE/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.google.com%252Fdocument%252Fd%252F1vf-EliXByhg5HZfgVbTqZhfaJFCmvMdQuZ4tC-Eq6wg%252Fedit%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055399525%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DvasMXQE1KIqKjmnXINc4s7OUbBwEQABS74Wol8Pn24s%253D%26reserved%3D0>

Agenda:

  *   IETF hackathon and SCITT session recap
  *   Next steps for working group
     *   RFCs
     *   Migration to IETF tools
     *   SCITT open source implementations and projects





Video link SCITT session: https://www.youtube.com/watch?v=hZcrq2d6aac<https://secure-web.cisco.com/1iUScmtfCMbiNCqWcpUF1Rx0fXfXssvDBTSuFWrLxwswcRSa8Ap2uHdAWsYk_q2HmZo2MYKQBj2w05HfGEVMJoAdRAp6D_EBcWQw_k7_qXhSTY8sDtOFF4qwXmAbp6T8m344YhQzIu-IVqIFxEsuF3LDcUJh6TjXr-WPMGZwZ_u_nvTb9Bb0dc-VQzPYY7gAXPuCqUrZEfCztRZSts9dG7KpuyhCcyTN7q02RbZigBBgg6NkGXHW5DAIsEipGXoHailrnK4aV16AmptzlyldMSm8ueuXZEShpzK5mPXG-k6TLLJgIuUN7Yfuh9LhsvvwJ/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DhZcrq2d6aac%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055399525%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DO0m9lIAIKvEQv8O%252Bjczqe0GueDx5stPvY2yYs52geJo%253D%26reserved%3D0>

Chat Link: https://zulip.ietf.org/#narrow/stream/scitt<https://secure-web.cisco.com/1AHtSzTPqZTrOIh2OcrhMvyyb0Z2Ij0CdVHbrFwx1NBRQObsXm_-VLx2bRxQ-Vfgr5avpF3Tn0xI8kHlYlrYWycLYPFhu510jE2AimjQWSTvhw4btn6CRJV364kqHIZfGtSOsJNiJnxlewYIr-fa-qHlb7RTGT3Jb_vH6pRlubPfsXeg82_FyMANEFPFu2-2h5Jbqrs8feiaSKZJd0tl4wVSC941Y-53l3sqVRX9P7XJe113LLUF0PbQUGf8v3DNhICHf8LDhwCKQ9LtptdP9I3iPDBehwd53lVgpFXcXq-VwEIVOGrxyG_G0Yu3lj4Ah/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fzulip.ietf.org%252F%2523narrow%252Fstream%252Fscitt%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055399525%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DDm7XqzXQKNyI3GXYoXZiZlJviRWBfGqmFTgJvwkVEMQ%253D%26reserved%3D0>



Kiran



From: Kiran Karunakaran
Sent: Sunday, October 23, 2022 10:23 PM
To: scitt@ietf.org<mailto:scitt@ietf.org>
Subject: RE: SCITT Community Meeting



Hi,



Please see below for Monday (10/24) community meeting’s agenda:



Link to doc: SCITT General Meeting Agenda and Notes - Google Docs<https://secure-web.cisco.com/1oGVOHvtpJKfclWG0vfX0Qo_5YSnk_3Vn-ps5N7yhZeFmfTF4rZ6UYnlUWEWy8aHI2qoB51LObtuJSryvIZEqLWAJ0hbTLNjRTqIfRv368Ad8GeRu3yeg-Rj9hn0NVV6ti3iC5GOuWoNfi2sr5qDMoMTcv6v_byJapWCCBMO4jNELpFC-07Jo3ym5-ilwr9SQU2wRJtbPtZQV7B36g7fe53LWXPExlV9xsJI6_bqGei5sLwu0H-1HbZUIElc9R-dCpV9P0a8k3c0JsoARgLUs0J_pSMy1eHON2Sp7mH2wRN1aK8BqVW5os-ZxZcbzcCrE/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.google.com%252Fdocument%252Fd%252F1vf-EliXByhg5HZfgVbTqZhfaJFCmvMdQuZ4tC-Eq6wg%252Fedit%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055399525%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DvasMXQE1KIqKjmnXINc4s7OUbBwEQABS74Wol8Pn24s%253D%26reserved%3D0>



Agenda:



  *   IETF115
     *   Internet Drafts- Oct 24th deadline
        *   Architecture draft: ietf-scitt/draft-birkholz-scitt-architecture: A specification including, problem statement, use cases, requirements, and architectural constituents for a Transparency Service in support of Supply Chain Integrity, Transparency, and Trust (github.com)<https://secure-web.cisco.com/19jwwuW9cGsjTQ9lsIHbIa_IcIO0mCKV9RL2EMuvMitr1iqnRvQB8FKGvHOJ9kgxXXwglU6jB6roH-Mx-cxF1-MpFM5iGYZlyIYwxk3YTNvy_2su2SNKXh84OcdtqzAJzS-m42ZpYpI3H-OCMV3ipC38lsVWfDSJwxdvdOg9ORvFm5uO-1y1rNw_jt6a0YLUufmcYf9vWDVqfzpudVx_ZmCZX0JPNRs3UVNpGvgY4bSwdcBenZdv5kexkj9HkPG947WoriBGWLOpfdbeI9zudX9gL8C6eG6TCZGOcZym-hAEmiNR7Hysb4JuuWnTOc2o3/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fdraft-birkholz-scitt-architecture%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3D%252BAFnebojsOM7AgRSA82tMtpHtFIhdq0jba1xG9m%252FRMQ%253D%26reserved%3D0>
        *   Receipt draft: ietf-scitt/draft-birkholz-scitt-receipts: A countersign variant to express trust assertions in conducted merkle tree operations using COSE (github.com)<https://secure-web.cisco.com/1v8hu4x67bO2wgt8UHhke_oLA_dB7eEEfNhJDJH6Wx6LgiPo0f9RPFawDPTsgNvHnHeXFtBjWuNX-n3ThcarRmHK4LfZ67ajaPX6jpQWteLB0KtQhUV-YIkXQuBkWnL-KnUzR00bhkWYPGwEgMeRQnUL4DsLyv-svHgd-IjK8uE2pOKc_kAqBOK--wJ7SImt2sRttfDogf9CONqJoK52tI-eNHxvZNWbdkcH9ruxBEGlSHnBjrf9MhXXMjoL3FEUhLacjiYCjJtiJAC0dFppioFySYBCbHfi45MKzYK_i7_uJIvRCfrEsA4Bk2t3Q2yPS/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fdraft-birkholz-scitt-receipts%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3D1HPVDikrlsnmMBoqKeqqOU8h%252FaBYVhPGEwe8Wb6BJyU%253D%26reserved%3D0>
           *   COSE: Header parameter for RFC 3161 Time-Stamp Tokens (ietf-scitt.github.io)<https://secure-web.cisco.com/1gtT7hIwPP6KIICbmu-unBr48QdkKAQfoQz-X6U7xh4NfjTSOeQiVOXnqJ03nD3xOZlvr0yqYB4Vm1xfKMRn-sSvjQrY1AdZzNi77MwR4hT25Osi7PcknQNGoA4OgGWgO-iT6Yin2xMQR3jsNlqEdlgLjq0xMB5lquz7vc_9rNZhcZQAsED1ymQ451HhTY8dssz3Y_ozarA0hKEDvFE_ISoIItMnnRfgXKTHDLnIRFxMptC5u4vWpzbwxYS_JHcuNtLE_KP1iKEKF_5JgRLAHR368mtBfjHLvndfo3N6RD7ALIWSd-haJds1arQVym7-e/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fietf-scitt.github.io%252Fdraft-birkholz-cose-tsa-tst-header-parameter%252Fdraft-birkholz-cose-tsa-tst-header-parameter.html%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DHhWQxLcxQH49uNCcZcHq%252BJIG1zC%252Bz49w2OPCNo4FfKg%253D%26reserved%3D0>?
        *   SBOM use case draft: Detailed Software Supply Chain Uses Case for SCITT (ietf-scitt.github.io)<https://secure-web.cisco.com/12nnt6Zb3IzBKX4xy8HsVUb5GwXs06W0vyw2z-HZk5LZ38i6PtxmJmUDp4bMfKBDviGcB5VDvt1jbZzQRIyseURZVceK-4Wv42gkSxsDjBS_GRuQ23fwyK3_Zf8l0y-eIMXYNOXF02_RZhqrmINjgSeLD4_J0VNSlzSaNoL8k2hvW_jM-jKZNlQivTD9jlhm1gx37g1zI1pYMAizDvXM8xV7fNrPlRNWAmR68_qRjSr7_nKo8mba590bhqpnEeChEy6b2YxTJY300ghCTENOet7y6-1FE1roBLn0JInBt3GxgP9EphNNcMCwhiX3cD449/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fietf-scitt.github.io%252Fdraft-birkholz-scitt-software-supply-chain-use-cases%252Fdraft-birkholz-scitt-software-supply-chain-use-cases.html%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3Dwv4SKM48kxDE%252FQSwCeSxGhg7DB2yiD3%252BMEiFnCB66dQ%253D%26reserved%3D0>
  *   Use case discussion
     *   Firmware use case: use-cases/devicefirmware.md at main · ietf-scitt/use-cases (github.com)<https://secure-web.cisco.com/1FR0QJ2KEtPFievOkNyf2cXwUixHmI4eC6ZorsDcThQcIRnNFdsbd2tMdjYNtSLw-FXTmSROM4rLd7KAzJ5-YNNXMIwt1RqF-RMsa0pFt3JWK4JxjRS_eh00-hIWhwEXOLLOZlJd1y7UlCFaFpazmPsEy5Ghul7ikuLqevdMswdfytxCURTob2r4eiGW9s-2Eh26gGMf7pEqwbI_2jE4M1-jo9fIp40eys6bXewkjXvwHPyRlb0mzFF8Gte5jnPdqISbAfBYuo8gthUf3djtlaj1q3HfsoCFGQSJUqUDTehwbakZQXgGLxITl3rEpltcu/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fuse-cases%252Fblob%252Fmain%252Fdevicefirmware.md%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DayuA2b2%252Fel6Nt0je74rEUr3jHgjy%252FIqoHV69Dkcx1w8%253D%26reserved%3D0>
     *   Election data use case (DRAFT): https://docs.google.com/document/d/1Wg1187YW9f_MadLTmspLpikKXOk7TYrzX5d_Ta2Pex4/edit?usp=sharing<https://secure-web.cisco.com/1Be3H8jGm8wgTqEHNXC3qmX704mBApY1hUvFHxNWuUZoDGab8T1z8T-k9uTBLcXgvVe7MqIQzWv_CU4tEz85nxzbsRDXII9mJHSgfHag7s-se6KJsDFRdOeXfkgS9OLvY_CSy2FfYhLW0IkXAeCWOQjW1y2p0X6BPe13i2qZD4de-tuQ2DUSEmOq6BFDQnUEBBC6jQhL7dx0b1w6qGJFByOq9yjyMoS0hGOOgtBhgcJgnJqg_1QWcRM-gOna51ptvJmYEk9EI_NjUr303k4T7eSrxQEfqcIXGhqmdctfseotlbmUSANveuEwNbIV4PmRp/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.google.com%252Fdocument%252Fd%252F1Wg1187YW9f_MadLTmspLpikKXOk7TYrzX5d_Ta2Pex4%252Fedit%253Fusp%253Dsharing%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3D%252Bm52Ddxvd%252BeLXKF0OibbyJjhZL0O%252BjPfaG54T7ZZgEM%253D%26reserved%3D0>
     *   SCITT components



Thanks,

Kiran





From: Kiran Karunakaran
Sent: Sunday, October 16, 2022 8:19 PM
To: scitt@ietf.org<mailto:scitt@ietf.org>
Subject: RE: SCITT Community Meeting



Hi,



Please see below for Monday (10/17) community meeting’s agenda:



Link to doc: SCITT General Meeting Agenda and Notes - Google Docs<https://secure-web.cisco.com/1ePYy-GKTIYVMcuNJa7Kjm23_o9cmixWGnR67hVr9VBgKLWzfTg5PiI0jPhDSNkCBv38I3Hn6L-DQ6xtC9sW7J8UUGFdrDlaDgzMVBOpOz1eL_OCUZT7faKZ8wvsHktEH9b47b1mcnmBQvYnA3k-BLxB6Os2BZ7jqkf2fFAxgvdxEGxVowqyQn9CKRXsprLJp-ib8x2NNi9fOTFvXdheZBZFhd1i_KCpMbkxqdlXelHjQ_WUOhF-MsN93qgDMLPsSZiklrCD-INs_4RBc_j1Y2yvQAh8JcZTMbi8l3yY6QFnEaErNjFuSPXrX7_2pKWpF/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.google.com%252Fdocument%252Fd%252F1vf-EliXByhg5HZfgVbTqZhfaJFCmvMdQuZ4tC-Eq6wg%252Fedit%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DqNYrT2U7fqGwPBIoUNrp%252BoHRttHTCxeSaGmEd9HatJs%253D%26reserved%3D0>



Agenda:



  *   Charter and Working Group status
  *   IETF SCITT website
     *   scitt-ietf.io
     *   scitt-ietf.dev
     *   scitt.software
     *   scitt.engineering
     *   scitt.io (Big thanks to Jon and RKVST for grabbing this domain earlier and offering it to IETF)
     *   scitt.space
     *   scitt.services
  *   IETF115
     *   Schedule and agenda
     *   Internet Drafts- Oct 24th deadline
        *   Architecture draft
        *   Receipt draft
        *   SBOM use case draft
  *   Use case discussion
     *   Firmware use case: use-cases/devicefirmware.md at main · ietf-scitt/use-cases (github.com)<https://secure-web.cisco.com/1FR0QJ2KEtPFievOkNyf2cXwUixHmI4eC6ZorsDcThQcIRnNFdsbd2tMdjYNtSLw-FXTmSROM4rLd7KAzJ5-YNNXMIwt1RqF-RMsa0pFt3JWK4JxjRS_eh00-hIWhwEXOLLOZlJd1y7UlCFaFpazmPsEy5Ghul7ikuLqevdMswdfytxCURTob2r4eiGW9s-2Eh26gGMf7pEqwbI_2jE4M1-jo9fIp40eys6bXewkjXvwHPyRlb0mzFF8Gte5jnPdqISbAfBYuo8gthUf3djtlaj1q3HfsoCFGQSJUqUDTehwbakZQXgGLxITl3rEpltcu/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fuse-cases%252Fblob%252Fmain%252Fdevicefirmware.md%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DayuA2b2%252Fel6Nt0je74rEUr3jHgjy%252FIqoHV69Dkcx1w8%253D%26reserved%3D0>
     *   Election data use case (DRAFT): https://docs.google.com/document/d/1Wg1187YW9f_MadLTmspLpikKXOk7TYrzX5d_Ta2Pex4/edit?usp=sharing<https://secure-web.cisco.com/1Be3H8jGm8wgTqEHNXC3qmX704mBApY1hUvFHxNWuUZoDGab8T1z8T-k9uTBLcXgvVe7MqIQzWv_CU4tEz85nxzbsRDXII9mJHSgfHag7s-se6KJsDFRdOeXfkgS9OLvY_CSy2FfYhLW0IkXAeCWOQjW1y2p0X6BPe13i2qZD4de-tuQ2DUSEmOq6BFDQnUEBBC6jQhL7dx0b1w6qGJFByOq9yjyMoS0hGOOgtBhgcJgnJqg_1QWcRM-gOna51ptvJmYEk9EI_NjUr303k4T7eSrxQEfqcIXGhqmdctfseotlbmUSANveuEwNbIV4PmRp/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.google.com%252Fdocument%252Fd%252F1Wg1187YW9f_MadLTmspLpikKXOk7TYrzX5d_Ta2Pex4%252Fedit%253Fusp%253Dsharing%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3D%252Bm52Ddxvd%252BeLXKF0OibbyJjhZL0O%252BjPfaG54T7ZZgEM%253D%26reserved%3D0>





From: Kiran Karunakaran
Sent: Sunday, October 9, 2022 4:08 PM
To: scitt@ietf.org<mailto:scitt@ietf.org>
Subject: RE: SCITT Community Meeting



Hi,



Please see below for Monday (10/10) community meeting’s agenda:



Link to doc: SCITT General Meeting Agenda and Notes - Google Docs<https://secure-web.cisco.com/1ePYy-GKTIYVMcuNJa7Kjm23_o9cmixWGnR67hVr9VBgKLWzfTg5PiI0jPhDSNkCBv38I3Hn6L-DQ6xtC9sW7J8UUGFdrDlaDgzMVBOpOz1eL_OCUZT7faKZ8wvsHktEH9b47b1mcnmBQvYnA3k-BLxB6Os2BZ7jqkf2fFAxgvdxEGxVowqyQn9CKRXsprLJp-ib8x2NNi9fOTFvXdheZBZFhd1i_KCpMbkxqdlXelHjQ_WUOhF-MsN93qgDMLPsSZiklrCD-INs_4RBc_j1Y2yvQAh8JcZTMbi8l3yY6QFnEaErNjFuSPXrX7_2pKWpF/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.google.com%252Fdocument%252Fd%252F1vf-EliXByhg5HZfgVbTqZhfaJFCmvMdQuZ4tC-Eq6wg%252Fedit%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DqNYrT2U7fqGwPBIoUNrp%252BoHRttHTCxeSaGmEd9HatJs%253D%26reserved%3D0>

Agenda:



  1.  Charter status update
     *   Link to Ballot<https://secure-web.cisco.com/12pcpEQFtxXUfTzXKFLQMtv1zn1mNzm8ijbanLGMnGEqT88EUGuBBiBAPbjtVjXAfc3iV2E4btGVdO0Nbc8oGsL9dtxWJpFfQaFc3cJPqMDydvjrNWIaM88EnAb4EPZC4CnlaQfwUkCciXI6C_j_R-3isLuTuAq-lYD0WYADviS_WVTfYzhCdPr8G8Eex8sWKtJlBFeg3F8ELnWhfp5xMa0e-hWpLkNQuvGBhdv-KXEr6e9HeSYJANEWvDqGCuK--n3LcZJyU_bmIp3En4etQ3FQ0iL7AoH4HajhQP-gc3SOdYQqssXu1e-AdZ0F7Vuvg/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdatatracker.ietf.org%252Fdoc%252Fcharter-ietf-scitt%252Fballot%252F%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DoLPaC%252Bt05cGkGHUBf1AzqaLoadFeu%252F9OdtXyCTi6YRA%253D%26reserved%3D0>
     *   Target approval date



  1.  Continue discussion (topics)
     *   SW supply chain use case
     *   Hashing Algorithm alignment
     *   SCITT receipts as COSE V2 countersignatures
     *   IETF115



Kiran



From: Kiran Karunakaran
Sent: Friday, September 30, 2022 11:06 AM
To: scitt@ietf.org<mailto:scitt@ietf.org>
Subject: RE: SCITT Community Meeting



Hi,



Please see below for Monday (10/03) community meeting’s agenda:



Link to doc: SCITT General Meeting Agenda and Notes - Google Docs<https://secure-web.cisco.com/1ePYy-GKTIYVMcuNJa7Kjm23_o9cmixWGnR67hVr9VBgKLWzfTg5PiI0jPhDSNkCBv38I3Hn6L-DQ6xtC9sW7J8UUGFdrDlaDgzMVBOpOz1eL_OCUZT7faKZ8wvsHktEH9b47b1mcnmBQvYnA3k-BLxB6Os2BZ7jqkf2fFAxgvdxEGxVowqyQn9CKRXsprLJp-ib8x2NNi9fOTFvXdheZBZFhd1i_KCpMbkxqdlXelHjQ_WUOhF-MsN93qgDMLPsSZiklrCD-INs_4RBc_j1Y2yvQAh8JcZTMbi8l3yY6QFnEaErNjFuSPXrX7_2pKWpF/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.google.com%252Fdocument%252Fd%252F1vf-EliXByhg5HZfgVbTqZhfaJFCmvMdQuZ4tC-Eq6wg%252Fedit%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DqNYrT2U7fqGwPBIoUNrp%252BoHRttHTCxeSaGmEd9HatJs%253D%26reserved%3D0>



Agenda:



  1.  Speaker- Russ Housley (Russ Housley - ICANNWiki<https://secure-web.cisco.com/1q2e1RKZcUDbom8Zq--yGq5PLwjuq1k2Qpqs30IcYjd7zuBmcy4mhHERSbXFDvT9lz9wjt31TDPTBNkC3NU60OJFP7SG54muTwqxfbahYe-g-pQQzLnrwpHOdDS6t3MJtDZRi-aQByMbbLVPeIqrx8nWQWZ7AjtYr2JLBqqHtwC5wIHy6c6fHabXqKXzAJDOx6fe1mQzw6bCCLAT5laWkkhxVY_XgLcNYHDkf8gq7geAenFMbgsHypbRPdvBaq3CXTDxzdxkez6PsxHkCJ_NfzA7K0fuaKug2-Zhb9ynAlCs7cq3mHODQkyt0CBDCEbgs/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Ficannwiki.org%252FRuss_Housley%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3D4sRBe3%252BpjrbMZqs4E1KXPlYpiJ%252BIwWAaUJ4Sz%252FIXvW0%253D%26reserved%3D0>)
     *   Are SCITT Receipts Countersignatures?
     *   Kicking Off Discussion on 'Creative signature bstr use’



  1.  Continue SW supply chain discussion
     *   Scope: Hashable digital artifact
     *   Feedback on Dick’s SCITT implementation scenario diagram (see below)

                                                    i.     Other visual representations

     *   Other use cases





[cid:image001.png@01D90656.648E45E0]





Thanks,

Kiran

From: Kiran Karunakaran
Sent: Sunday, September 25, 2022 8:45 PM
To: scitt@ietf.org<mailto:scitt@ietf.org>
Subject: RE: SCITT Community Meeting



Hi,



Please see below for tomorrow (09/26) meeting’s agenda:



Link to doc: SCITT General Meeting Agenda and Notes - Google Docs<https://secure-web.cisco.com/1ePYy-GKTIYVMcuNJa7Kjm23_o9cmixWGnR67hVr9VBgKLWzfTg5PiI0jPhDSNkCBv38I3Hn6L-DQ6xtC9sW7J8UUGFdrDlaDgzMVBOpOz1eL_OCUZT7faKZ8wvsHktEH9b47b1mcnmBQvYnA3k-BLxB6Os2BZ7jqkf2fFAxgvdxEGxVowqyQn9CKRXsprLJp-ib8x2NNi9fOTFvXdheZBZFhd1i_KCpMbkxqdlXelHjQ_WUOhF-MsN93qgDMLPsSZiklrCD-INs_4RBc_j1Y2yvQAh8JcZTMbi8l3yY6QFnEaErNjFuSPXrX7_2pKWpF/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.google.com%252Fdocument%252Fd%252F1vf-EliXByhg5HZfgVbTqZhfaJFCmvMdQuZ4tC-Eq6wg%252Fedit%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DqNYrT2U7fqGwPBIoUNrp%252BoHRttHTCxeSaGmEd9HatJs%253D%26reserved%3D0>



Agenda:

  *   Charter status update- Henk
  *   Use Case discussion
     *   SW/HW intersection use case- Monty
     *   Specific Use Case Discussion: How to stop Authentic Actors from making False Claims?
     *   SW supply chain use case discussion (continued)- Dick





Other topics:

  *   RATS architecture presentation- Hannes/Yogesh to provide an update on when this can be scheduled. Ideally, it will be covered during the Thursday SCITT technical meeting
  *   Threat Model Discussion – Yogesh, Cedric and Antoine





Thanks,

Kiran



From: Kiran Karunakaran
Sent: Sunday, September 18, 2022 8:43 PM
To: scitt@ietf.org<mailto:scitt@ietf.org>
Subject: RE: SCITT Community Meeting



Hi everyone,



Please see below for tomorrow (09/19) meeting’s agenda:



Link to doc: SCITT General Meeting Agenda and Notes - Google Docs<https://secure-web.cisco.com/1ePYy-GKTIYVMcuNJa7Kjm23_o9cmixWGnR67hVr9VBgKLWzfTg5PiI0jPhDSNkCBv38I3Hn6L-DQ6xtC9sW7J8UUGFdrDlaDgzMVBOpOz1eL_OCUZT7faKZ8wvsHktEH9b47b1mcnmBQvYnA3k-BLxB6Os2BZ7jqkf2fFAxgvdxEGxVowqyQn9CKRXsprLJp-ib8x2NNi9fOTFvXdheZBZFhd1i_KCpMbkxqdlXelHjQ_WUOhF-MsN93qgDMLPsSZiklrCD-INs_4RBc_j1Y2yvQAh8JcZTMbi8l3yY6QFnEaErNjFuSPXrX7_2pKWpF/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.google.com%252Fdocument%252Fd%252F1vf-EliXByhg5HZfgVbTqZhfaJFCmvMdQuZ4tC-Eq6wg%252Fedit%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DqNYrT2U7fqGwPBIoUNrp%252BoHRttHTCxeSaGmEd9HatJs%253D%26reserved%3D0>

1.                Threat Model Discussions – Yogesh, Cedric and Antoine

2.                SCITT Use Cases

     *   Tracker on Github:  Issues · ietf-scitt/use-cases (github.com)<https://secure-web.cisco.com/1jkimGrxqnohMUg03VEqNQzcozF3douxgp-7HL9CvvD4G7tp02KJTAytHROr6-7xLF1KK-oeOLXcBAF2JnmYEn83FNvQ-YuHQpOl802UgCOlZVABSCAZRdDiVoIYTXfKMkV1_rB_-X7dTBZrlbUPsJer63GIBfyzd9UANkRCj6gVwrMKDHK0sFa8MOKiqbKfh8BPDS1de5WYSSxBzk-JAMJFLq0gfRK47kVUcaxsMMMqxUqV4HmZVWcJW4Qrxn6AVjslhaomY-7mDUMF3kAqiAA37rKBgV36eNurLA8gOP_0rKO0FLb890cNHfQMwyYBa/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fuse-cases%252Fissues%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DwPsbqiDpltHOjx%252FiQO1bxuZNIzsxIcZCiYXWi2zUEDw%253D%26reserved%3D0>
     *   Specific Use Case Discussion: How to stop Authentic Actors from making False Claims ?
     *   Continue software supply chain use case discussion



Thanks,

Kiran



From: Kiran Karunakaran
Sent: Friday, September 9, 2022 12:13 PM
To: scitt@ietf.org<mailto:scitt@ietf.org>
Subject: RE: SCITT Community Meeting



Agenda for 09/12 meeting



Link to doc: SCITT General Meeting Agenda and Notes - Google Docs<https://secure-web.cisco.com/1ePYy-GKTIYVMcuNJa7Kjm23_o9cmixWGnR67hVr9VBgKLWzfTg5PiI0jPhDSNkCBv38I3Hn6L-DQ6xtC9sW7J8UUGFdrDlaDgzMVBOpOz1eL_OCUZT7faKZ8wvsHktEH9b47b1mcnmBQvYnA3k-BLxB6Os2BZ7jqkf2fFAxgvdxEGxVowqyQn9CKRXsprLJp-ib8x2NNi9fOTFvXdheZBZFhd1i_KCpMbkxqdlXelHjQ_WUOhF-MsN93qgDMLPsSZiklrCD-INs_4RBc_j1Y2yvQAh8JcZTMbi8l3yY6QFnEaErNjFuSPXrX7_2pKWpF/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.google.com%252Fdocument%252Fd%252F1vf-EliXByhg5HZfgVbTqZhfaJFCmvMdQuZ4tC-Eq6wg%252Fedit%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DqNYrT2U7fqGwPBIoUNrp%252BoHRttHTCxeSaGmEd9HatJs%253D%26reserved%3D0>



Agenda:



  1.  Quick update on charter (Henk and Yogesh)
     *   charter/ietf-scitt-charter.md at master · ietf-scitt/charter (github.com)<https://secure-web.cisco.com/1FGSpQC0xHswe9k-QhCJGoTH40wCuh8qgvXu9ctwKCc8dkqhd0qS0dbweH5RGCrsDr2gtYcJNKmrMwGtoYhdLyybTqvwmWYimxxVD1yZDURSjZZdP5PgBeeZXhoBqY1iU2M2a3Issjm7GDU-furYNOU4xccxSh9GxJrgyiJ6JuSstw36_zLpsfutZQtNVQBnEGtEHU1vg7h72O_gRUNkGzm900ccLiRogZQE-a54w8E6joTxrXXnRlOIjy5YQXGWA6NVITVS58Q78lG-mUyOAH6VIWebqtJWkAfvmth8o4keDsoxx-i0CWQKOtjJdovU3/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fcharter%252Fblob%252Fmaster%252Fietf-scitt-charter.md%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DWbKBJnD%252FVijPfS%252Bx2J%252B8imFi5AbU1%252FMTZKX1CBFWeL4%253D%26reserved%3D0>



  1.  SBOM use case review (Dick Brooks): SBOM Use Case strawman - based on CISA ICT_SCRM Task Force DRAFT - HackMD<https://secure-web.cisco.com/18L2dCy9iqFX0-343d8IR2bB-SYqRiiCLJQ-x1azYHZg4BZb6X4EN32RIFNpu2oMlKlXZHMqyJs0aLf20wpXQPR7CuBki2cmbJd_b_ObD6slY7JfOQ6ZvlUS3j277m_kVJu8F9fls3QfV_xuwiP_rApbCoyEOVbS_lC30zsJWtHa0ziih2N-08URFcBHsFhdYlohJIEkZmxUiYrdBpxHeFiyHRSuOzNF_YATTwdAvEO7kzvz4S87EG2N0RFd_zH4Y9dTohrnEKfKHc22QEo_A7DEWPg-4rReM3iD-FP8vxzX3c3RiSIMsGCXV5EJHmizy/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fhackmd.io%252FQuqKhy_bQ1qG9yyyBuEABg%253Fview%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DxfIG1JGuZ9aUoFErKZFYTyAgiK1%252FGXm1c955jMO1h88%253D%26reserved%3D0>. See references below

a.      https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-security-supply-chains-software-1<https://secure-web.cisco.com/1RXdPxygmozI1ZHsj-h8pLqKI8Y75Tq9xDulOOptgEQPgqUlLZl7toqzrasBGhLgpVVmXu3bCio8IKq89bVm5gKVo43L6tB2l2-HYETUCvH7If7TcX6bHJdzdHUQX_keeE_LwhXGynj3z5W9TUm_9irj1G3SgtkcLLjT5sTWkxOKRUHqLzMknZyejs3fOxFyw7MbN7FtN76iyeDaUrTufb-3k8lyAkwgY3kIswe8F85655NGYaBG5mnlOU9EdkK3JYrdO3eDAmrt9qQ-WcMS4v8XZ1QXDAjr5uNHaPLjzWuIjf4Uqu1IW5K4hMZpYkttr/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.nist.gov%252Fitl%252Fexecutive-order-14028-improving-nations-cybersecurity%252Fsoftware-security-supply-chains-software-1%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055555725%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DzHPMajrEROhJHjJF9GBx4bdYZk4QwAbHxM4zaME6Nmo%253D%26reserved%3D0>

b.      https://www.nist.gov/document/software-supply-chain-security-guidance-under-executive-order-eo-14028-section-4e<https://secure-web.cisco.com/1bi3XrV1cutQcpDWrROg8o8-GySEB-pPPpcKiuBynS5wxIVjuTbhoLR113NWLSC71UuSDbVF6RLTR6d__l0FoQqOvRRtrLC67ZspQc4UlgcCHPq9TwsmpKv2xTgZa9_msADPBgXFD85HnznUTX4WTCu33xwpdFVbGIxEBN_xQFOI2TNZ2vlH6sRoor6-Xg9Keoc3io7eSZVtJf2luMHvzWNKUnZ3KI47jnIanRvTJWYQHxCOvYt1GEnjIs7DwxtxcimPEDXxwO_2N5DRX6D3VPS_UufJA_rXBzc1r-J_I4F5NJIlCFufscoXOFAmKAyt_/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.nist.gov%252Fdocument%252Fsoftware-supply-chain-security-guidance-under-executive-order-eo-14028-section-4e%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055711543%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3Deoffh2S560skxDaf66XBsuMDzUr691ZmdfXlOwl5yY0%253D%26reserved%3D0>

c.      Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (nist.gov)<https://secure-web.cisco.com/1jS2Ry6b5AHzQxnuZNjkg0zCw74wzKT9h6T34f7-l_ukk52Yryfz3LfXbCh-ZeZ2VpbfiM6IPn_cJQj5v0QyvU0Jyv9OTmX7130mB6eHNyLWu0K5T1eQ1ISha1_eSSKJGy1M0T-OCsmnchwOVqFxE6UfQukTH7Xya5RjnmBDc7c4C-YTVGNaiYcbAo4bP2uhVl5tvWClq0SHh40Fc4Hd6F6A5Sp7l0eg8JyA8SpvN2esg7x-MncvJdHHXnrpwhW1WnYryREdJhMzsghKNHvYUcVaMeAw4_H0KhkwujiDDKWc9ffTkVvh9VE-d4HsOaN2Y/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fnvlpubs.nist.gov%252Fnistpubs%252FSpecialPublications%252FNIST.SP.800-161r1.pdf%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055711543%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DuBs7TdNkJ0ZMIbmnSwaqRZwMtI3cg964mpLpRh3AAfA%253D%26reserved%3D0>

  1.  Other use case discussions
     *   Use Case Tracker on Github: Issues · ietf-scitt/use-cases (github.com)<https://secure-web.cisco.com/1fafzaFh-mGJgSN5gk9uFn48V0tO05hkFUxXTkiyJh7A5kY4PbW4ootsfeZxO7yWhyE28v3a5wLFdbLAPoNuVmu8B0jIGCw0VXv4VEK_Usar1EQrfMh3JND8ymvo39exxgCQ2ho0SRcTozs202JT-DNt58fB-fsTcdcuqF33Xg7Oiy4XXlqhKEHwzg_OuAFknMAXRwgZgW7CcK07GTXrd5qkyesv6kw-PSsR5j2e9fvMWsYIclcgeAz5g5FJ8M6S0M1xC-Dzv1T48X_IrT2XOzXomyYApdAb8KXLhVZl0zhhE0Z1AwR-8X0RmEirLyc7k/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fuse-cases%252Fissues%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055711543%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DzhWN6VBgNdBKqAtW5zFOrSHb8qM9ICBKV%252FH8rC%252FOwRc%253D%26reserved%3D0>



From: Kiran Karunakaran
Sent: Friday, August 26, 2022 4:11 PM
To: scitt@ietf.org<mailto:scitt@ietf.org>
Subject: RE: SCITT Community Meeting



Hi,



Agenda for 08/29 meeting.



  1.  Charter proposal
     *   Github link: https://github.com/ietf-scitt/charter/pull/18/files<https://secure-web.cisco.com/1U8joyY1yFVf__k7mwK8-V7kxmevrI0wpC-WN10BDRQpUAKzmTLguqXv5UJs4aQ3_ep3_BawK006Ci02V7m0iVJLLsO8IFW4kn_kdFrbMrsb6GqcUEbCR75dMUz17caDdZBmXDgTaocG8AnLwST92cJGTuUB3mopPEqD-fwNczeziuP_GgaCZG6RJPtuUwm6boOyndjTl7I_nDg7SduGv4OTXT5F1-4ZFASZeGRkKsukjgiKNnBlTQXoXnLJCp87EfW6LO_E8fv8aHri59S3ACJtR6FXFohOytfZrwQMc3jrpRTE2qBBlnxhY9nnI9a3V/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252Fietf-scitt%252Fcharter%252Fpull%252F18%252Ffiles%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055711543%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DPvtjbwwlvovzbFWj5%252F5i8QqlyVB%252FH5%252FG0qK%252BqGLnk%252Bs%253D%26reserved%3D0>
     *   Please input all comments/changes/suggestions (Session Transcript for SCITT Charter Iteration - HackMD<https://secure-web.cisco.com/1tNzmwlVJ8WGB4AmovGUE26SzApcBchYDFsp6xvsgehF9yU6HFNuQkQNZNqVJ9bbBN0bHcUrmn8M7AwM6sFv4Y6DY8tdbs65cctRiuR47-xvfAX4FWKch0jFH4x0DQBMUfbMmqZTxL9ZcC_Ke1qOC7InAztLtKior77D19muXU_jjcKhjyhSiNozxcFWu6HaK1eVOkp65pW4rqEbIJXrl_uOyVZ5wvSJbV9sLQWKTVuQufSidM8Wv6q6Eyys-7LRvJDGENff9HlCrNkZuZFqaJ0rOx6DsjLd1ipJx0oAyj2PhBuVZ9l7O2tidONrTmE2F/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fhackmd.io%252FT7GsPcJmRtC9IhVbXjUbCg%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055711543%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DzPGq7yLD1Vm66tahtQaNPqmJTvzjH4LiPZQIxKvPyr8%253D%26reserved%3D0>) before 08/30/2022
     *   Target Charter Proposal publish date: 09/05/2022
  2.  SBOM use case discussion
     *   Draft link: SBOM Use Case strawman - based on CISA ICT_SCRM Task Force DRAFT - HackMD<https://secure-web.cisco.com/1j4XMhU5hSx0H4e8sYESL-qTkZCwmsJ5z1xcHCBcZ-mrJBhY_E0XiYQolfVRRP5Df7N9inPo69IL9gehkJQb-bjjhHfuTMX-7-dMbA6TUOqCZiFXCfmeKDEZEA_1T6qyF96Qpgyjsqb4fPfIQ8n7j7x1B-oVU2fVj5zJ4JJoexWF-uzdmqChsA-oUHJK3iDWDzr9va-ZV-4y0W-zPnPb1_jElKMENnSWEdwnbskc8pHDdu6RTFUJOM7E1baCLEggeov54c0D557jwyWLUPd3lLtbMsgBqSxZqrvsVXiJWUrnb2I8qDRNx-Sz_uaVICJo_/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fhackmd.io%252FQuqKhy_bQ1qG9yyyBuEABg%253Fview%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055711543%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DsGo1L6uodH9sR2z4yTvre7xvng4fMFvU93qBIhPTd74%253D%26reserved%3D0>
     *   Other SBOM use cases



Thanks,

Kiran



-----Original Appointment-----
From: Yogesh Deshpande <Yogesh.Deshpande@arm.com<mailto:Yogesh.Deshpande@arm.com>>
Sent: Monday, July 18, 2022 2:13 PM
To: Yogesh Deshpande; Kay Williams; Roy Williams (COSINE); Steve Lasker; Birkholz, Henk; Hannes Tschofenig; kenchen@qti.qualcomm.com<mailto:kenchen@qti.qualcomm.com>; Eliot Lear
Cc: Aeva Black; dick@reliableenergyanalytics.com<mailto:dick@reliableenergyanalytics.com>; john.scott@ionchannel.io<mailto:john.scott@ionchannel.io>; Bhuvaneshwari Krishnamurthi; maprasa@microsoft.com<mailto:maprasa@microsoft.com>; Sylvan Clebsch; EDGS Platform LT; yoav@scryb.ai<mailto:yoav@scryb.ai>; Brian Knight; jc.herz@ionchannel.io<mailto:jc.herz@ionchannel.io>; Entezari, Mehdi; Robert A Martin; chris@cybeats.com<mailto:chris@cybeats.com>; Nabanita Sen; Stephen Provine; Orie Steele; Travis Jones; Kellie Eickmeyer; Bhuvaneshwari Krishnamurthi; Shilpa Shastri; Kiran Karunakaran
Subject: SCITT Community Meeting
When: Monday, August 29, 2022 4:00 PM-5:00 PM (UTC+00:00) Dublin, Edinburgh, Lisbon, London.
Where: https://armltd.zoom.us/j/99133885299?pwd=b0w4aGorRkpjL3ZHa2NPSmRiNHpXUT09<https://secure-web.cisco.com/1dQ8loNHzfiag_jU_bgUULWQU6gL-ItrzTIADsnDsuOuFvo1fA0jcy85R77z_W8b6Cq7j1aQWaGG4oBg0ftwIT6Qf-_KZq-PfVZr0CAya0RafNn19nkwfJHEhgZoWleKiAMa3iRpbfaoBW1UoK6hBGZ1xN0w3xqvvjfzKVBtFAK6n3JXwva2zl-bmgLaeY-KLTvueXXj4EcjjlxzRd0RA57vcLmz9-k1lQ-UrYeSMlxq24EquNUYjNfyGeUcz-9fWx89Be1yFrki4KjFyjgN0J6ln20mXAbFtuGg3i4vmE6zJk68lCM_SeQVuSaVsZIbL/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Farmltd.zoom.us%252Fj%252F99133885299%253Fpwd%253Db0w4aGorRkpjL3ZHa2NPSmRiNHpXUT09%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055711543%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3D6SC968kMnjlNiQlUtOTYsWUWt%252FCNPLTTbRPpVuK8f9Y%253D%26reserved%3D0>



Place Holder SCITT Meeting on behalf of Kay Williams, till we finally land ourselves in IETF Meeting tools.

Here’s the link to the notes: SCITT General Meeting Agenda and Notes - Google Docs<https://secure-web.cisco.com/1fGepIX946s_FrTG7IEqsPNdDhgKer1DM7YA79JH3wbU884Yf-XUFxt3XE1g7Y6b58L3YOIamfgCdS_K5qGB21wa3X-kzb0JGRvufXfw8pForGsjQUKcEPTZj5s2po6Em3GSczg9OKnryUv_5NVTnRiwNP35b2W2-ns6A24SZ8LL-ONgQQyMg7MIVs2KH7gIetDBIYHmJiNFWGJmaW17HcrMYQxnWnpqe9KFtugN3njGfy7TeETZ5SNkZSAYDH7Az0zHK8kwrXMzdgSj4PMFT82TwGoatZmi1YEmYXQaa_xKBUPp5zJxniWlWbfd-10AX/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.google.com%252Fdocument%252Fd%252F1vf-EliXByhg5HZfgVbTqZhfaJFCmvMdQuZ4tC-Eq6wg%252Fedit%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055711543%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DviLbu992asJlpBDVi75ltCjM96yEMI%252FH9NLZmaq65fk%253D%26reserved%3D0>

@Kay Williams<mailto:kayw@microsoft.com>: Request please forward the Invite to those I missed in the thread.

Join Zoom Meeting
https://armltd.zoom.us/j/99133885299?pwd=b0w4aGorRkpjL3ZHa2NPSmRiNHpXUT09<https://secure-web.cisco.com/1dQ8loNHzfiag_jU_bgUULWQU6gL-ItrzTIADsnDsuOuFvo1fA0jcy85R77z_W8b6Cq7j1aQWaGG4oBg0ftwIT6Qf-_KZq-PfVZr0CAya0RafNn19nkwfJHEhgZoWleKiAMa3iRpbfaoBW1UoK6hBGZ1xN0w3xqvvjfzKVBtFAK6n3JXwva2zl-bmgLaeY-KLTvueXXj4EcjjlxzRd0RA57vcLmz9-k1lQ-UrYeSMlxq24EquNUYjNfyGeUcz-9fWx89Be1yFrki4KjFyjgN0J6ln20mXAbFtuGg3i4vmE6zJk68lCM_SeQVuSaVsZIbL/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Farmltd.zoom.us%252Fj%252F99133885299%253Fpwd%253Db0w4aGorRkpjL3ZHa2NPSmRiNHpXUT09%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055711543%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3D6SC968kMnjlNiQlUtOTYsWUWt%252FCNPLTTbRPpVuK8f9Y%253D%26reserved%3D0>

Meeting ID: 991 3388 5299
Passcode: 531470
One tap mobile
+442034815240,,99133885299#,,,,*531470# United Kingdom

Dial by your location
        +44 203 481 5240 United Kingdom
        +1 346 248 7799 US (Houston)
        +1 408 638 0968 US (San Jose)
        +1 646 518 9805 US (New York)
        +91 224 879 8012 India
        +91 406 480 2722 India
        +91 806 480 2722 India
        +91 116 480 2722 India
        +852 5803 3730 Hong Kong SAR
        +46 8 4468 2488 Sweden
        +47 2400 4735 Norway
        +972 3 978 6688 Israel
        +353 1 536 9320 Ireland
        +36 1 408 8456 Hungary
        +49 69 3807 9883 Germany
        +33 1 7037 2246 France
        +358 3 4109 2129 Finland
        +45 32 70 12 06 Denmark
        +1 438 809 7799 Canada
        +82 2 3143 9611 Korea, Republic of
        +65 3158 7288 Singapore
        +27 87 550 3946 South Africa
        +32 1579 5132 Belgium
        +48 22 307 3488 Poland
        +386 1600 3102 Slovenia
        +60 3 3099 2229 Malaysia
        +886 (2) 7741 7473 Taiwan
        +81 3 4578 1488 Japan
Meeting ID: 991 3388 5299
Passcode: 531470
Find your local number: https://armltd.zoom.us/u/auABE2oPq<https://secure-web.cisco.com/19xSLnlkSC1MmbxQN_EMQvyutPSICBF8tDqORVDRou1733gNNdHvyR8Y0HH77ppGlnB6IZUxi3gxWIvcgQUbZRiYH09MlixiNuqt6Ck77qNq_lRWdjPeLEjK3hdzG5EG78gUdGWRma79Aa6FyoWOKLdpSunB5uUyDhEFw0aPosBA3n2Z3QSB32FvFXY7QiEag1FoP-4o5RHSocbfboojQ6ED5B1bGeK4jPS1lgne085lhyH14EUnCiYxOoL-QmBEF-4azVOHt0xRNxI5sylpMH8BB1F-lUfTQSoWrTbGMA0mA1sfaF1H_pz3SjDUXU8_1/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Farmltd.zoom.us%252Fu%252FauABE2oPq%26data%3D05%257C01%257Croywill%2540exchange.microsoft.com%257Ca05dc3a4d3844373a34d08dad3cc1047%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C638055174055711543%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3Dp1QlhvdzlLjNgClb%252Feu5Lev14u2Zg%252FD8unKpYN7u08U%253D%26reserved%3D0>

Join by SIP
99133885299@zoomcrc.com<mailto:99133885299@zoomcrc.com>

Join by H.323
162.255.37.11 (US West)
162.255.36.11 (US East)
115.114.131.7 (India Mumbai)
115.114.115.7 (India Hyderabad)
213.19.144.110 (Amsterdam Netherlands)
213.244.140.110 (Germany)
103.122.166.55 (Australia Sydney)
103.122.167.55 (Australia Melbourne)
209.9.211.110 (Hong Kong SAR)
149.137.40.110 (Singapore)
64.211.144.160 (Brazil)
69.174.57.160 (Canada Toronto)
65.39.152.160 (Canada Vancouver)
207.226.132.110 (Japan Tokyo)
149.137.24.110 (Japan Osaka)
Meeting ID: 991 3388 5299
Passcode: 531470



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.