IETF Logo Mail Archive

Re: [SCITT] Call for adoption - SCITT Architecture

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 20 November 2022 16:04 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89DDDC14CF16 for <scitt@ietfa.amsl.com>; Sun, 20 Nov 2022 08:04:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MyYDxEACFTK2 for <scitt@ietfa.amsl.com>; Sun, 20 Nov 2022 08:04:49 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41157C14F723 for <scitt@ietf.org>; Sun, 20 Nov 2022 08:04:48 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 757C91800D for <scitt@ietf.org>; Sun, 20 Nov 2022 11:30:12 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id zZQ9amQNdhsg for <scitt@ietf.org>; Sun, 20 Nov 2022 11:30:11 -0500 (EST)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id EFB621800C for <scitt@ietf.org>; Sun, 20 Nov 2022 11:30:10 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1668961810; bh=m7mZvJ+DCaLALmQXsvRsNRj4tr7+zb8+dd5Lc6NeP2Y=; h=From:To:Subject:In-Reply-To:References:Date:From; b=oP3RQbB5vT0EsinvHTkWO9tQeGJSjFiEaLXU3AzJh46CQs1ZKmUsERwhLkoHT7vLH aFdmW2NUBlxx5hrKgt5roCgwZLXu2Cf9min+SXvbzMjtgyFJ6q6rUA8XNHw0e/Jfme ivcpJOYZLft4GkMbU4ff2eDnc+FjHd+vUit8SasboHOa0mpNqwS/315EE7Cl22HdLM ayWPz4rz0h5i//lpBRbrTPpThRMkzxmyMfCowug9QWquZzgnvfSHeLH3sbjykJgRDR b4aBCn9fKIS+gwCmnb4e5Q+QHAadRkCyui3Uw2gkQDJczpS45amoOneUVQwHqngzYs MROph1B2CwOMQ==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 16902F43 for <scitt@ietf.org>; Sun, 20 Nov 2022 11:04:42 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "scitt@ietf.org" <scitt@ietf.org>
In-Reply-To: <DE245BEA-1B1B-477B-8D02-3515B0C84FF8@tzi.org>
References: <DBBPR08MB591573B5A97DADD9F0EEC2E9FA059@DBBPR08MB5915.eurprd08.prod.outlook.com> <DE245BEA-1B1B-477B-8D02-3515B0C84FF8@tzi.org>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 20 Nov 2022 11:04:42 -0500
Message-ID: <29764.1668960282@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/wOzIG2CVYZJ9urZZzzNcrq3HgBQ>
Subject: Re: [SCITT] Call for adoption - SCITT Architecture
X-BeenThere: scitt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scitt>, <mailto:scitt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt/>
List-Post: <mailto:scitt@ietf.org>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scitt>, <mailto:scitt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Nov 2022 16:04:54 -0000

I have read:

> https://datatracker.ietf.org/doc/html/draft-birkholz-scitt-architecture-02

and I think that it is suitable for WG adoption.

Some comments:

1) "TS" seems to be have been defined only in the Abstract. I learnt what it
was by seeing it in the table of contents.

2) I hate the word "Transparent" here.  THe claim is not transparent.
If it were, you coudn't see it.  It's the container that is transparent,
allowing one to see the claim.  The term became wrongly idiomatic to
(legal) "process", which is to say a legal process was transparent if, while
looking at the results, you could see through the bureaucracy around the
process (the bureaucracy was transparent) to see what was inside.
(Kafka wrote about a bureaucracy which was not transparent)
Certificate Transparency, in my opinion, borders to being silly as well, but
it doesn't claim the certificates are transparent, rather the process of
issuing them is.

I suggest that we don't want to talk about Transparent Claims, but rather, we
want to tralk about Public Claims, or Visible Claims or something.

section 2.2 then says:
  "A supply chain that maintains a transparent record of the successive"

Again, I want a visible record.

2.3, about Cold Chains, seems unusually specific.  It seems like we are
unduly concerned about sea food, but not for instance, concerned with keeping
my french fries from suffering freezer burn. (Defrosting and re-freezing)
I think that this section needs to be re-written as more of an examplar.

I see that section 4 tries to justify the term, and 5.2 tries some more.
Having read those sections, I'm more than ever convinced that it's the wrong
term.

In section 5,2 _Practical Byzantine Fault Tolerance (pBFT [PBFT])_ is
suggested but I'm unclear how/if there is any requirement being created here.
I get the impression that this is an internal/functional requirement and has
no interoperability impact.

}   TS implementations SHOULD make their full registration
}   policy public and auditable, e.g. by recording stateful policy inputs
}   at evaluation time in the registry to ensure that policy can be
}   independently validated later.

So, specifially, a TS should not be transparent (invisible) about it's
policy, but must be explicit about it.

} 5.2.3.  Registry Security Requirements
tries to say that blockchain is not required while not actually saying so,
because there are still people in this group who want to boil the ocean.

}6.3.  Standard registration policies
}
}      *Editor's note*
}
}      The technical design for signalling and verifying registration
}      policies is a work in progress.  We expect that once the formats
}      and semantics of the registration policy headers are finalized,
}      standardized policies may be moved to a separate draft.  For now,
}      we inline some significant policies to illustrate the most common
}      use cases.

is it time to split this off into a new document as part of the adoption
process?  Or is there another plan to do this at some future time, and if so,
could that be detailed?

I think that some of the Security Considerations could go into the
Introduction, or earlier text.   Perhaps repeated there.
The SC is well done.

for instance:
   Due to the operational challenge of maintaining a globally consistent
   append-only Registry, some TS may provide limited support for
   historical queries on the Claims they have registered, and accept the
   risk of being blamed for inconsistent Registration or Issuer
   equivocation.

should probably mentioned earlier.

And also:
}   The TS is trusted with the confidentiality of the claims presented
}   for registration.  Some TS may publish every claim in their logs, to
}   facilitate their dissemination and auditing.  Others may just return
}   receipts to the client that present claims for registration, and
}   disclose the ledger only to auditors trusted with the confidentiality
}   of its contents.

i.e. some transparency services are not transparent.
It's really really really not the right term.





--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email