Re: [SPICE] Call for consensus on SPICE charter
Manu Fontaine <Manu@hushmesh.com> Mon, 26 February 2024 15:52 UTC
Return-Path: <manu@hushmesh.com>
X-Original-To: spice@ietfa.amsl.com
Delivered-To: spice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7944CC151064 for <spice@ietfa.amsl.com>; Mon, 26 Feb 2024 07:52:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hushmesh-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MXzWPnhNIUAp for <spice@ietfa.amsl.com>; Mon, 26 Feb 2024 07:52:14 -0800 (PST)
Received: from mail-oi1-x22f.google.com (mail-oi1-x22f.google.com [IPv6:2607:f8b0:4864:20::22f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A882C15154F for <spice@ietf.org>; Mon, 26 Feb 2024 07:51:45 -0800 (PST)
Received: by mail-oi1-x22f.google.com with SMTP id 5614622812f47-3bb9b28acb4so2301277b6e.2 for <spice@ietf.org>; Mon, 26 Feb 2024 07:51:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hushmesh-com.20230601.gappssmtp.com; s=20230601; t=1708962704; x=1709567504; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=mxtAXwDVp33UtrNxRxqql1ZI/xzk5g6yn3iCq3UtlL0=; b=Nqpfiuo49LgFCFb5/Pruui+pejnXt8v3WtLhdkmo/qbBOn3J0LawvOlNnori1hZke8 G6gXSw6GGnUHUylN4exGo2xmL0FxfNGF0Lj6tL3vrotNjtYdb1JXgxlEuUBBNKGXZOpZ mYfv1yFp8hPTHq6TD9O3mZqKqX+S73PLLmxo9+EvycPs2HP+wmOmgLJkzfVhsAL1XZ0m RVeIcX6Cs9K9/eH40iPKkmLAmI3MmhyCZ5W8mhgTeSZqOpb1PiAzVrs5wKtwqusFqhM0 y1RhLMyTCeB4ozDSveHncKj8xsLSmQyUBfk28fZD/uPQ6imFzrHYrrqfMRQWbVu0wYOi T8QA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708962704; x=1709567504; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mxtAXwDVp33UtrNxRxqql1ZI/xzk5g6yn3iCq3UtlL0=; b=qSxhYShvBW4LTVGOFLCYfdMr4bdL3oarqvykikuy7NJAyFV6GxapW9DL1m94eHbm2v 2QGShyu6bWiaIggmvKcQNMWhOOoicQgLo1cIiKmocT9v8t9c5gXZE5WxJtu0bFDMiiat 6RrgBlZuYuXOMZ99xJy5nxexB9fquJ/s1kQGowFVK4RfTahGDFvVNFbOxpwznDz4fF97 4lebzCgH06VV3tEwv0jmAjnaLQudgRRrrVAlKhD6pbBI+kpx+GWVYsvaRkD8VxtUJeNz R2kUycBKNbU4XvhVo9X0xkFPfx7g6dU+6T5JGC4u+7jIYoYr23TYqhdSVijowgtVXpWJ lblg==
X-Forwarded-Encrypted: i=1; AJvYcCV8LZG4uEVwLLcvMCkhB3bXBbZM9fqn326XYq7ClfUmxV3wxadpOv+l7N7Plr506pSoHS/rmIiQIreML9EygQ==
X-Gm-Message-State: AOJu0Yy567Lf9Hfs6Lf38Q3m27cVH8dNLJ+9Iyzl7AnmHD8HdiwX031n Apucywj2RMJARJlJqiC6FPviRqTMZ2dqqqEHbWOpxZ4S8CFv5loSw0HEdU6yZ8cLJTT8X9CN5nA 8H+lIUpBUheaBsKimbOMdL5UMfQ2fAf6X0pDguw==
X-Google-Smtp-Source: AGHT+IFDRawC72zgXAPaFmBvtAwmD2/ukKBFL811nLCK4ZlNeENx/OO/gdXfGI5DIfoGTG4UV1OpGkZSHMtv4rDWhEU=
X-Received: by 2002:a05:6808:30a6:b0:3c1:33c7:68bb with SMTP id bl38-20020a05680830a600b003c133c768bbmr8154193oib.31.1708962704283; Mon, 26 Feb 2024 07:51:44 -0800 (PST)
MIME-Version: 1.0
References: <BN2P110MB110725C85B7253C421DDFE71DC4BA@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CA+tYtvG3KmYfUdWM9AqMcs=8abjOA1bCYHa5qeJdyRE_WzeF=g@mail.gmail.com> <CAAse2dFGZ3wFDv8FFQyBm5PYXTm0RrBaUYfF3Tum6tReFsemrA@mail.gmail.com> <CANez3f4GzDjpfL1PQCk4M80EUkDvTF1t7sfCES3GHsoO-x1DXQ@mail.gmail.com> <CACsn0cmqd2R5yJMuQYCgqpV4-Q0X442mEGX4RJatEKvu8eW5Lg@mail.gmail.com> <CAN8C-_+ioJab1Qbiu+gBQ_nx-k77_3_koj=kwEJaGhVEEVc1OQ@mail.gmail.com> <CAHu=PL1y3KHcTv3OhopHUiewF5d2hN6_sqBOgmwMaA3wQEGEZw@mail.gmail.com> <c168cf13-deae-0ac8-41ca-21497fb187ef@ietf.contact> <CAHu=PL2WU+6iDyP+Gii4yjB8PKYo9ro6rvhnepL=REn5bfMzUw@mail.gmail.com> <604de2c0-2b05-0a0d-3916-cb314a6fcc23@free.fr>
In-Reply-To: <604de2c0-2b05-0a0d-3916-cb314a6fcc23@free.fr>
From: Manu Fontaine <Manu@hushmesh.com>
Date: Mon, 26 Feb 2024 10:51:33 -0500
Message-ID: <CAHu=PL29UD3eBkm=rD_oRB-yroMYykKdpT9-Gg4TfvP1p-J3ng@mail.gmail.com>
To: Denis <denis.ietf@free.fr>
Cc: Orie Steele <orie@transmute.industries>, Watson Ladd <watsonbladd@gmail.com>, spice@ietf.org, Henk Birkholz <henk.birkholz@ietf.contact>
Content-Type: multipart/alternative; boundary="000000000000ec6e1006124ae27a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spice/-ASW2ikxapSZup_M8QItpnjzNL0>
Subject: Re: [SPICE] Call for consensus on SPICE charter
X-BeenThere: spice@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Patterns for Internet CrEdentials <spice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spice>, <mailto:spice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spice/>
List-Post: <mailto:spice@ietf.org>
List-Help: <mailto:spice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spice>, <mailto:spice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2024 15:52:18 -0000
Thanks Denis, I understand your perspective. Manu On Mon, Feb 26, 2024 at 9:26 AM Denis <denis.ietf@free.fr> wrote: > Manu, > > The "IETF SEC Area" is neither a BoF, nor a WG. > > So the "intersection of CCC and the IETF SEC Area" will not be the SPICE > BoF (nor a WG formed from it). > > Within the IETF, the TEEP WG has produced RFC 9397, i.e., the Trusted > Execution Environment Provisioning (TEEP) Architecture. > It is currently progressing draft-ietf-teep-protocol-18, i.e., Trusted > Execution Environment Provisioning (TEEP) Protocol. > This can be viewed as a back-office management function. > > The need to consider a TA running under a TEE in the context of SPICE does > not originate from the Confidential Computing Consortium, > but from a security threat analysis focusing on the Holder. > > The holder (application) needs to manage either asymmetric key pairs or > Link Secrets together with Blinded Link secrets (BLSs). > Not only these keys need to be protected in a TEE, but also the TA > (Trusted Application), i.e., the Holder, that manages and uses > them needs to be hosted in a TEE. > > In the context of SPICE, from a front-office point of view, before > issuing a digital credential to a Holder, the digital credential issuer > needs to be convinced > that the digital credential request originates from a TA which supports > "specific characteristics" and that this TA is indeed hosted in a TEE. > This missing piece of the puzzle could be developed in a future SPICE WG > ... or , even better, as an additional RFC published by the RATS WG. > This is why coordination with both TEEP and RATS is important. > > A goal of a future SPICE WG should not be to build *the "missing layer" > of the internet that we've all been looking for*", nor "**the* security > bedrock*". > > Denis > > Thanks Henk, I hope you'll be in Brisbane so we can meet in person. > > Our perspective is that CC is literally (chip+workload) identity and > cryptographic security at the *physical* layer. > It's the infamous "missing layer" of the internet that we've all been > looking for. It's *the* security bedrock. > > I cannot think of better places than the intersection of CCC and the IETF > SEC Area to re-imagine security from the silicon up. > > Manu > > > On Sun, Feb 25, 2024 at 11:17 PM Henk Birkholz > <henk.birkholz@ietf.contact> <henk.birkholz@ietf.contact> wrote: > >> Dear Manu, >> >> I've been a member of the Confidential Computing Consortium since its >> formation. I agree the CCC work is an implementation steered hub that >> binds many, many of the standardized building blocks that you mentioned. >> And a lot of IETF contributors and implementers meet there to find >> common ground, generalize APIs across hardware, and complain about >> Attestation Evidence heterogeneity all the time (that is fun, too). >> >> Advertisement hat on: It's a great place! Have a look! >> >> There is a tendency to produce confidential computing solutions from the >> bottom up - okay. But I'd not go so far as to say the "infrastructure >> layer" is the nucleus here. A ton of work is done on the API level and >> the OPS level and the IETF provides these really useful nuclei, one of >> them draft-ietf-rats-ar4si. That work shows that all pieces of the stack >> are important to the assessment, even the infrastructure layer. Is the >> situation great across vendors on that layer? Probably not great. Are we >> trying to give the best incentives to make it better? Yes! >> >> Let's try to scope the SPICE WG in a way that attracts the real-world >> experts, both users that really need standards, because "all I have are >> these ancient processes and documents and everything seems to be hyper >> confidential and now it must be interoperable and secure next week?" and >> experts that bring the experience to the SPICE WG that have the >> potential to solve parts of the problem. The interconnected system you >> are illustrating is not blocked by that. I think it is a good way to get >> there in time, actually. And it requires to listen to other WGs experts >> and interact with them in the IETF. I think that's great. >> >> >> Viele Grüße, >> >> Henk >> >> On 24.02.24 17:11, Manu Fontaine wrote: >> > I am reacting to mentions of "hardware", "balance", and "maximalist >> > positions" regarding important parts of "delivering secure and usable >> > systems". >> > >> > Confidential Computing hardware (TEEs) is readily available, and a >> > blueprint exists >> > < >> https://datatracker.ietf.org/meeting/118/materials/slides-118-hotrfc-sessa-05-a-universal-name-system-uns-and-universal-certificate-authority-uca-00> >> to solve for global assurance of provenance, integrity, authenticity, >> confidentiality, reputation, and privacy for all bits, be they code or >> data, for persons and non-person entities. No exotic cryptography required. >> > >> > The problem space collapses when using Confidential Computing at the >> > "infrastructure layer". In 2024, identity, authentication, >> > authorization, data encryption, key management, and credentialing >> should >> > all be re-imagined on top of Confidential Computing, if for nothing >> else >> > than CC providing attestation+verification of hardware+software >> > integrity. Why would anyone not want to verify these critical pieces of >> > infrastructure? #zerotrust >> > >> > I am still an IETF newbie trying to understand how to bring this work >> to >> > the IETF, realizing that it's tricky as it overlaps with many WGs. I'll >> > be in Brisbane and will schedule a side meeting to give an update on >> our >> > work in this direction, and I hope to start/continue conversations with >> > all of you. >> > >> > Manu >> > >> > >> > On Fri, Feb 23, 2024 at 9:58 PM Orie Steele <orie@transmute.industries> >> <orie@transmute.industries> >> > wrote: >> > >> > The charter mentions profiles of JWP/CWP, which is from JOSE not >> > OAuth, and which supports BBS, but can be extended to other systems, >> > assuming they can support similar interfaces. >> > >> > https://datatracker.ietf.org/doc/draft-ietf-jose-json-web-proof/ >> > <https://datatracker.ietf.org/doc/draft-ietf-jose-json-web-proof/> >> > >> > I'd personally like to see CFRG publish some lattice based zkp >> > system that could offer similar capabilities... Probably, we are >> > years away from seeing hardware support for that... I'd be happy to >> > be wrong, as long as the lattice system lasts longer than elliptic >> > curve discrete log. >> > >> > In the informal meetings, which we have had, BBS has been discussed >> > a lot. >> > >> > As have the consent and privacy issues, and infrastructure costs >> > associated with single use key bound credentials, which include ISO >> > mDoc and SD-JWT. >> > >> > Sustainability, privacy, inclusivity and transparency are all >> > important parts of delivery secure and usable systems. >> > >> > Some balance is necessary, because we are unlikely to agree to >> > maximalist positions on any one of these important dimensions. >> > >> > See also: >> > >> > >> https://datatracker.ietf.org/doc/statement-iab-statement-on-the-risks-of-attestation-of-software-and-hardware-on-the-open-internet/ >> < >> https://datatracker.ietf.org/doc/statement-iab-statement-on-the-risks-of-attestation-of-software-and-hardware-on-the-open-internet/ >> > >> > >> > OS >> > >> > >> > On Fri, Feb 23, 2024, 8:36 PM Watson Ladd <watsonbladd@gmail.com >> > <mailto:watsonbladd@gmail.com>> wrote: >> > >> > On Fri, Feb 23, 2024, 5:17 PM Kaliya Identity Woman >> > <kaliya@identitywoman.net <mailto:kaliya@identitywoman.net>> >> wrote: >> > > >> > > I don't know what you mean by "privacy" Nick. >> > > I think the folks who are in the trenches of developing the >> > protocols of digital identity at least those arising out of the >> > community arising from Internet Identity Workshop community have >> > been very focused on how to best give individual people the most >> > control possible over how they can leverage digital credentials >> > and have worked very hard. >> > >> > Results, not effort, matter. >> > >> > > >> > > We have also come up against very real world constraints - >> > while the BLS family of cryptography that the BBS+ work is >> > anchored in and is progressing through CFRG is fantastic in >> > providing a path forward for really great selective disclosure >> > capabilities. It isn't finished review and it hasn't been >> > standardized for how to actually use it to create credentials >> > (Although some great companies leading this work have been >> > experimenting). >> > >> > Isn't that the work of standards bodies and companies to >> develop the >> > tech and standardize? >> > >> > > Even if it WAS ready "now" the phones that are on the market >> > and widely adopted don't have the capabilities to actually do >> > BLS signatures to anchor the credentials to phones. (for >> > better or worse this is the primary subject holder binding >> > mechanism that European governments have decided to proceed with >> > for the issuance of state issued documents to >> citizens/residents). >> > >> > I'm not that familiar with secure element design but I have >> written >> > papers and run code showing that it's possible to achieve these >> > bindings while preserving privacy and not modifying the >> element. Now >> > there were some mistakes later work has fixed but it is >> > possible: see >> > SAC '21 and the successor that fixes some stuff is a preprint I >> can >> > share. >> > >> > > >> > > Extensive research into all the possibilities of formats and >> > signatures and bindings was made and I believe that SD-JWT was >> > the best possible one out of the bunch given all the REAL WORLD >> > constraints. (see this community built spread sheet for the >> details) >> > > >> > > I think we need the SPICE working group in the IETF to >> > actually make a home to continue to progress the work towards >> > even better credentials with better properties. It is >> > specifically envisioned by the folks who are asking for this >> > working group that work on how to do credentials with BBS+ >> > signatures would happen in this group once the CFRG review is >> > complete and I know that there are government folks who want >> > better choices then they have now in terms of ways to protect >> > and support citizen empowerment and "privacy". >> > >> > But that's not what the group is being singularly chartered for >> > nor is >> > it combining all this work over the IETF. The debate here is >> really >> > about what should be done in the group and elsewhere, and if the >> > charter was BBS identity I think a lot of people would support >> it. >> > >> > > >> > > >> > > If we don't actually make space to move the work forward it >> > can't move forward. >> > >> > No one is saying we shouldn't do BBS based credentials here. >> We're >> > asking questions about the scope and whether or not to approve >> > mechanisms that don't meet the bar privacy wise without a lot >> more >> > effort in deployment that's been pushed out of scope. >> > >> > > >> > > >> > > I find it a bit hard to take seriously folks who have not >> > been actively engaged in the community working on digital >> > credentials for people landing down taking one glance around and >> > saying in an off the cuff way "its not good enough privacy" when >> > they have not really taken the time to understand the history, >> > context, real extremely extraneous effort that has been put into >> > achieving the development of reasonable systems within the real >> > world constraints that really exist. >> > > >> > > Maybe it is our job to do a better job to communicate this >> > prior art and significant body of existing work, and really >> > dedicated people who have a real commitment to core positive >> values. >> > >> > If this community was committed to privacy you'd collectively >> away >> > when the constraints make it impossible. That's what being >> committed >> > to values means. Luther did not say "I stand here, and I'll move >> > a bit >> > if it's inconvenient". >> > >> > SD-JWT isn't a minor privacy problem. It lets the government >> track >> > every time you use a credential online, with active proposals to >> > mandate it for the viewing of "sensitive" materials, a category >> > encompassing some of the most beautiful photography of the 20th >> > century, several Oscar winning movies. Some governments will of >> > course >> > seek to extend this further to Winnie the Poh memes, French >> Peanuts >> > reprinters, or news Carter-Ruck doesn't like. >> > >> > > The work has been happening in earnest with a coherent group >> > of people who have been inter-related and working together on >> > this for 20 years. Many of these people gather twice a year at >> > the Internet Identity Workshop and ongoing efforts inbetween >> > happen in bodies such as the Decentralized Identity Foundation, >> > OpenID Foundation, Trust over IP Foundation, Kantara Initiative, >> > various W3C Community Groups. >> > >> > There has been inordinate work on credentials ever since CL01 >> and >> > CL04, and all of that has been ignored. It could have gone into >> > secure >> > elements: TPM has DAA after all. But instead we get this. The >> > lack of >> > engagement with cryptographers and privacy engineers is >> unfortunate, >> > but we can't ignore these issues on the basis that the water has >> > passed under the bridge. >> > >> > > >> > > I have only been to the last two IETFs and I was really >> > impressed with the deep collective intelligence and wisdom I saw >> > in action. I was surprised about how many different working >> > groups who's efforts touch in some way on identity are not >> > intersecting very much or learning from each other (PrivacyPass >> > has quite limited overlap with OAuth work - TIGRESS is working >> > on moving keys between phones/wallets? also not interacting with >> > work focused on that in the identity community) Dick and Rifaat >> > have a great outline for an identity sense making effort that >> > could go a long way to helping various groups just as step 1 >> > understand what each other is doing. >> > >> > PrivacyPass is doing something different than OAUTH hence the >> > lack of >> > overlap. If they overlapped more then there would be a problem. >> > >> > > >> > > I think SPICE is needed and I hope the charter will be >> approved. >> > > I don't think adding more MUSTs to the charter right now will >> > help us progress. Folks who believe that certain properties and >> > features should be in protocols that the group works on should >> > get engaged to struggle through the real work needed to find the >> > path - rooted in the real world of real adoption by real users >> > of the technology. If it (digital identity) was "easy" it would >> > have been solved 15 years ago. >> > >> > And if the people solving it has been at all familiar with the >> > literature and cared about privacy they wouldn't have made >> > SD-JWT. If >> > we end up with SD-JWT everywhere choking the oxygen from a >> better >> > solution that's bad. >> > >> > End of the day there is no protocol police. So what exactly is >> > it you >> > want the IETF to give you this real world adoption cannot? Why >> can't >> > we say "here's a privacy preserving solution to your problems" >> > rather >> > than ratify a lot of very flawed work? To be clear I think we >> > need to >> > have a forum to have this discussion, but to the extent SPICE >> > isn't it >> > because things continue in OAUTH (thanks to JWT) and the charter >> > prejudges the result I'm against it. I'd support a broader >> charter >> > that doesn't have a commitment to ratifying SD-JWT. >> > >> > Sincerely, >> > Watson Ladd >> > >> > -- >> > SPICE mailing list >> > SPICE@ietf.org <mailto:SPICE@ietf.org> >> > https://www.ietf.org/mailman/listinfo/spice >> > <https://www.ietf.org/mailman/listinfo/spice> >> > >> > -- >> > SPICE mailing list >> > SPICE@ietf.org <mailto:SPICE@ietf.org> >> > https://www.ietf.org/mailman/listinfo/spice >> > <https://www.ietf.org/mailman/listinfo/spice> >> > >> > >> > > >
- [SPICE] Call for consensus on SPICE charter Roman Danyliw
- Re: [SPICE] Call for consensus on SPICE charter Michael Prorock
- Re: [SPICE] Call for consensus on SPICE charter Kristina Yasuda
- Re: [SPICE] Call for consensus on SPICE charter Orie Steele
- Re: [SPICE] Call for consensus on SPICE charter Michael Richardson
- Re: [SPICE] Call for consensus on SPICE charter Kristina Yasuda
- Re: [SPICE] Call for consensus on SPICE charter Orie Steele
- Re: [SPICE] Call for consensus on SPICE charter Watson Ladd
- Re: [SPICE] Call for consensus on SPICE charter Henk Birkholz
- Re: [SPICE] Call for consensus on SPICE charter Watson Ladd
- Re: [SPICE] Call for consensus on SPICE charter Henk Birkholz
- Re: [SPICE] Call for consensus on SPICE charter Michael Jones
- Re: [SPICE] Call for consensus on SPICE charter Henk Birkholz
- Re: [SPICE] Call for consensus on SPICE charter Michael Jones
- Re: [SPICE] Call for consensus on SPICE charter Henk Birkholz
- Re: [SPICE] Call for consensus on SPICE charter Henk Birkholz
- Re: [SPICE] Call for consensus on SPICE charter Michael Richardson
- Re: [SPICE] Call for consensus on SPICE charter Kristina Yasuda
- Re: [SPICE] Call for consensus on SPICE charter Michael Prorock
- Re: [SPICE] [OAUTH-WG] FW: Call for consensus on … Mahmoud Alkhraishi
- Re: [SPICE] Call for consensus on SPICE charter Kristina Yasuda
- Re: [SPICE] Call for consensus on SPICE charter Christopher Allen
- Re: [SPICE] [OAUTH-WG] FW: Call for consensus on … Brent Zundel
- Re: [SPICE] Call for consensus on SPICE charter Kaliya Identity Woman
- Re: [SPICE] Call for consensus on SPICE charter Giuseppe De Marco
- Re: [SPICE] Call for consensus on SPICE charter Jon Geater
- Re: [SPICE] Call for consensus on SPICE charter Justin Richer
- Re: [SPICE] Call for consensus on SPICE charter Michael Jones
- Re: [SPICE] [COSE] FW: Call for consensus on SPIC… Christopher Allen
- Re: [SPICE] [COSE] FW: Call for consensus on SPIC… Manu Fontaine
- Re: [SPICE] Call for consensus on SPICE charter Denis
- Re: [SPICE] Call for consensus on SPICE charter Christopher Allen
- Re: [SPICE] Call for consensus on SPICE charter Denis
- Re: [SPICE] [OAUTH-WG] FW: Call for consensus on … Denis
- Re: [SPICE] Call for consensus on SPICE charter Margaret Cullen
- Re: [SPICE] [saag] Call for consensus on SPICE ch… Ira McDonald
- Re: [SPICE] [saag] Call for consensus on SPICE ch… Denis
- Re: [SPICE] [saag] Call for consensus on SPICE ch… Denis
- Re: [SPICE] [saag] Call for consensus on SPICE ch… Ira McDonald
- Re: [SPICE] Call for consensus on SPICE charter Nick Doty
- Re: [SPICE] [saag] Call for consensus on SPICE ch… Michael Richardson
- Re: [SPICE] Call for consensus on SPICE charter Alexander Stein
- Re: [SPICE] Call for consensus on SPICE charter Christopher Allen
- Re: [SPICE] Call for consensus on SPICE charter Watson Ladd
- Re: [SPICE] Call for consensus on SPICE charter Orie Steele
- Re: [SPICE] Call for consensus on SPICE charter Henk Birkholz
- Re: [SPICE] Call for consensus on SPICE charter Manu Fontaine
- Re: [SPICE] Call for consensus on SPICE charter Henk Birkholz
- Re: [SPICE] Call for consensus on SPICE charter Nick Doty
- Re: [SPICE] [saag] FW: Call for consensus on SPIC… Denis
- Re: [SPICE] Call for consensus on SPICE charter Orie Steele
- [SPICE] Fwd: [OAUTH-WG] FW: Call for consensus on… Denis
- Re: [SPICE] [saag] Call for consensus on SPICE ch… Denis
- Re: [SPICE] [saag] Call for consensus on SPICE ch… Kaliya Identity Woman
- Re: [SPICE] Call for consensus on SPICE charter Manu Fontaine
- Re: [SPICE] Call for consensus on SPICE charter Denis
- Re: [SPICE] Call for consensus on SPICE charter Watson Ladd
- Re: [SPICE] Call for consensus on SPICE charter Orie Steele
- Re: [SPICE] Call for consensus on SPICE charter Leif Johansson
- Re: [SPICE] Call for consensus on SPICE charter Kaliya Identity Woman
- Re: [SPICE] Call for consensus on SPICE charter Manu Fontaine
- Re: [SPICE] Call for consensus on SPICE charter Michael Richardson
- Re: [SPICE] Call for consensus on SPICE charter Michael Prorock
- Re: [SPICE] Call for consensus on SPICE charter Orie Steele
- Re: [SPICE] [COSE] FW: Call for consensus on SPIC… Christopher Allen
- Re: [SPICE] [saag] Call for consensus on SPICE ch… Ira McDonald
- Re: [SPICE] [COSE] FW: Call for consensus on SPIC… Manu Fontaine
- Re: [SPICE] Call for consensus on SPICE charter Heather Flanagan
- Re: [SPICE] Call for consensus on SPICE charter Roman Danyliw
- Re: [SPICE] Call for consensus on SPICE charter Orie Steele
- Re: [SPICE] Call for consensus on SPICE charter Roman Danyliw
- Re: [SPICE] Call for consensus on SPICE charter Watson Ladd
- Re: [SPICE] Call for consensus on SPICE charter Denis
- Re: [SPICE] Call for consensus on SPICE charter Manu Fontaine
- Re: [SPICE] Call for consensus on SPICE charter Denis
- [SPICE] 00-01 charter comments (was Re: Call for … Michael Richardson
- Re: [SPICE] Call for consensus on SPICE charter Roman Danyliw
- Re: [SPICE] Call for consensus on SPICE charter Roman Danyliw
- Re: [SPICE] Call for consensus on SPICE charter Watson Ladd
- Re: [SPICE] Call for consensus on SPICE charter Manu Fontaine
- Re: [SPICE] Call for consensus on SPICE charter Roman Danyliw
- Re: [SPICE] Call for consensus on SPICE charter Christopher Allen
- Re: [SPICE] Call for consensus on SPICE charter Denis
- Re: [SPICE] Call for consensus on SPICE charter Michael Prorock
- Re: [SPICE] Call for consensus on SPICE charter Tschofenig, Hannes
- Re: [SPICE] Call for consensus on SPICE charter Denis
- Re: [SPICE] Call for consensus on SPICE charter Henk Birkholz
- Re: [SPICE] Call for consensus on SPICE charter Tschofenig, Hannes
- Re: [SPICE] Call for consensus on SPICE charter Denis
- Re: [SPICE] Call for consensus on SPICE charter Orie Steele
- Re: [SPICE] Call for consensus on SPICE charter Brent Zundel
- Re: [SPICE] Call for consensus on SPICE charter Manu Fontaine
- Re: [SPICE] Call for consensus on SPICE charter Michael Prorock
- Re: [SPICE] Call for consensus on SPICE charter Orie Steele
- Re: [SPICE] Call for consensus on SPICE charter Manu Fontaine
- Re: [SPICE] Call for consensus on SPICE charter Michael Prorock
- Re: [SPICE] Call for consensus on SPICE charter Denis
- Re: [SPICE] Call for consensus on SPICE charter Orie Steele
- Re: [SPICE] Call for consensus on SPICE charter Manu Fontaine
- Re: [SPICE] Call for consensus on SPICE charter Roman Danyliw
- Re: [SPICE] Call for consensus on SPICE charter Orie Steele
- Re: [SPICE] Call for consensus on SPICE charter Michael Prorock
- Re: [SPICE] Call for consensus on SPICE charter Kaliya Identity Woman
- Re: [SPICE] Call for consensus on SPICE charter Roman Danyliw
- Re: [SPICE] Call for consensus on SPICE charter Watson Ladd
- Re: [SPICE] Call for consensus on SPICE charter Henk Birkholz
- Re: [SPICE] Call for consensus on SPICE charter Michael Prorock
- Re: [SPICE] Call for consensus on SPICE charter Christopher Allen
- Re: [SPICE] Call for consensus on SPICE charter Denis
- Re: [SPICE] Call for consensus on SPICE charter Watson Ladd
- Re: [SPICE] Call for consensus on SPICE charter Alexander Stein
- Re: [SPICE] Call for consensus on SPICE charter Roman Danyliw
- Re: [SPICE] Call for consensus on SPICE charter Denis
- Re: [SPICE] Call for consensus on SPICE charter Michael Prorock