IETF Logo Mail Archive

Re: [SPICE] Call for consensus on SPICE charter

Orie Steele <orie@transmute.industries> Sat, 24 February 2024 02:58 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: spice@ietfa.amsl.com
Delivered-To: spice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17D8FC14F6E8 for <spice@ietfa.amsl.com>; Fri, 23 Feb 2024 18:58:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c-KSIPmMm2oT for <spice@ietfa.amsl.com>; Fri, 23 Feb 2024 18:58:28 -0800 (PST)
Received: from mail-oo1-xc2c.google.com (mail-oo1-xc2c.google.com [IPv6:2607:f8b0:4864:20::c2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2B75C14F6AD for <spice@ietf.org>; Fri, 23 Feb 2024 18:58:28 -0800 (PST)
Received: by mail-oo1-xc2c.google.com with SMTP id 006d021491bc7-5a04bbe0a15so560711eaf.2 for <spice@ietf.org>; Fri, 23 Feb 2024 18:58:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1708743508; x=1709348308; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=s1ksZSfMVrQz05B89zeQs0ss0ClP49RUQi/EaJ2TLjk=; b=dkrYvv3P8ZrvwNacaqoJBUbAQWAW12I9Of2X7ZtpWo6wW1fOy8JE67QOMPAicd3myX dDA1duXVq5WXziBg4w/hHMUkjiny/W6ddaOKIs3YqgPwnOMnJc5g/8rTvqwBtOn2/Y96 AAcTg2WhkBIpph5mVBqP1SRNt4DW6IXjnVhnFywY1lvrMdc9RqEeojBFw/7SfoILzo8y UvQKowHTk8hNmWxyjoiJH5k/b0zH6XOhPhHazovb6EM0REmJR6sij2M+TXQZ+4dq6/7M y11DRmrOd38dP/eH6KCQ7JtmeBxzr1saVaiDnYrkdEj8dLLya1Lxoy+Qr9jKmrSIC9XQ k4Jg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708743508; x=1709348308; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=s1ksZSfMVrQz05B89zeQs0ss0ClP49RUQi/EaJ2TLjk=; b=SlBk44iYwHoDXG2N0MXuDuItDEc3uyatfKfAkpaEiI89vxLJkIP5bKW0DXnEstbkV0 jaNNPkcips7TFdGtBrXHrnvZrtezUtYTB2bfAFgrsqGKE3ppJ40GRlTmrmhEaRbZcH+s MgBRyDD5TzcYLugvKIbh53UZMw/rKh/6RDH44gIu4XwIJkTih3Zajy2fq8FlSMsy8hP+ zZfY+M1/tyOI3HGJ0tjqFFDi4uaA4GEcjwIQyRs5leNwEnuz87YVMan/98s9oNtdLRGw Xqlps5qqujSWpq+uaOG2e51BtwHHX2Tt+sH+a4miRd2j4S1uGR4xdigLkFfdJqA5VhZg yuBw==
X-Gm-Message-State: AOJu0YzN0DQk0bCPhxpj2L25ZBkoHZDNn5uzUwMa1UCrYqnt/HpLLIsL eemJnzqsp0mMGOHlIK+jSG6rq6phCk+cDsPTKm9XsA0dJyH8yZpumlUwISnvt1IjywO6Mw2LxNM xERvwQ+AjxTN38P01FoOYmDf5cSdLXgcVJGNwhg==
X-Google-Smtp-Source: AGHT+IELpV70lQJbtz5nLBDctFpn/llYuZSha3M3V5yAve/Gvrbgq3v7SqfoB5RJRB9/mIabQ1yPmCVnAXHAZtapneE=
X-Received: by 2002:a05:6358:9889:b0:17b:89bd:e710 with SMTP id q9-20020a056358988900b0017b89bde710mr1736527rwa.30.1708743507793; Fri, 23 Feb 2024 18:58:27 -0800 (PST)
MIME-Version: 1.0
References: <BN2P110MB110725C85B7253C421DDFE71DC4BA@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CA+tYtvG3KmYfUdWM9AqMcs=8abjOA1bCYHa5qeJdyRE_WzeF=g@mail.gmail.com> <CAAse2dFGZ3wFDv8FFQyBm5PYXTm0RrBaUYfF3Tum6tReFsemrA@mail.gmail.com> <CANez3f4GzDjpfL1PQCk4M80EUkDvTF1t7sfCES3GHsoO-x1DXQ@mail.gmail.com> <CACsn0cmqd2R5yJMuQYCgqpV4-Q0X442mEGX4RJatEKvu8eW5Lg@mail.gmail.com>
In-Reply-To: <CACsn0cmqd2R5yJMuQYCgqpV4-Q0X442mEGX4RJatEKvu8eW5Lg@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Fri, 23 Feb 2024 20:58:13 -0600
Message-ID: <CAN8C-_+ioJab1Qbiu+gBQ_nx-k77_3_koj=kwEJaGhVEEVc1OQ@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: spice@ietf.org
Content-Type: multipart/alternative; boundary="000000000000cb6de6061217d961"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spice/GT6LWhbtu7m6v3K5vSpysOVTL9I>
Subject: Re: [SPICE] Call for consensus on SPICE charter
X-BeenThere: spice@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Patterns for Internet CrEdentials <spice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spice>, <mailto:spice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spice/>
List-Post: <mailto:spice@ietf.org>
List-Help: <mailto:spice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spice>, <mailto:spice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Feb 2024 02:58:33 -0000

The charter mentions profiles of JWP/CWP, which is from JOSE not OAuth, and
which supports BBS, but can be extended to other systems, assuming they can
support similar interfaces.

https://datatracker.ietf.org/doc/draft-ietf-jose-json-web-proof/

I'd personally like to see CFRG publish some lattice based zkp system that
could offer similar capabilities... Probably, we are years away from seeing
hardware support for that... I'd be happy to be wrong, as long as the
lattice system lasts longer than elliptic curve discrete log.

In the informal meetings, which we have had, BBS has been discussed a lot.

As have the consent and privacy issues, and infrastructure costs associated
with single use key bound credentials, which include ISO mDoc and SD-JWT.

Sustainability, privacy, inclusivity and transparency are all important
parts of delivery secure and usable systems.

Some balance is necessary, because we are unlikely to agree to maximalist
positions on any one of these important dimensions.

See also:

https://datatracker.ietf.org/doc/statement-iab-statement-on-the-risks-of-attestation-of-software-and-hardware-on-the-open-internet/

OS


On Fri, Feb 23, 2024, 8:36 PM Watson Ladd <watsonbladd@gmail.com> wrote:

> On Fri, Feb 23, 2024, 5:17 PM Kaliya Identity Woman
> <kaliya@identitywoman.net> wrote:
> >
> > I don't know what you mean by "privacy" Nick.
> > I think the folks who are in the trenches of developing the protocols of
> digital identity at least those arising out of the community arising from
> Internet Identity Workshop community have been very focused on how to best
> give individual people the most control possible over how they can leverage
> digital credentials and have worked very hard.
>
> Results, not effort, matter.
>
> >
> > We have also come up against very real world constraints - while the BLS
> family of cryptography that the BBS+ work is anchored in and is progressing
> through CFRG is fantastic in providing a path forward for really great
> selective disclosure capabilities.  It isn't finished review and it hasn't
> been standardized for how to actually use it to create credentials
> (Although some great companies leading this work have been experimenting).
>
> Isn't that the work of standards bodies and companies to develop the
> tech and standardize?
>
> > Even if it WAS ready "now" the phones that are on the market and widely
> adopted don't have the capabilities to actually do BLS signatures to anchor
> the credentials to phones.   (for better or worse this is the primary
> subject holder binding mechanism that European governments have decided to
> proceed with for the issuance of state issued documents to
> citizens/residents).
>
> I'm not that familiar with secure element design but I have written
> papers and run code showing that it's possible to achieve these
> bindings while preserving privacy and not modifying the element. Now
> there were some mistakes later work has fixed but it is possible: see
> SAC '21 and the successor that fixes some stuff is a preprint I can
> share.
>
> >
> > Extensive research into all the possibilities of formats and signatures
> and bindings was made and I believe that SD-JWT was the best possible one
> out of the bunch given all the REAL WORLD constraints. (see this community
> built spread sheet for the details)
> >
> > I think we need the SPICE working group in the IETF to actually make a
> home to continue to progress the work towards even better credentials with
> better properties. It is specifically envisioned by the folks who are
> asking for this working group that work on how to do credentials with BBS+
> signatures would happen in this group once the CFRG review is complete and
> I know that there are government folks who want better choices then they
> have now in terms of ways to protect and support citizen empowerment and
> "privacy".
>
> But that's not what the group is being singularly chartered for nor is
> it combining all this work over the IETF. The debate here is really
> about what should be done in the group and elsewhere, and if the
> charter was BBS identity I think a lot of people would support it.
>
> >
> >
> > If we don't actually make space to move the work forward it can't move
> forward.
>
> No one is saying we shouldn't do BBS based credentials here. We're
> asking questions about the scope and whether or not to approve
> mechanisms that don't meet the bar privacy wise without a lot more
> effort in deployment that's been pushed out of scope.
>
> >
> >
> > I find it a bit hard to take seriously folks who have not been actively
> engaged in the community working on digital credentials for people landing
> down taking one glance around and saying in an off the cuff way "its not
> good enough privacy" when they have not really taken the time to understand
> the history, context, real extremely extraneous effort that has been put
> into achieving the development of reasonable systems within the real world
> constraints that really exist.
> >
> > Maybe it is our job to do a better job to communicate this prior art and
> significant body of existing work, and really dedicated people who have a
> real commitment to core positive values.
>
> If this community was committed to privacy you'd collectively away
> when the constraints make it impossible. That's what being committed
> to values means. Luther did not say "I stand here, and I'll move a bit
> if it's inconvenient".
>
> SD-JWT isn't a minor privacy problem. It lets the government track
> every time you use a credential online, with active proposals to
> mandate it for the viewing of "sensitive" materials, a category
> encompassing some of the most beautiful photography of the 20th
> century, several Oscar winning movies. Some governments will of course
> seek to extend this further to Winnie the Poh memes, French Peanuts
> reprinters, or news Carter-Ruck doesn't like.
>
> >  The work has been happening in earnest with a coherent group of people
> who have been inter-related and working together on this for 20 years.
> Many of these people gather twice a year at the Internet Identity Workshop
> and ongoing efforts inbetween happen in bodies such as the Decentralized
> Identity Foundation, OpenID Foundation, Trust over IP Foundation, Kantara
> Initiative, various W3C Community Groups.
>
> There has been inordinate work on credentials ever since CL01 and
> CL04, and all of that has been ignored. It could have gone into secure
> elements: TPM has DAA after all. But instead we get this. The lack of
> engagement with cryptographers and privacy engineers is unfortunate,
> but we can't ignore these issues on the basis that the water has
> passed under the bridge.
>
> >
> > I have only been to the last two IETFs and I was really impressed with
> the deep collective intelligence and wisdom I saw in action.  I was
> surprised about how many different working groups who's efforts touch in
> some way on identity are not intersecting very much or learning from each
> other (PrivacyPass has quite limited overlap with OAuth work - TIGRESS is
> working on moving keys between phones/wallets? also not interacting with
> work focused on that in the identity community)  Dick and Rifaat have a
> great outline for an identity sense making effort that could go a long way
> to helping various groups just as step 1 understand what each other is
> doing.
>
> PrivacyPass is doing something different than OAUTH hence the lack of
> overlap. If they overlapped more then there would be a problem.
>
> >
> > I think SPICE is needed and I hope the charter will be approved.
> > I don't think adding more MUSTs to the charter right now will help us
> progress.  Folks who believe that certain properties and features should be
> in protocols that the group works on should get engaged to struggle through
> the real work needed to find the path - rooted in the real world of real
> adoption by real users of the technology.  If it (digital identity) was
> "easy" it would have been solved 15 years ago.
>
> And if the people solving it has been at all familiar with the
> literature and cared about privacy they wouldn't have made SD-JWT.  If
> we end up with SD-JWT everywhere choking the oxygen from a better
> solution that's bad.
>
> End of the day there is no protocol police. So what exactly is it you
> want the IETF to give you this real world adoption cannot? Why can't
> we say "here's a privacy preserving solution to your problems" rather
> than ratify a lot of very flawed work? To be clear I think we need to
> have a forum to have this discussion, but to the extent SPICE isn't it
> because things continue in OAUTH (thanks to JWT) and the charter
> prejudges the result I'm against it. I'd support a broader charter
> that doesn't have a commitment to ratifying SD-JWT.
>
> Sincerely,
> Watson Ladd
>
> --
> SPICE mailing list
> SPICE@ietf.org
> https://www.ietf.org/mailman/listinfo/spice
>

v2.23.0 | Report a Bug | By Email