IETF Logo Mail Archive

Re: [SPICE] Revised Charter

Orie Steele <orie@transmute.industries> Thu, 25 January 2024 18:50 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: spice@ietfa.amsl.com
Delivered-To: spice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5023C14F6F4 for <spice@ietfa.amsl.com>; Thu, 25 Jan 2024 10:50:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oHSzDD5PqZP2 for <spice@ietfa.amsl.com>; Thu, 25 Jan 2024 10:50:43 -0800 (PST)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5A00C14F682 for <spice@ietf.org>; Thu, 25 Jan 2024 10:50:05 -0800 (PST)
Received: by mail-pj1-x1034.google.com with SMTP id 98e67ed59e1d1-290b219a60cso3025272a91.0 for <spice@ietf.org>; Thu, 25 Jan 2024 10:50:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1706208605; x=1706813405; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=SVfv5bCy5900TxexQgpLuvM8FA/HhdAT5btKw+WxF+E=; b=gEZlhRJuIoTdMMZ/EB4x4xthfpzxnzTIbIQC9ZhfQfejloO1RT3pAIp6Gd39FWt9cK W5r5Z9hQDmGWNKB44iU6VfxOT9yNpi6HERPXPQq2vRAiyLa0gtg41jCwvae0T3aRKtDA ws/e58MmE+Qh79Vca0CQUlOcOPz1OHhFjrxJYoZHudtQOF9dRqF+PcCgpg6TVKr4twU3 p30aSlfk4aDqVdCnG55GkeyUG0YjyYiOm5tJc9bRU/n99kAVCKLJlItKR2Q+tJ7XyY7a WWH++7L9wgtt3g4OCWMnIeZXU3GfJwT6U39x4Xbv2eLtNF1JIAMzv+uZZXpvJ1I1wQRS vOtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706208605; x=1706813405; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SVfv5bCy5900TxexQgpLuvM8FA/HhdAT5btKw+WxF+E=; b=bx6zb2tP4Y6/NSkIfS/VwEsswCuv24c/zMyxFbphlz9xIqvK0r5LfzVPDZCzOvEta0 LBpqwdkuCQXPUQJqdu5bTq0HhMew2sHvyPmXCtFJ8/9PzoVeFiOu+ABzYGF3svy+ilnq VK2PKbAeEXNoOTBko8paFBzsC/bz99Za1M8iKK1nNxXl8OgGQAGtbpo/2cR4jjhq+0uN QecfHJIGmP1mwC8fDhpiuixPyQv3jGh3Q0ZvSvF20j3AwZV+/BGaT+YdzcJX0AsMz4s9 fm84G6+0rJl/gvqvLUVlrAPdqW2Z72zRdu/FryFEsBj0v1WKd3ifzsYOBRw0AcII7Dl2 fhOg==
X-Gm-Message-State: AOJu0Yw6o/2RQ0PkXm+nFWlHfedXIA8KPgYfi38aeLyNvMZY8RjfwzpT tKX7cP9CIMGc83gSW+gTC0vGfgyN3Qa5t1IJsvakPHAQ+X2Fc+8G2ij6pdzANqXx5g+zpB9cAoI TrE40ugA2PBNZnmZY8u8WEINtKCWAgqialf+HkDP4EtmimC1z2fY=
X-Google-Smtp-Source: AGHT+IG3/X077AThGCiWuQyE2A++iJx+7mcfLByEgf3Pft51GD2nvCPnJUbkOMSFEwVokYVC4cDMTeTiIWXRaKQ7c1w=
X-Received: by 2002:a17:90a:ac0b:b0:290:91df:90e7 with SMTP id o11-20020a17090aac0b00b0029091df90e7mr47636pjq.39.1706208605075; Thu, 25 Jan 2024 10:50:05 -0800 (PST)
MIME-Version: 1.0
References: <CAN8C-_+_uWRwgden4DhfOG4kxbExhMk3vgL_9thjt9M4y=Q7CA@mail.gmail.com> <BN2P110MB1107422AB87BB4AFED71A751DC71A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN2P110MB1107422AB87BB4AFED71A751DC71A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
From: Orie Steele <orie@transmute.industries>
Date: Thu, 25 Jan 2024 12:49:54 -0600
Message-ID: <CAN8C-_LEeV0P9-4fssY1Qr4-MmSWk3MhGnsNr-5qwL68Z11O+A@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: "spice@ietf.org" <spice@ietf.org>
Content-Type: multipart/related; boundary="000000000000d1a4ed060fc9a554"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spice/mI80v0ZmDdbnvPrBj9LEukzDYAs>
Subject: Re: [SPICE] Revised Charter
X-BeenThere: spice@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Patterns for Internet CrEdentials <spice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spice>, <mailto:spice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spice/>
List-Post: <mailto:spice@ietf.org>
List-Help: <mailto:spice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spice>, <mailto:spice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2024 18:50:47 -0000

Hey Roman,

We merged this PR on the informal call today:

https://github.com/transmute-industries/ietf-spice-charter/pull/22

The group believes we have addressed all feedback that is necessary to
address for the current charter.

Regards,

OS

On Thu, Jan 18, 2024 at 4:44 PM Roman Danyliw <rdd@cert.org> wrote:

> Hi!
>
>
>
> Thanks for all of the iteration to get to this text.  I have a few
> questions and comments.
>
>
>
> ** Per the “Background” Section:
>
>
>
> -- “Some sets of claim names are registered with IANA and originate from
> the IETF, OIDF and other standards organizations.”
>
>
>
> o Editorially, at no point in the text so far has there been any link made
> between “sets of claims” and a “digital credential”.  The introductory
> paragraph talks about “values” and “attributes” of claims.  I recommend
> some bridging text.
>
>
>
> o As a reader, I’m not sure why I am being told this detail.  No
> subsequent text in the deliverables mentions that claims from other SDOs
> need to be used or that they are being built upon.
>
>
>
> -- “IETF and IRTF working groups have developed foundational building
> blocks with BBS Signatures, RSA Blind Signatures, Verifiable Random
> Functions, or other Selective-Disclosure and collection limitation
> techniques.”
>
>
>
> o Editorial nit.  IRTF doesn’t have WGs, it has research groups. The IESG
> will flag this.
>
>
>
> o There are assertions of foundational building blocks but the text
> doesn’t narrative how this work would build on them.  One can infer that
> BBS/VRF/etc are the crypto that will be used.  The IETF WG references of
> “Selective-Disclosure” and “collection limitation techniques” is what?
> Recommend either citing WGs or RFC/drafts if this link is important.
>
>
>
> o I’m trying to keep the IETF/IRTF lanes clear.  Coordination with CFRG is
> noted later.  Is there coordination, or reuse?  What planned activities in
> this WG would alter the course of CFRG?
>
>
>
> ** Per the “Key Design Properties of Digital Credentials” section
>
>
>
> -- What is the intended use of this section?  In what way does this text
> scope the planned work?  For example, will the WG deliver some version of
> those as part of the “A document specifying the selective disclosure of
> claims in a secure and privacy-friendly manner”? Are those related to the
> planned architecture deliverable?)
>
>
>
> -- I’m a little confused by the framing of this section as being able
> design properties of “digital credentials” but the
> “In-Scope”/”Goal”/”Deliverable” sections aren’t linked to digital
> credentials.  Some editorial bridging is needed.
>
>
>
> ** Strongly recommend merging “In-Scope” and “Goals” sections.  Move the
> text currently in Goals to the end of the current “In Scope” text (i.e.,
> reverse the order).  Editorially, charters typically first say what they
> will do and then describe who they will work with.
>
>
>
> ** Per the “Goals”
>
>
>
> -- Per the text “Additionally, the SPICE WG will coordinate with other
> SDOs, such as ISO or W3C, on data model elements or protocols needed to
> support existing credential use cases”
>
>
>
> o what is the thinking behind “support existing credential use cases”?
> Are these new design goals?
>
>
>
> o I observe that ISO is a very BIG organization.  IETF even has multiple
> liaisons for subsets of ISO.  Can this text be more specific about the
> relevant links?
>
>
>
> ** Per the “In-Scope”
>
>
>
> -- Per the text “The SPICE WG will consider the use of TEEs (Trusted
> Execution Environments) for managing key material and digital credentials.”
>  Can that design be made now?  Can this be deferred for future charter
> scope?  I’m practically asking what “consider” means here.  It seems like a
> conditional scope (i.e., “we don’t know if we want to deliver this but we
> want it in scope”).
>
>
>
> -- Per the text “Focusing on crisp technical specifications and producing
> separate informative guidance documents helps to keep technical interested
> parties involved”, I observe that the planned deliverables only include a
> single informative architecture.  Is that sufficient?  Perhaps that is the
> lesson learned?
>
>
>
> ** Per the Deliverables?
>
>
>
> -- Will the meta-discovery document describe a single protocol? multiple
> protocols for discovery?  Does it build on any prior work protocol work
> (e.g., is it an HTTP API? COAP?)
>
>
>
> -- Per a “document specifying the selective disclosure of claims in a
> secure and privacy-friendly manner”:
>
>
>
> o What is the relation between this document and digital credential (the
> substance of the front matter)?  Is this providing a framework/set of
> claims to let others produce their own digital credentials with particular
> security properties?
>
>
>
> o What is the relationship between the “security” and “privacy-friendly”
> properties and the more detailed key design properties?
>
>
>
> o What is the encoding of the claims for this document? JSON and CBOR are
> noted in the lesson learned but not in the explicit scoping.
>
>
>
> Roman
>
>
>
> *From:* Orie Steele <orie@transmute.industries>
> *Sent:* Thursday, January 18, 2024 1:19 PM
> *To:* spice@ietf.org
> *Subject:* [SPICE] Revised Charter
>
>
>
> Hello Spice Enthusiasts,
>
> Our revised draft charter can be found here:
>
> -
> https://github.com/transmute-industries/ietf-spice-charter/blob/8f140a014ed13a21ff308b4d48d745ead67d8c54/charter.md
>
> Thanks to everyone who contributed text on github and through the mailing
> list.
>
> As mentioned on our calls, I will submit a bof request with the draft
> charter text as of today.
>
> If anyone has objections to the current charter text, please provide NEW
> and OLD suggestions through the mailing list (on a seperate thread), so we
> can finalize any remaining gaps.
>
> If you support the current draft charter text, please reply to this email
> indicating that you support the current text.
>
> I support the current charter text.
>
> Regards,
>
> OS
>
>
>
> --
>
>
>
>
> *ORIE STEELE *Chief Technology Officer
> www.transmute.industries
>
> [image: Image removed by sender.] <https://transmute.industries/>
>


-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries

<https://transmute.industries>

v2.23.0 | Report a Bug | By Email