IETF Logo Mail Archive

Re: [SPICE] Call for consensus on SPICE charter

Kristina Yasuda <Kristina.Yasuda@microsoft.com> Fri, 09 February 2024 22:09 UTC

Return-Path: <Kristina.Yasuda@microsoft.com>
X-Original-To: spice@ietfa.amsl.com
Delivered-To: spice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BA9FC14F5F1 for <spice@ietfa.amsl.com>; Fri, 9 Feb 2024 14:09:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WCvAVmsRhaYF for <spice@ietfa.amsl.com>; Fri, 9 Feb 2024 14:09:52 -0800 (PST)
Received: from BN3PR00CU001.outbound.protection.outlook.com (mail-eastus2azon11020003.outbound.protection.outlook.com [52.101.56.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7B64C14F5EC for <spice@ietf.org>; Fri, 9 Feb 2024 14:09:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TDH4Wt8mcNfELi1L9ixluwFtedR1+ry+p1KaEgPMAnszyvKKpa5AXrm+wnoGQZl+6SsUhGsmVONW/cirK+32Gy68aQophZ92JTqtQnfhWiKn3Ll1LiF1efit13bQL+oKjj59cKGu4O3w6vje2kCobeIX1XNH4Hz7E/vJNmcttPAb7ojZNnMQbh7yRxUyPIrGKh9kOxWve+QiRTt6kx3zznbpTPmzLWi4jEuNhKiTuEG/SK5/Qr7JSJ8LVAkFkON8bWAgdK2R1DOW91eqMfeHaT56mYya+QGzTsa2iGCdGXvMNj1vUNfB0ofqhxtPVezlEAdJRwcc2XNS6kD6nWEv1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iX0VyqNS97aWgqW8FNPvZdOrY9HartpVD3xW1aDxLQ0=; b=LvcvSN8lhGWbqti1kZdHaX+uUPIEFMsACddkxmaovqjt9JnfM9+kYsbaTgMCjBVLYEWxSTlImaKNDYLhubUfwPLSnyXXsRhDBEmsFyw8vQ3jVRMwEgf+yv7O9g5J84vxJbAg1ZIXlc8t6V3hPg8Y3bFwbwcfXp2WbvxLVGPt0HF5vd7KJxEuNXblEYYfCHWW7RF0rKbA9axQzRWK+yHKTTdi/IDxGP/Qk7UukSJoy9L3FyKOpF/eP8tLX+iG7LNqJdFqkMCrQ2dsyisueX6QVQVCm4BQWBD/eh1VRKCRlwBEVmoSNAkioBLujEeIRI3E5V2Nvhc5rJL5MdimbYoWvA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iX0VyqNS97aWgqW8FNPvZdOrY9HartpVD3xW1aDxLQ0=; b=D1siL1cBZbD8HDZ1FA0VGDbXbh7H0EVXYXRHbbleRkM6jnuXGUFZ83el0cVlMBYN+i2tk0QbJ1UTozMgy1KFV9LkYftplezBIGo5NGKvvxIsqICv/KV3o1j6pdkf0whVuVKfQEKgxj9OLWq+/t+Xa4SEaINM9V4JDsxpvU/tl/g=
Received: from DM6PR00MB0859.namprd00.prod.outlook.com (2603:10b6:5:220::24) by PH7PR00MB1474.namprd00.prod.outlook.com (2603:10b6:510:1ed::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7319.0; Fri, 9 Feb 2024 22:09:47 +0000
Received: from DM6PR00MB0859.namprd00.prod.outlook.com ([fe80::dcaa:8a67:1e4b:a17a]) by DM6PR00MB0859.namprd00.prod.outlook.com ([fe80::dcaa:8a67:1e4b:a17a%3]) with mapi id 15.20.7322.000; Fri, 9 Feb 2024 22:09:47 +0000
From: Kristina Yasuda <Kristina.Yasuda@microsoft.com>
To: Orie Steele <orie@transmute.industries>
CC: "spice@ietf.org" <spice@ietf.org>
Thread-Topic: [SPICE] Call for consensus on SPICE charter
Thread-Index: AQHaW5VAXHekL0EPikSNlaTy10ejNrECdswAgAAZlNM=
Date: Fri, 09 Feb 2024 22:09:47 +0000
Message-ID: <DM6PR00MB0859F486BEF195F04CDD4994E54B2@DM6PR00MB0859.namprd00.prod.outlook.com>
References: <MN2PR00MB08634013D5E87AEEAB12A187E54B2@MN2PR00MB0863.namprd00.prod.outlook.com> <CAN8C-_JRJ4wcF+dzGCLHuc8p-wWauXxgpwVQV19ddgwG8_ZVAA@mail.gmail.com>
In-Reply-To: <CAN8C-_JRJ4wcF+dzGCLHuc8p-wWauXxgpwVQV19ddgwG8_ZVAA@mail.gmail.com>
Accept-Language: en-US, ja-JP
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-02-09T22:03:11.0602398Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR00MB0859:EE_|PH7PR00MB1474:EE_
x-ms-office365-filtering-correlation-id: 4dcbb9d6-827c-46c5-064f-08dc29bbd430
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4Dyn/6d31Ul1UJUEC9k9XKaDd1PSPAyb/arJwAa0GJH9CS62wAXXOgL6rhMgkf5gmEbW+ZOg8LPbF+NAhjmB2FkT2ePwh1i699XvMIVZRZTDvo2RUMPfMO3coxFn1uw+cJC4u3roABlmc5t7zyPuGccwjgb8HhzSymfoqCvpQwWeYqOxueObJgri6Bk2Ra5Onf+7J7+tqSO18i2d4Tqn3Szu52BQWVPFSWLlkpfqQv85iJe2urzUT+Sj7skKQDpOxt7XER4ESuAAU08Q/egDXXQ+uoMBtSMt8PTJyM90xNl3vwOa6j8R/kCcILNhKtI0uLSepcLc2jMhxFVOENsgJIBds0AtL0oxNX7uayQlEpRFvFmlgMeot5s3vDG5kCCmWVdag4yshPiao4DVI1rYyADjc1bx/pGUYP5drrGNb3ZpGOnT7gP9w0osTClENuXUGPW8knkeBYkGlb+Vwx0yNd668GlvFMDHD9lWxNT01iG2IgksSfmvBQ9a3GdWypAJJflJX8t7MQJZA2iuB/2CiUyJ6g3ODM3iQFgbFVXFpcTlDHgJXGX6eIG6EtL0jYqEr57v/WEtGuwixQ+viOkXDvcbq8/n8OLhKJq4wOkEd+4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR00MB0859.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(366004)(396003)(376002)(39860400002)(136003)(230922051799003)(1690799017)(1800799012)(451199024)(186009)(64100799003)(5660300002)(52536014)(316002)(41300700001)(8990500004)(2906002)(83380400001)(38070700009)(122000001)(33656002)(38100700002)(86362001)(166002)(82960400001)(82950400001)(8936002)(66446008)(66476007)(4326008)(64756008)(6916009)(66556008)(9686003)(91956017)(53546011)(478600001)(10290500003)(71200400001)(66946007)(8676002)(76116006)(6506007)(7696005)(966005)(55016003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: GIISc6QkFhNTQYORCWSmHbHiWrZrw49onM8oL9VEsSJ7t85wPFoOVC3Xr3YihR0QPJC0oeFOiMT0cXppiE4iC86TuEgzqNCTURqzImAwjc+PTvX6462BGYOjiACtYGyeme5SFPICSSh9Eh9KfmPGgcoyYksBpglxKdbZ0JgfHAwKJrrIE0wCzl2QkUDjicMw9qdLDpL/STl9YdkOVbJ8SiKQALvPuzbSYJUFUCnCICc73PCkLlx0Zb+iE+8MtLfqNA3/9DEDHrcbhvoDk1SN+dNuRoHzRnUFB3v5UkGFjjwXk0yn9PcmG3iBJ2epoD4QDjgTOIqnHrJUrrZf6m09a7YkvdFXwyPBtDngU70TLYi2w80lNoiKZjfqRsg+lp08Eu7nqt603IlpmgDTiEridAoXdDarSGKxg3/qVFc0f0/65rBV4n+/ZyEGB9WEcTCRPNUqWfNkj9MuYPX96jtqkWeZZfnvF5+Legsu3/+/Y82HG1cspotjaBkRCYZKrbimnYbeSAl49aHrmAmxisgWoAUEFInVTHNSdpSF0PBYDSkK6/l8lFFbEL/rE7jvbDexQ0rPldEd4Y26J/HHVqq7wdGptWXxuJe3aOTAtmeDcZhQcSAc9rwULPGOrK5Z3/NxethEmgx87iDFiwxhY4IKC5Ifp0iLVs69+998qNFso4cCHa2cKE5rHkOYnTyhRc1b2VJf+LnmSnb3dTkbJEdJaN+W8eaf1STqrMQugpP2kbezXdGdajSVxLAMOzLsUhfhLPswfDYPTPWzHTMzoQ4bzusEVmC+PZg0mxp0T7wubTV2nWxa4TKierOlez0H3ZTeeoEevOqVYPt6mh5ljeQLFxXG0u1I+hUKvw7+dmnC7Yb+mtDjUOdyXaFH755hQlNpcyvMzKzZGV5PPoTIVKf+mwepcAVBwVke4hI9Zsb4yURq4KzrqMqS8yf1FgQz1XG+hJfUU6FPhFB9/F+o8kt/+OaFqHr0LZLdjvhtfW3LCe0tg/t3TrgDV5tHKLFZ6W6CIXT/l/t7hr1Khw/KWFUZiT/dp5DyWIUG7GNKPVnfM96HXi6AistBEsEk/6RUp0S7iw/i65oz+fZElmxyj2S6zqZ5Y6KuOfVXs3pTKJaAz4VIwSDTiTdGJqXC5MQ+75GjcD4t90CN1vnJUn6ACS6qpAZqRnIrvBJi+cdM7PoCpsI0fPyNvTkZyp7KXzIXU/+o7gR/B+qQYhQVa7sMTCjphVl5IYVYF0Ro7PaiEEeArAYOgzqyziXAzxgZF2YSf09TolCm3ljp8ufhtyHHHhmT31F8LmfGTIAZJfydsChQ8s09gl0QV/2WxRcpk+iQ1Xa/WkiKDcEA5vYTSjUaF+SNAhy8FN8VOH4FYSxRp5jxCya6rivdSr0FJmu7DORqKcGejaYUjaK0CYmyv1QLMIz+/4EZAsKGmELBU28FgHhCoONtGr9es3OcJAVnN2f7okCUY9vNgLY5lALJdpA/ASvgTGKt25qHk26cEFGvgrQSADwH+nTr9bMshg6ZOvY4dJekTL8EBvNc01MavZ5GC80zHSV/Me/iht+laZv3ZKkf3V7kvGKTacfRz+HlKMkOOlcKwFkd/ASqrMxJj5zJcWacZb9+tnV80amX6YlxzlxRqDF9bfaHxzwfY6xEi+3MkSczM2K0tOMmspcomNwNVe2YXQ==
Content-Type: multipart/alternative; boundary="_000_DM6PR00MB0859F486BEF195F04CDD4994E54B2DM6PR00MB0859namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR00MB0859.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4dcbb9d6-827c-46c5-064f-08dc29bbd430
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Feb 2024 22:09:47.4878 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: oVoDHPyzcm8tv4G5ut/G2lxV1tZOl4img3ICkYDNJecSuKsyfMaHaTF6wLmrG8La3c6E/Jr3jVKY/xyXDKiDig==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR00MB1474
Archived-At: <https://mailarchive.ietf.org/arch/msg/spice/wPX3CFkedPWjwdaekvuMuFRedrI>
Subject: Re: [SPICE] Call for consensus on SPICE charter
X-BeenThere: spice@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Patterns for Internet CrEdentials <spice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spice>, <mailto:spice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spice/>
List-Post: <mailto:spice@ietf.org>
List-Help: <mailto:spice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spice>, <mailto:spice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2024 22:09:56 -0000

Hi Orie,
Thank you. Guess my question was why can’t mdocs be used for the use-cases that SD-CWT is being designed for? And the answer seems to be “because one needs to purchase an ISO standard where mdoc is being defined”?

mdocs are not exactly CWTs, rather CBOR structure signed using COSE, but they already have a salt-hash based selective disclosure mechanism. mdocs also define issuer PKI to be x509 and holder key binding to be raw COSE key, which helps with interop but could be turned into an extensibility point.

Best,
Kristina


________________________________
From: Orie Steele <orie@transmute.industries>
Sent: Friday, February 9, 2024 12:31:38 PM
To: Kristina Yasuda <Kristina.Yasuda@microsoft.com>
Cc: spice@ietf.org <spice@ietf.org>
Subject: Re: [SPICE] Call for consensus on SPICE charter

Hey Kristina,

I'm not an mDoc expert so I expect you will be able to answer that question better than I can.

To save you the trouble of reading the "SD-CWT/SD-CWT-VC" draft (and there is an experimental implementation I developed based on OAuth's SD-JWT reference implementation".

"SD-CWT/SD-CWT-VC" basically just takes the OAuth SD-JWT approach and makes it work with CWT claimsets instead of JWT claimsets.

So where OAuth registers:

- https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-07#name-json-web-token-claims-regis

Spice would register similar properties in:

- https://www.iana.org/assignments/cwt/cwt.xhtml

You said: "Personally, I would like to see SD-CWT/SD-CWT-VC to be backwards compatible with mdocs, but that can be discussed once in the draft.

I don't know the content type of the ISO mDoc cose-sign1 payload, is it a CBOR map? Could it be a CWT claimset? If the answer to both of those is yes, I see a possibility to align, but there could be lots of other challenges.

Having not read the ISO spec in question, I can't answer more than that.

Thanks for your comment about the W3C VC Data Model v2, I filed an issue to track it here:

https://github.com/transmute-industries/ietf-spice-charter/issues/29

Feel free to pile on any additional changes you would like to see there.

OS



On Fri, Feb 9, 2024 at 2:22 PM Kristina Yasuda <Kristina.Yasuda=40microsoft.com@dmarc.ietf.org<mailto:40microsoft.com@dmarc.ietf.org>> wrote:
Hi,

What is the relationship between SD-CWT/SD-CWT-VC and mdocs defined in ISO/IEC 18013-5?
At least, mdocs should be mentioned in the charter.
Personally, I would like to see SD-CWT/SD-CWT-VC to be backwards compatible with mdocs, but that can be discussed once in the draft.

small nits in the charter text:
VCDM 2.0 has not yet been published, so the last paragraph in the Introduction should be rephrased.
Best,
Kristina
--
SPICE mailing list
SPICE@ietf.org<mailto:SPICE@ietf.org>
https://www.ietf.org/mailman/listinfo/spice


--


ORIE STEELE
Chief Technology Officer
www.transmute.industries

[https://ci3.googleusercontent.com/mail-sig/AIorK4xqtkj5psM1dDeDes_mjSsF3ylbEa5EMEQmnz3602cucAIhjLaHod-eVJq0E28BwrivrNSBMBc]<https://transmute.industries/>

v2.23.0 | Report a Bug | By Email