Re: [Vcon] Roman Danyliw's No Objection on charter-ietf-vcon-00-02: (with COMMENT)
Daniel Petrie <dpetrie@sipez.com> Sat, 07 October 2023 13:50 UTC
Return-Path: <dpetrie@sipez.com>
X-Original-To: vcon@ietfa.amsl.com
Delivered-To: vcon@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27803C151087 for <vcon@ietfa.amsl.com>; Sat, 7 Oct 2023 06:50:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPz77mwHDott for <vcon@ietfa.amsl.com>; Sat, 7 Oct 2023 06:50:48 -0700 (PDT)
Received: from sonic322-48.consmr.mail.gq1.yahoo.com (sonic322-48.consmr.mail.gq1.yahoo.com [98.137.70.111]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AB34C151089 for <vcon@ietf.org>; Sat, 7 Oct 2023 06:50:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1696686648; bh=Jkt10nDeWN8BXQoe8Pi5NMw+CS4Ojg3uN7TYgHFntFU=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=VCK2zCtuoU2GBgeaGWcW66Ums4Y1W7rtQrq5W+fKSHmsnLmvm5Qh+aYDjiMSsUVWr1UMQ6tjwo/bGzRr3dCbk642XT+IJjNvCgC2EZJY3Cm9X/PLRyNDdGHOEJhofAXBekEnrHCq6Scz5pu0JI+LXX4WDV4Hcbv5r1liv+C5jJPDUTkobWI+BPq4oCeTlXnilAUysvkLHRU5bdCjbT6fhLqiLavaFAew9bTTfOSYZcKqynpAMRmYP93AsIM2A9B0Lc5Y3ynQxOEDlOALwuEyMFx6OB9+10go6oIIFW1U8YdkDeY5VviRMzd47yNn7X+0MONJS097iGtxHuVQDhW2lQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1696686648; bh=VvYcviFUAF1YcgxpvGtqjCZMAqc9r8tkEwwRi5uin60=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=b/n3ax4h6XvLbszoj17PsjM3wWRUCVe9meSLDe5LDaSS4QKNR7sebgkzBG2PMd4v1xX0+EmBkc0Yd94CBGjoBxTr8z1J7H2z9G6yIjkBcNpzmxsxck3AVjJQ4D9eKlGwfScjFN0vMoZnvlTfkY7ZeZS0u5li5JAYcxQwPu5jNaMssuq+CSfCt6GYMRRRzQOuofru5oIcAxqv4b24ErZR1jqW+DxN5GFmiKQJ9Le6hZfxDoyX3/HM/EFv60BJFE1AoExDsbo6wlUtdh82CufxHvtEqafRUGSVkLvUlV/HfNTAoWhXD+zpqkse4H0dAsBVEmrnbAQnYbsIw8rvI2Qn0g==
X-YMail-OSG: GaE8YssVM1mKkHPjeZk2tIXen0BOT_kja2hMBDh9AIqX6TvRlrbbL_t4t_IHAAE onKn6CoX9zaWNZIM5XftXdHrkYycf7vaaan2FndmuiuNSEolRciC..eFyc8B8FpYPYRguSYBydeV Unb5aMftl0Z2Ws859PtPVEIrI22WshcsnYw1QIGgD2Sipmr6.YBtxFJBg1UYruDXbI.7ETuGQA8w elFXDNpuE6s0l8mu5w2Z22MyFTRt9o2g2Ob0pveNeSIjkh.s.MDjGyPOLvp480iamXBp5VCh0Egv .1M3epxKexUPp0pO2Js5jYOvNBYKhWVt3Q_6B5.afBrzI9gThr23KemLgRMnFql.Y5Y.rJVVVX_H yTOohCBurhYzkkDqofDgXPdARzQxqsNK11Z9Vi0a9vpetIalyVea30i9R62lTJ.1ii9piiq4vk.e 4W1NZ7K0FHK7o6f5wCo2jdXo0RCMnEdlJYtgujKtC1eqMmRbI4eQLGBNa4nDaFx0ed1b5m4KShDJ ZeKHgOXZUxG_.iJzk6v05dj2qQbSqWgsNlKhMVt5_0N9iP8lrlFUaiLsReryrHtghFUQUs_.J.Yj qMpMVBwpt.PxhuRUBWvxIHwEr47ba0fzNrlRRWLcWAMiqkRXNOoKyk6qwZ4B4HTeHXC2NFrxrZII 5GV.BXeNCs7TCuNhYNwyCNDoUTsicWKe_KmMOKZl92CC2Jxsmm.igmPJjwMLyGPPnuBmeLyFTz2g bRsDjWjbNfJm.VPQK_9eHVZ8p65WhjNfRexY.O73l1OIriWIQjRc20f5osRfQOlvw89_zPWECLr5 sAn42S1zvF7O_KECLxicfooR46B8l6jgzhUrjG1ruyQ6SFwia.1jVkVFr5m3N2yuN93rcxlSPtij 7S8qjY.mtG6v3SjYzed959r2cOhg5kfO2u_TK35BWeQwkYZsbQV.pLMD0hH39JiBUgcqH14Q9INp OTlbbSc2oDb1pW.oDT2gD1MkoNpfQIrhUljEJ6E4JQVPvEjJADMiPar45mzGqgznzWQ.XHax4jkQ rcUd2I8.wQ9jTvNkhbJL7vjnd87mW9urEcvm0J4_Wh6Qjdw27if1FnVj1u2SgjDaiNTBWOu1VVdS SXsuG0BaXLHHkG1N72_KycTJAb_pEjw9xW9iEIDOxW9G_2gGLuKEIoLvnBf2cv5w9BOSDN8DcHx9 l7cUEL3gW8QouFVeJXViOBOl9Ah5gWl4zLNG4MXRT6Upu8XMoojiJp7vpejEE3LOEyPutzwLqufW sHyq9_HQTTgwnMNbbxD9IwQsJQZHxW7G2XaUrPF4CZxL5G0rvNk0v9GHJy7rra4Upy0ICLYIOa0. i8daEOLaEC.sPR1Gw3U1SXBvdqHUx0GTAEblTa2qwQzC0qVUOzn6X1E5qFdZ3rlewblSV8tx3u39 GQ01Rov57L2O6iL43eH6BvhOmmxW3MV7faMfqUVJNDUmbIfE2Mq8qYQBiYxInuDEVZtw9ROUgOZZ 3WsGsJfkeEEcthd0H7zmhPBM9Y6elomm6MEdU4yXzwYvJJ8NCCCHy.Vtam_2qwIYn0qMMHH4fFkW aFTpIQOyFtXVdGY2Z2nAtfGE_IAh.2htIBROoVkTS9LfR3czz2_4Z6hvxjugkaQN3naqSyFYRmgK p7DIKrUc35a6qwYoY7m.ykQQy13c4Dy_zViSi.yrJbnQDNQsq_WB2jiz2SwjX3SuVmxsg9vt5Ote jdilqI0FaI0iRUy5a5zoTl66TIuO9xAUeO5cNSMqgL26YfTaixi61uEVCatPkHsA4x7Ezx2Bx7ho 02.d2t_Ju5V0.9xXf.zmlePOzGP81kky1xiCs.Ulil.XFWhib9zU6bJGwq0ScoQK4OgfbwKiLrfs J4.4FCLirLmBii7Ct7wkglmw96EYi2MHlCwWmW7SsSJrwuvm6.raXeaS7JOg3cVt4Y6Y8kN9QWkL TwLHzx0Be7bOayUqkxy436DIC3JyRDPhIZ_OK63YaxAfIZg4zmX9WcdqD.5wJ3bViU9.VxxwTsmw _jUgDZWmMkrwSOp4YDEgrprx1VM44Eu4CiSah7RVCu9I1QNF5pdZiyRIdhzszjA1NRqdeNXgf.0B vG2i_TlG_xqz1yckfuOEJ9sZQSjSJxrvSJygdiWXz6KDmsSwjNZZsUbyplrgmEWmUP90ooMxuH3k edhSGp2vBzKAo9nVzaO0dG9w1tzFux.Ovs2jgm_8i2hfy0y0MKd01GQpJHg0rVKLD.1ZIyq7HTp9 lXYDYc6RNUu9q
X-Sonic-MF: <dpetrie@sipez.com>
X-Sonic-ID: c550e482-f57e-43fb-8d08-3de3f1feebde
Received: from sonic.gate.mail.ne1.yahoo.com by sonic322.consmr.mail.gq1.yahoo.com with HTTP; Sat, 7 Oct 2023 13:50:48 +0000
Date: Sat, 07 Oct 2023 13:48:46 +0000
From: Daniel Petrie <dpetrie@sipez.com>
To: The IESG <iesg@ietf.org>, Roman Danyliw <rdd@cert.org>, "jgs@juniper.net" <jgs@juniper.net>, "evyncke@cisco.com" <evyncke@cisco.com>, "lars@eggert.org" <lars@eggert.org>
Cc: "vcon-chairs@ietf.org" <vcon-chairs@ietf.org>, "vcon@ietf.org" <vcon@ietf.org>, "Murray S. Kucherawy" <superuser@gmail.com>
Message-ID: <2058382461.3519401.1696686526833@mail.yahoo.com>
In-Reply-To: <169646864851.52129.15976734485126936288@ietfa.amsl.com>
References: <169646864851.52129.15976734485126936288@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_3519400_766093890.1696686526830"
X-Mailer: WebService/1.1.21797 YMailNorrin
Archived-At: <https://mailarchive.ietf.org/arch/msg/vcon/b8BPsX34KeO0NrsxvcVpLHGvWiA>
Subject: Re: [Vcon] Roman Danyliw's No Objection on charter-ietf-vcon-00-02: (with COMMENT)
X-BeenThere: vcon@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: container for conversation data <vcon.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vcon>, <mailto:vcon-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vcon/>
List-Post: <mailto:vcon@ietf.org>
List-Help: <mailto:vcon-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vcon>, <mailto:vcon-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Oct 2023 13:50:53 -0000
Thank you Roman Danyliw, John Scudder, Éric Vyncke, Lars Eggert, Tommy Pauly and George Conant for your comments and editorial review on the vCon charter! I have updated the charter per your input to the best of my ability. The edited charter can be found at:https://github.com/dgpetrie/draft-petrie-vcon/blob/main/vcon_charter.md Cheers,Dan On Thursday, October 5, 2023, 1:17:31 AM UTC, Roman Danyliw via Datatracker <noreply@ietf.org> wrote: Roman Danyliw has entered the following ballot position for charter-ietf-vcon-00-02: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-vcon/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Stepping back from the details of the charter text, this work appears to be trying to define an object security model for a JSON data model for conversational data. This is my first exposure to the vCon and I don’t know if this was discussed prior. Please let me know if this has been adjudicated already. As a starting point for this work, has JOSE’s JWE (RFC7516) been considered? The JOSE ecosystem provides a rich sent of container formats in JSON and associated code points/identifiers for algorithms. I don’t mean to invent a solution, but wondering if the use cases or desired security properties preclude the definition of this domain-specific (conversational data) JSON data model that can then be secured with an already standardized JOSE security containers? I’m trying to ensure that snippet of IETF technology aren’t reinvented unless it is necessary. ** I concur with Lars that the use cases should be pruned from the charter text. ** Paragraph 2. Opposing forces are being presented, but I don’t understand why “privacy of personal data” necessarily conflicts with “integrating data with multiple sources” or “transitioning from one provider to the next”. ** Paragraph 2. Per “There are also three open source systems implementing vCon”, what is this text meant to convey? Are there already draft specification for vCon that this WG will adopt? Or, is this “vCon” in the sense of open source solution generically in the space of conversational data management? ** There are a few places where security related things are said: (a) “The work group is to define a JSON-based container for conversational data, along with mechanisms to protect the integrity and privacy of data in the container. (b) “Define/specify a mechanism for proving integrity of the conversation data” (c) “Define/specify a mechanism for encrypting of the objects enclosed in the vCon conversation data container to provide confidentiality of the data independent of transport such that some parts of the vCon may be disclosed to different parties” -- “privacy” is mentioned in (a) and “encrypting”/”confidentiality” is mentioned in (b). I recommend being precise on the security property, is it “confidentiality” that is desired? -- just checking, this scope is really is only “integrity”, that is “no one modified the bits”. There is no interest in authenticity, that is “the bits came from who I expected them to come from”. ** Per the scope paragraph saying: * Data minimization should be considered for each of the use case What does this mean in terms of deliverables? Or properties of the container? ** Per out-of-scope paragraph saying: * The encryption keying. Can this be clarified? Is this saying key management is out of scope? MTI algorithms? ** In either the milestone or the scope paragraphs describe the status (Proposed Standard, Informational, etc) of each planned document. -- Vcon mailing list Vcon@ietf.org https://www.ietf.org/mailman/listinfo/vcon
- [Vcon] Roman Danyliw's No Objection on charter-ie… Roman Danyliw via Datatracker
- Re: [Vcon] Roman Danyliw's No Objection on charte… Daniel Petrie
- Re: [Vcon] Roman Danyliw's No Objection on charte… Dan Petrie