[Vcon] Roman Danyliw's No Objection on charter-ietf-vcon-00-02: (with COMMENT)

[Roman Danyliw via Datatracker <noreply@ietf.org>]

Roman Danyliw has entered the following ballot position for
charter-ietf-vcon-00-02: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)



The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/charter-ietf-vcon/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

** Stepping back from the details of the charter text, this work appears to be
trying to define an object security model for a JSON data model for
conversational data.  This is my first exposure to the vCon and I don’t know if
this was discussed prior.  Please let me know if this has been adjudicated
already.  As a starting point for this work, has JOSE’s JWE (RFC7516) been
considered?  The JOSE ecosystem provides a rich sent of container formats in
JSON and associated code points/identifiers for algorithms.  I don’t mean to
invent a solution, but wondering if the use cases or desired security
properties preclude the definition of this domain-specific (conversational
data) JSON data model that can then be secured with an already standardized
JOSE security containers?  I’m trying to ensure that snippet of IETF technology
aren’t reinvented unless it is necessary.

** I concur with Lars that the use cases should be pruned from the charter text.

** Paragraph 2.  Opposing forces are being presented, but I don’t understand
why “privacy of personal data” necessarily conflicts with “integrating data
with multiple sources” or “transitioning from one provider to the next”.

** Paragraph 2.  Per “There are also three open source systems implementing
vCon”, what is this text meant to convey?  Are there already draft
specification for vCon that this WG will adopt? Or, is this “vCon” in the sense
of open source solution generically in the space of conversational data
management?

** There are a few places where security related things are said:
(a) “The work group is to define a JSON-based container for conversational
data, along with mechanisms to protect the integrity and privacy of data in the
container.

(b) “Define/specify a mechanism for proving integrity of the conversation data”

(c) “Define/specify a mechanism for encrypting of the objects enclosed in the
vCon conversation data container to provide confidentiality of the data
independent of transport such that some parts of the vCon may be disclosed to
different parties”

-- “privacy” is mentioned in (a) and “encrypting”/”confidentiality” is
mentioned in (b).  I recommend being precise on the security property, is it
“confidentiality” that is desired?

-- just checking, this scope is really is only “integrity”, that is “no one
modified the bits”.  There is no interest in authenticity, that is “the bits
came from who I expected them to come from”.

** Per the scope paragraph saying:

* Data minimization should be considered for each of the use case

What does this mean in terms of deliverables? Or properties of the container?

** Per out-of-scope paragraph saying:

* The encryption keying.

Can this be clarified?  Is this saying key management is out of scope?  MTI
algorithms?

** In either the milestone or the scope paragraphs describe the status
(Proposed Standard, Informational, etc) of each planned document.