Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Zoom Meeting Link / Recording

Attendees

Philip Feairheller Sam Smith @Ari Argoud Henk van Cann Fergal O'Connor Lance Byrd Charles Lanahan Sai Ranjit @Asad Khan Shawn Butterfield Kent Bull Joseph Lee Hunsaker Edyta P Trent Larson P Subrahmanyam 

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
5 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
5 minsReview of action items from previous meetingChairs
  •  Kevin Griffin add action items to top level Wiki page
    •  Topics for discussion
      •  User Experience
        •  OOBI exchanges
      •  Watcher Network
      •  Fido2 integration
      •  Where to store rotation keys?  From meeting chat:

        "we don’t have a recommendation about storing and generating pre-rotation keys. If we are generating and storing pre-rotation keys on same system that is generating signing keys, and if an attacker can compromise signing keys, the attacker can very easily compromise rotation keys as well"

      •  

        Sam how would we explain the fact that even when not using a Blockchain system keri still introduces other components such as jurors and watchers to solve the duplicity detection problem that just appears because of the need of more than just the principal of the entitiy? IMHO it seems like we still need to trust others to avoid bad actors. What is more to make it more available we are still using components to expose the KELs of entities. Meanwhile blockchains solves it inherently at the expense of ledger locking.

5 minsAnnouncementsTF Leads

News or events of interest to members:

  • DICE is next Week (IIW Europe)
  • IIW Fall Oct 29-31st.  Early Bird Tickets
  • AIW this week.
5 mins

Reports

Open
  • Specifications
    • RFC 2119 changes complete (Sam Smith ) on all specifications.  
      • Changes merged into specs
  • KERIPy
    • PR merged to fix cueing with KeyState notifier
  • KERIA
    • PR merged to improve OpenAPI spec docs
    • Delegation PR waiting for review
  • SigTS
    • Work continues on getting tests passing again
25 minsDiscussionOpen
  • Charles Lanahan wants to discuss PR:
  • Kent Bull - Threshold recovery service
    • Would an email & ACDC-based threshold recovery service be a good idea?
      • A: It could work, though it would be a custodial service where you trust someone to maintain control over an AID for you.
  • Sam how would we explain the fact that even when not using a Blockchain system keri still introduces other components such as jurors and watchers to solve the duplicity detection problem that just appears because of the need of more than just the principal of the entitiy?
    • The major difference is how the trust works between Blockchain and KERI ecosystems.
    • Where does the trust come into play?
      • Have to secure the code supply chain so you can "trust your code".
  • Sam Smith - Yesterday Apple announced their Personal Private Cloud and their new Password app.
    • Password app seems to be a direct competitor to 1Password, etc.      
    • Personal Private Clouds - Competitive to homomorphic encryption / computation.  Using TEEs and auditable code in the execution environment to prove that Apple has no access to the data in the TEE.  Using Apple's custom hardware.
5 minsAny other businessOpen
5 mins
  • Review decisions/action items
  • Planning for next meeting 
Chairs
  •  Kevin Griffin add action items to top level Wiki page
    •  Topics for discussion
      •  User Experience
        •  OOBI exchanges
      •  Watcher Network
      •  Fido2 integration
      •  Where to store rotation keys?  From meeting chat:

        "we don’t have a recommendation about storing and generating pre-rotation keys. If we are generating and storing pre-rotation keys on same system that is generating signing keys, and if an attacker can compromise signing keys, the attacker can very easily compromise rotation keys as well"