2023-10-17 KERI/ACDC Meeting Notes

Recording

Attendees

Sam SmithPhilip Feairheller

Rodolfo Miranda Charles Lanahan Lance Byrd @Cliff HolsenbeckHenk van Cann Kent Bull Randy Warshaw Michael Palage Petteri Stenius Trent Larson Alex Andrei Ruth Choueka Steven Milstein @Arshdeep Singh Michal Pietrus Kevin Griffin Edyta P 

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
5 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
    • None
5 minsReview of action items from previous meetingChairs
  • Sam Smith to create a semantic naming document in the code - call it NAMING.md and check it in.
5 minsAnnouncementsTF Leads

News or events of interest to members:

  • Review of IIW
    • Happy Hour before, nice to meet folks in person
    • Stronger Showing by community and discussions in other
    • DID:webs vs. did:plc vs. did:webplus put on by Dimitri list three requirements for these methods to be viable
      • Commitment to next rotation key
      • Witnesses
      • Multi-signatures
    • Randy:  barriers for accepting KERI/ACDC breaking down this IIW.
      • Having Markus presenting "on behalf" of KERI for did:webs was very valuable
    • Justin Ritcher - Signed permissions in OpenID
    • "The World is going to become signed data structures because security sucks" - Dr Sam Smith
    • Nuttawut 101 and did:webs went very well.
    • Karla McKenna's vLEI sessions were well attended.
    • Tribes of IIW:  KERI, JWT/OpenID, W3C
    • Rodo:  Loves Sam's "Selective Disclosure is useless" (De-identification/Re-Identification)
      • Contextual linkability re-identification attack defeats cryptographic unlinkability
    • Charles:  What about the Confidential Computing talk by "the other Manu" (Hushmesh https://www.hushmesh.com)
    • ACDC for Muggles reprisal... well attended, lots of good questions.  
      • IEEE Standard (7012) on default contractually protected disclosure language.
5 mins

Reports

Open
  • Signify-TS
    • Credential issuance and IPEX Grant for multisig participants
      • Seems to have revealed a IPEX bug somewhere in KERIA... looking into it
25 minsDiscussionOpen
  • Okta hack on MGM casino - entire MGM Okta instance (casino, resorts, etc)
    • Worth pointing out that multisig is a form of multi-factor auth, where each factor is cryptographically strong
      • As opposed to shared secrets (passwords, text codes) where each factor is weak
  • New OpenID draft spec for solving the "phone home" problem... publish keys of issuers in x509 certificates
    • "Don't put old wine in new bottles"
5 minsAny other businessOpen
  • Special thanks to Rodo for all the links and information in the notes today!
5 mins
  • Review decisions/action items
  • Planning for next meeting 
Chairs
  • Sam Smith to create a semantic naming document in the code - call it NAMING.md and check it in.