2024-06-26 TSPTF Meeting Notes

Meeting Date & Time

This Task Force meets every other Wednesday. The first meeting (for the NA/EU time zones) is dedicated to the TSPTF. The second meeting, for the APAC time zones, is the joint weekly APAC meeting of all Task Forces in the ToIP Technology Stack Working Group.

  • NA/EU meeting: 08:00-09:00 PT / 15:00-16:00 UTC
  • TSWG Weekly APAC meeting: 18:00-19:00 PT / 01:00-02:00 UTC

See the Calendar of ToIP Meetings for exact meeting dates, times and Zoom links.

Zoom Meeting Links / Recordings

Attendees

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
3 min
  • Start recording
  • Welcome & antitrust notice
  • New member introductions
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members:
2 minReview of previous action itemsChairs
20 minsPQC (Post Quantum Cryptography) Support in TSP

Wenjing shared screenshot #1 about the advances being made with HPKE that would add support for PQC. 

Sam Smith agreed that this helps illustrate the growing interest in PQC. He noted that they do not support authenticated modes because they are only needed if you don't sign.

Jacques Latour asked about whether this applied to a digital signature outside of the TSP. Sam clarified that the TSP only deals with authenticity, confidentiality, and metadata privacy in the TSP protocol.

Sam mentioned that the HPKE report mentions key compromise impersonation attacks. HPKE provides no protection from impersonation by the party with whom you are connecting with. So you need to combine the verification of the VID with the TSP.

This emphasizes the importance of VID verification as a critical first step BEFORE using the TSP with the VID. Sam gave the example of Signal being hacked (twice) not by breaking the encryption, but by impersonation of a phone number.

Drummond Reed: As a side note, relative to the question of authenticated mode, this thread started last week by a group of cryptographers in the EU in response to the EU Architecture Reference Framework (ARF) is fascinating: https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/issues/200

15 minsDICE Report

Updates from the Decentralized Identity Unconference Europe, held last week in Zurich.

Sam said he participated in 7 sessions (out of the 10 slots) on KERI-related topics. Some of them were NOT given by Sam. One was a session by a graduate student on KERI watcher networks. Plus there were many side conversations on KERI related topics.

Mirko shared that there were a number of discussions about real-world solutions that are being used now. He called out discussions on ZKPs that use new techniques that using government approved cryptography (but which are still slow). He also mentioned that in Germany, the eIDAS 2.0 ARF approach is competing with an internal approach.

Drummond noted that Switzerland and the EU know they need to interoperate, but they are not covered by the same regulations. So there is a healthy tension there.

Judith said she was disappointed that we were not able to hold a TSP session simply because we lacked the manpower at DICE.

15 minsIdentifer Traits aka VID Appraisability FrameworkDrummond Reed 

This was a topic at DICE raised by Jan Christoph Ebersbach (known as "JC"). See this Github Gist page.

The opportunity we have is to combine our efforts on VID Appraisability Framework with JC's (tentatively to start at DIF) and Mirko Mollik's work at OWF.

The opportunity we have is to combine our efforts on VID Appraisability Framework with JC's (tentatively to start at DIF) and Mirko Mollik's work at OWF.

JC said the work began at IIW, where he was interested in did:web and did:tdw, but he wanted to understand the different security aspects of cryptographically verifiable identifiers. So at the DIF ID Working Group, JC started to put together a taxonomy of traits of these identifiers.

He noted that the purpose is not necessarily to provide specific security guidance/recommendations, but to at least describe the different options in a consistent way, and then help implementers choose a VID that meets their specific needs.

JC said that, in the session at DICE, we discovered that, besides the DIF effort, Mirko was also working on this in the Credential Formats SIG at OWF, and that we were working on VID appraisability frameworks here in the TSPTF.

JC was very interested in combining our efforts to just help us get to the goal faster and more comprehensively.

Sam explained that the term "appraisability" that we are using here at ToIP comes from the Trusted Computing Group definition of appraisability of security risks. It covers both static and dynamic risk assessment. At the TCG work, the term appraisability when applied to dynamic risks means that you have done a real-time appraisal of the risk assessment. So Sam suggests we should not use the term "appraisal" or "appraisability" unless it is a subset of dynamic risk assessment. 

Darrell said that he was very grateful for JC's work.

Mirko pointed out that there is no perfect solution, so the more information is going to be very helpful.

Markus pointed out that this work appears closely related to the DID Rubric work that was part of the W3C DID Core Working Group. That was meant to consider all the different dimensions of DIDs that could be relevant to the selection of a DID method. This Identifier Traits gist looks similar to that for identifiers.

JC acknowledged that the DID Rubric was discussed in the Identifier Traits session at DICE, and also that some parts of it does apply to Identifier Traits (the Rubric was one of JC's starting points). However JC's main focus was on a list of traits/features.

Sam pointed out that this list of traits would be contribute nicely to a static risk assessment. That would be step one in a security architecture. The counterpart is dynamic risk assessment, which can detect real-time attacks before damage is done to the attacked party. The latter—being able to detect dynamic appraisability— is the primary innovation of KERI architecture.

Drummond summarized that static risk assessment based on identifier traits should be combined with dynamic risk assessment. He thanked JC and Mirko for attending and said he looks forward to working with both of them on Identifier Traits and being able to use that in conjunction with our work here on dynamic risk assessment with appraisability frameworks.

ACTION: Drummond Reed to put on the agenda of the next TSPTF meeting the topic of Samuel Smith giving a full-length example of how dynamic risk assessment works using KERI.

5 mins
  • Review decisions/action items
  • Planning for next meeting 
Chairs

Screenshots/Diagrams (numbered for reference in notes above)

#1


Decisions

  • None

Action Items

  • ACTION: Drummond Reed to put on the agenda of the next TSPTF meeting the topic of Samuel Smith giving a full-length example of how dynamic risk assessment works using KERI.