**Session Date/Time:** 09 Jan 2023 16:00 # [SCITT](../wg/scitt.html) ## Summary The SCITT Working Group held its first meeting of the year, focusing on the progress of the use case document, the architecture document, and preparation for IETF 116. Key discussions included refining existing use cases, incorporating new ones (especially from the six-store community and NIST consumer software labeling), formalizing terminology, and addressing the security objectives and threat model. Decisions were made regarding the documentation of threats within the architecture document and the withdrawal of the term "trust bond" in favor of more neutral language. ## Key Discussion Points * **Use Case Document Status and Refinement:** * Hank updated the use case document, addressing feedback from Yogesh, including the removal of a superfluous section and refining an example. He noted that some GitHub issues were inadvertently closed due to commit messages. * Hank will schedule offline 1:1 discussions with Monty to distill the firmware use case and with Joshua Locke to integrate six-store community use cases. * Dick Brooks introduced a new use case proposal related to NIST Consumer Software Labeling, focusing on registering a "trust score" for software in a high-integrity trust registry. This aims to provide consumers with an indicator of software trustworthiness, such as in app stores. * Yogesh mentioned the template he used for use cases, which focuses on identifying problems and deriving requirements without delving into solutions. * A poll of those present indicated a preference to defer additional use cases for now, focusing on the current set to illustrate SCITT's capabilities. * **Data Storage (Internal vs. External):** A significant discussion revolved around whether evidence/payload data should be stored directly in the SCITT data structure or referenced externally. John noted that previous discussions concluded that SCITT must have space for payload but not require it, accommodating both scenarios. Raymond's election data use case was highlighted as an example requiring external data references and air-gapping support. Steve emphasized the balance between disclosure, data volume, and indexing. * Hennis shared a link to various industry use cases (from Tracy's pre-Christmas email) covering aspects like air-gapping, attestation, Docker images, key management, and identity reuse. Participants were encouraged to review these to beef up existing use cases. * **Architecture Document Progress:** * The adopted architecture document has been moved to the official IETF organization and templated. Authors opted for a "clean slate" history, with substantial comments from the old repository to be migrated. * Hank indicated that the use case document should have an ongoing adoption call before the IETF 116 meeting (March) to achieve working group item status, given the critical mass of content. * **Security Objectives and Threat Model:** * These two deliverables are critical for IETF 116. * Kay's work on aggregating requirements from use cases is considered a good starting point for the threat model. * A suggestion was made to involve Brendan Moran for his expertise in threat modeling within the IETF context. * The consensus was that security objectives and threats should be listed in the architecture document rather than creating separate documents. * **Terminology Discussion:** * Roy suggested starting to refine the terminology document/section. * Yogesh reported on offline discussions with Cedric and Antoine, indicating that most terminology issues are resolved, with only a few overlapping points with RATS remaining. An existing GitHub issue (437.41) tracks this. * **"Trust Bond" Terminology:** Charlie expressed concern that "trust bond" is not a well-known term of art, could be proprietary, and lacks a clear definition. Dick Brooks, who introduced the term, agreed to withdraw its use. Monty suggested defining the concept first before deciding on a specific term. * Monty suggested creating a clear place for draft definitions, perhaps on the mailing list, to get group consensus on concepts before settling on specific terms. * Steve mentioned that access control considerations are relevant to the terminology and the storage of external/internal data. * **IETF 116 Preparation (March):** * Hennis and John committed to coordinating the work-back schedule for IETF 116, including identifying speakers, preparing slide decks, and ensuring timely document submissions. ## Decisions and Action Items **Decisions:** * The security objectives and threat model will be documented within the SCITT Architecture document, rather than as separate artifacts. * The use of the term "trust bond" is officially withdrawn from SCITT documents. The working group will seek a more neutral, clearly defined term or a detailed conceptual description to convey the intended meaning. * The SCITT data structure must allow for both direct inclusion of payload data and external referencing of data, but neither is strictly required, allowing flexibility for various use cases (e.g., privacy, supply chain integrity, public data). **Action Items:** * **Hank:** * Address GitHub issues that closed prematurely due to "fixes" commit messages by reviving them. * Schedule and conduct a 1:1 meeting with Monty to distill requirements for the firmware use case. * Schedule and conduct a 1:1 meeting with Joshua Locke to refine and integrate six-store use cases into the SCITT use case document. * Move all "to-do" items from the draft write-up of the use case document into the GitHub issue tracker for better management. * Collaborate with Yogesh to homogenize the stylistic differences in the use case document. * **Yogesh:** * Review the "final merge" Pull Request and close it if all changes have been incorporated into the current draft. * Post an update to the mailing list regarding the current status of terminology discussions, including the link to GitHub issue 437.41, to solicit broader working group feedback. * Collaborate on defining and documenting the threat model within the architecture document, potentially involving Brendan Moran. * **Hennis & John:** * Coordinate IETF 116 preparations, including identifying speakers, developing slide decks, and establishing timelines for document submission. * **Charlie:** * Collaborate with Dick Brooks and the working group to define a neutral and well-understood term or description for the concept previously referred to as "trust bond." * **Monty:** * Propose draft definitions for key SCITT concepts on the mailing list to facilitate discussion and agreement on terminology. * **Raymond:** * Draft a few paragraphs or a list of requirements for his election data use case, focusing on its specific needs such as remote references and air-gapping, for inclusion in the use case document or a related appendix. * **Joshua Locke:** * Integrate relevant aspects of six-store use cases and case studies into the SCITT use case document. * **All Participants:** * Review the industry use cases shared via Tracy's pre-Christmas email (linked in chat) to identify potential additions or refinements to existing SCITT use cases. ## Next Steps * The working group aims to have the Use Case document in a state ready for an adoption call by mid-to-end February. * Following the adoption of the Use Case document, increased focus will shift to progressing the Architecture document and integrating the security objectives and threat model. * Terminology discussions will continue, with the goal of finalizing the terminology section of the architecture document in the near future.