Session Date/Time: 05 Jun 2023 15:00

SCITT

Summary

The SCITT working group held its weekly call to triage open issues, discuss potential overlap with the Key Transparency (KT) Working Group, and receive an update on the standardization of concise Merkle tree proofs. Key discussions revolved around refining terminology (e.g., "append-only log," "transparency service"), the architectural implications of registration policies, and the strategic direction for Merkle tree proof specifications. Consensus was reached on a two-document approach for Merkle tree proofs (base + profile) and to merge a duplicate issue related to policy identifiers. The need for direct engagement with the KT WG was highlighted.

Key Discussion Points

Meeting Logistics: The recurring issue of non-persistent meeting URLs was raised by Charlie, with Michael confirming the links change due to technology constraints.
Open Issues Triage:
- Issue 7 (Terminology): Steve proposed closing this issue, believing most terminology discussions had converged. However, Ray expressed concerns about the definition of "notary" as a synonym for "transparency service." The concept of a notary involving a trusted entity observing and signing a "wet signature" was debated as potentially distinct from a transparency service.
- Issue 117 (Dedicated section on SCITT requirements for append-only log): Hank offered to create a concise PR for the definition of an "append-only log," with Ray's review.
- Issue 66 (Policy Identifiers) & Issue 63 (Registration policies): These issues discussed the need for recording configuration changes and referencing the active registration policy within the append-only log. The discussion centered on whether registration policies themselves should be stashed in the tree, requiring well-known feeds, and the interoperability implications of standardizing policy resolution. The importance of consumers being able to detect changes in policy affecting trust was emphasized. Issue 63 was identified as a smaller version of 66 and proposed for closure after cross-linking.
Key Transparency (KT) Working Group Overlap: Ori and John provided insights into the KT WG's work, noting a focus on "key-value store transparency" rather than solely cryptographic keys. While there's significant overlap in the core log structure, proof generation, and auditing, KT has specific requirements around user-centric privacy and non-enumeration of the log (e.g., for username protection). This differs from SCITT's initial use cases, which are less constrained by such privacy requirements, though the fundamental mechanisms might be similar. The group acknowledged the potential for "creep overlap" but also the unique problem space KT addresses.
Concise Merkle Tree Proofs ("Committer"): Hank reported on the progress of standardizing receipts (transparent statements) using COSE/CBOR. The decision was made to split the work into:
1. A base document for generic Merkle tree proofs, starting with a well-known hash algorithm from Certificate Transparency (RFC 9162). This document will establish the registry for algorithms and structures.
2. A separate profile document for SCITT, which will specify how to add other algorithms (e.g., CCF) and describe extensions to the CBOR structure. Ori confirmed a prototype implementation is underway, following the latest pull requests and demonstrating signed inclusion and consistency proofs based on RFC 9162.

Decisions and Action Items

Decision: Issue 63 (Registration policies) will be closed, and its content merged/cross-linked with Issue 66 (Policy Identifiers).
Decision: The standardization of Concise Merkle Tree Proofs will proceed with a two-document approach: a base document establishing a registry with a CT algorithm, and a parallel profile document for SCITT-specific algorithms and extensions.
Action Item: Ray to double-check how his previous feedback on terminology (Issue 7) was addressed and to provide a further write-up/input on the definition of "notary."
Action Item: Hank to prepare a concise PR for the definition of "append-only log" (related to Issue 117) and circulate it for review (Ray and Antoine specifically).
Action Item: Chairs/Hannes to reach out to participants from the Key Transparency WG and invite them to a future SCITT call for a direct discussion on potential overlaps and differences.
Action Item: John to add links to the Key Transparency buff videos to the SCITT Hedge Docs.
Action Item: Ori, Hannes, Roy, and others to prepare a more structured discussion on registration policy (Issue 66 and related bundled issues) for the next meeting to facilitate progress.

Next Steps

The next meeting's agenda will focus on the bundled issues related to registration policy (Issue 66 and related) to drive that discussion forward.
Continue monitoring the Key Transparency WG's progress and pursue direct engagement to ensure alignment where appropriate.
Progress on the "Committer" (Concise Merkle Tree Proofs) profile document, building on the established base document approach.
Ori's prototype implementation of the Merkle Tree Proofs could be a valuable exercise for a future hackathon.