Automatic IETF Minutes

Markdown Version | Session Recording

Session Date/Time: 29 Mar 2023 06:30

# stir

## Summary

This STIR working group session at IETF 116 covered several key topics, including the status of the Identity Header Error Handling document, follow-ups on IS documents, service provider OB B considerations, certificate freshness mechanisms, and connected identity.  Discussions centered on clarifying normative language, addressing security concerns, and determining the next steps for ongoing drafts.

## Key Discussion Points

*   **Identity Header Error Handling:** Editorial changes were made; document is considered ready for RFC.
*   **RC Document:** Last comments were addressed; URI support (HTTPS vs. CID) was discussed; clarified the use of cozy registry for hashing algorithms.
*   **Messaging Draft:** Is in ballot state, use cozy ready to describe algorithms used to create hash for new message I claim element. Discussion on prescriptive language about how to create the mime bodies for messages.
*   **Connected Identity:**  Discussion of RFC 4916 and how to attach a passport for a message in the backwards direction. Proposal to go to working group last call.
*   **Service Provider OB B:** Discussion on updates based on comments regarding Cps advertisements.
*   **Certificate Freshness:** Discussion on different approaches for certificate freshness, including OCSP, short-lived certificates, and S. Focus on data immunization and minimizing the amount of information revealed about enterprises.

## Decisions and Action Items

*   **Identity Header Error Handling:**  Ready for RFC publication.
*   **RC Document:** Call for objections to normative language changes. If no significant objections, proceed.
*   **Messaging Draft:** Update draft with the agreed-upon Cozy ready changes and language clarification regarding normative guidance vs. informative guidance.
*   **Connected Identity:** Proceed to working group last call.
*   **Service Provider OB B:** Proceed to publication, address a known down-ref in the document.
*   **Certificate Freshness:** Advance the existing OC baseline SPA document to RFC. Adopt the short-lived draft. Create a single freshness element that works for both Ocsp and short lived.

## Next Steps

*   Publish Identity Header Error Handling RFC.
*   Call for objections on RC document's normative language.
*   Update and re-issue the messaging draft.
*   Prepare the Connected Identity document for Working Group Last Call.
*   Proceed with publication of the Service Provider OB B document.
*   Advance the OCSP baseline SPA document to RFC.
*   Adopt the short-lived draft and create a single freshness element that works for both Ocsp and short lived.
*   Discuss issues concerning short lived certificates on the mailing list.