Markdown Version | Session Recording

Session Date/Time: 28 Mar 2023 06:30

tigress

Summary

The tigress working group met to discuss updates to the threat model and requirements documents. Key discussion points included the scope and feasibility of new requirements, particularly the limitation on the number of participant devices. The group agreed to clarify the intent of this requirement and further discuss it on the mailing list. The group aims to move towards working group adoption, starting with the requirements document.

Key Discussion Points

• Updates to Requirements Document: The group discussed changes made to the requirements document since the last interim meeting, including the removal of several requirements and the addition of two new ones: a limitation on the number of transfer recipients, and a requirement for connection integrity.
• Limitation on Number of Participant Devices: Eric questioned the feasibility and enforcement of the new requirement limiting the number of recipient devices. He expressed concern about the ambiguity of the requirement, particularly regarding its interaction with provisioning partners and the potential for collusion. It was clarified the intent was not to prevent collusion, but to set a limit on the number of intended recipients at the protocol level.
• Connection Integrity: The second new requirement, focused on connection integrity during key exchange, was generally well-received. The discussion touched upon potential denial-of-service attacks versus tampering and ensuring non-detectable interference.
• Threat Model Document: The threat model document remains stable, with no changes since the last interim meeting. A brief overview was provided, highlighting the document's structure and purpose.

Decisions and Action Items

• Action Item: The writing team will clarify the text regarding the limit on the number of participants devices in the requirements document to better reflect the intention of the requirement. Eric volunteered to help with this clarification.
• Action Item: Eric and Daniel volunteered to review the threat model document and provide feedback.
• Decision: The group intends to initiate a call for working group adoption for the requirements document, to be announced on the mailing list.
• Decision: More review of the threat model document is required before a call for adoption.

Next Steps

• The writing team will revise the requirements document based on the feedback received during the meeting.
• The revised document will be circulated on the mailing list for further review.
• The group will initiate a call for working group adoption of the requirements document via the mailing list.
• Eric and Daniel will provide reviews of the threat model document.