**Session Date/Time:** 28 Jul 2023 16:30 ```markdown # STIR Meeting Minutes ## Summary This STIR working group meeting covered connected identity, OCSP certificate validation, and potential future work related to MLS integration. The discussions included technical challenges, potential solutions, privacy considerations, and outstanding action items. Decisions were made to progress the connected identity draft, combine the OCSP and stapling drafts, and to adopt the short-lived certificates draft, as well as to form a design team for MLS integration. ## Key Discussion Points * **Connected Identity:** * Use cases for connected identity including TFA and fraud prevention were discussed. * Jonathan Rosenberg raised concerns about the requirement for the presence of DIV passports and privacy implications when RCD is used with connected identity. * The discussion centered around how much the IETF should mandate regarding trust and policy, with a general agreement that policy should be left to implementers. * Potential for privacy concerns with the coupling of RCD and connected identity, especially in consumer-to-consumer (C2C) scenarios were brought up. * Chris Went pushed that he believes SBCs in people's networks should just turn RSP on globally. * **OCSP Certificate Validation:** * Different approaches to address certificate freshness, including OCSP extensions, stapling, and short-lived certificates were debated. * Jonathan Rosenberg raised privacy concerns associated with the OCSP extension. * Discussion around whether number lists are an important use case * Eric Rescorla said that "the question of is this still valid for this particular phone number is, like, a different question from the question that this credential is still valid". * Chris Went stated "I have a stronger opinion that we should either do stapling with OCSP or include the cert with 825 c because of that caching issues." * **MLS Integration:** * Discussion of how STIR certificates could be used as credentials within MLS. * Concerns raised about the organizational relationships between consumers, service providers, and carriers. * Discussion around multiple credentials systems where MLS offers a lot of flexibility. * The idea of bridging the the PDI, which we've, like, nicely created for telephony into into MOI was brought up. ## Decisions and Action Items * **Connected Identity:** * Add a paragraph to the intro about the TFA use case. * Clarify in the text that the IETF does not mandate who to trust or why. * Add statements to the privacy considerations section about the interaction of RCD with connected identity for the C2C use case. * Fluffy will create one more update of this document, and then send it for last call. * **OCSP Certificate Validation:** * Merge the OCSP and stapling drafts into a single document indicating that OCSP should not be used without stapling. * Working Group will adopt short-lived certificates document. * **MLS Integration:** * Organize a design team meeting to discuss integration of STIR with MLS and potentially related work on Acme. ## Next Steps * Fluffy to update and send connected identity document for last call. * Fluffy and Shaun to merge OCSP/Stapling draft and prepare it to move forward. * Call for adoption for the short-lived certificates draft on the mailing list. * Chairs to organize a design team meeting to discuss MLS integration.