Markdown Version | Session Recording

Session Date/Time: 18 Mar 2024 07:30

stir Meeting Minutes

Summary

The STIR working group meeting focused on certificate freshness, the integration of Certificate Transparency, and potential interactions between STIR and MLS. Discussions centered on OCSP stapling, short-lived certificates, the use of X.509 extensions, and how to apply STIR identities within the messaging context. Two documents were considered for adoption: an OCSP extension and short-lived certificates, the latter of which was successfully adopted.

Key Discussion Points

• Certificate Freshness: Explored different approaches including OCSP with stapling and short-lived certificates. Discussed trade-offs and potential use cases for each. A new version of the OCSP extension document was presented.
• X.509 Extensions: Detailed discussion regarding the use of X5U and X5C within passport headers and their compatibility with existing implementations, leading to the conclusion that both should be supported.
• Certificate Transparency (CT): A draft proposing the use of CT for STIR certificates was presented. Discussions highlighted concerns regarding the threat model, particularly the reliance on CAs to report mis-issuances and the scope of SPC certificates. There was disagreement about whether CT applies in the STIR context. Concerns were raised about the maturity and adoption of the proposed CTv2 standard (RFC 9162) over CTv1.
• STIR and MLS: A draft exploring the interaction between STIR and MLS was presented, focusing on the reuse of STIR certificates and passports for identity assertion in messaging systems. The need for coordination with the Mimi working group was highlighted. There was debate about how well the existing approach to service-specific identifiers works for service-independent identifiers like telephone numbers.
• Adoption Criteria: Working group processes for adoption were mentioned and explained, including a call for adoption of short-lived certificates.

Decisions and Action Items

• Adoption of Short-lived Certificates Document: The Short-lived Certificates document was adopted as a working group item.
• OCSP Extension Document:
  • Advance the OCSP document with updates based on the discussion and make sure ECC PSA is actually being used.
  • Update the OCSP extension document to reflect the proper algorithms.
• X.509 Certificate Format: The group will stick with PEM and change the examples to reflect that.
• Action Item (John Peterson): Create a work group version of short lived certificates.
• Action Item (Russ): Find the place where a chain of certificates is defined for BER, which is on equal standing with 5280.
• Action Item (Alec): Look at RFC 5280 and figure out what can be done regarding certificate formats that does not transgress laws that actually matter.
• Certificate Transparency (CT) Draft: Continue working on the CT draft but not adopt it yet. Clarify the threat model within the draft and the issues that it addresses and prevents.

Next Steps

• Continue working on the OCSP extension document and short-lived certificates.
• Continue working on the Certificate Transparency (CT) draft, focusing on the threat model.
• Continue exploring the interaction between STIR and MLS, coordinating with the Mimi working group.
• Discuss the future of the working group and potential shutdown on the mailing list.