Automatic IETF Minutes

Markdown Version | Session Recording

Session Date/Time: 22 Jul 2024 22:30

# stir

## Summary
The STIR working group meeting covered several key drafts and ongoing discussions. John Elwell provided updates on the identity backward compatibility draft and the service provider OOB document. The group discussed the freshness drafts, focusing on OCSP and short-lived certificates. Chris Wilson presented on certificate transparency and the new Vesper verifiable STI personas draft, sparking discussions on framework and real-world applicability. Finally, an update on the SIPCOR draft regarding call info was provided.

## Key Discussion Points

*   **Service Provider OOB Document (RFC 8816):**  Discussion revolved around whether the existing REST interface in RFC 8816 provides sufficient detail for normative reference or whether it should be incorporated directly into the document. There was consensus that the interface is "brain-dead rest" and further effort isn't worth it.

*   **Freshness Drafts (OCSP and Short-Lived Certificates):** The group agreed that the OCSP draft is ready for working group last call.  The short-lived certificates draft raised questions about the use of X5C and X5U, backwards compatibility, and whether X5C should be a "must." The inclusion of the root certificate in X5C examples was also questioned.  The group decided to specify must for both X5C and X5U to ensure backwards compatibility.

*   **Certificate Transparency:** Chris Wilson's presentation on certificate transparency sparked a discussion about how to ensure that verifiers can determine whether a passport is using certificate transparency and should therefore contain an SCT. Rollout strategies and backwards compatibility were also considered. Multiple certificates in the chain needing transparency were also discussed.

*   **Vesper Verifiable STI Personas:** Chris Wilson introduced the new Vesper draft for formalizing vetting and KYC, including selective disclosure. The group debated whether this information should be included in the delegate certificates rather than in the passports. A framework was requested.

*   **SIPCOR Call Info Draft:** Update given, and discussion about the inclusion of `verified` and `integrity` parameters.

## Decisions and Action Items

*   **Service Provider OOB Document:** Proceed with the current reference to the REST interface in RFC 8816.
    *   **Action Item:** Jonathan to ensure that the decision to proceed with the current reference is documented on the mailing list.
*   **OCSP Draft:** Ready for working group last call.
*   **Short-Lived Certificates Draft:**
    *   **Decision:** Specify "must" for both X5C and X5U, with adjustments to text.
    *   **Action Item:** John to perform further study of RFC 7519 and make changes to the document to allow both headers.
    *   **Action Item:** John to check with "Jose people" about why the root cert is sent in the X5C example.
*   **Certificate Transparency:**
    *   **Action Item:** Set up a separate call to discuss issues with SCTs and multiple certificates in the chain.
*   **Vesper Verifiable STI Personas:**
    *   **Action Item:** Chris to incorporate a broader framework into the document.

## Next Steps

*   Chairs will initiate working group last call for the OCSP draft.
*   John will address the action items for the short-lived certificates draft and prepare it for another iteration.
*   Chris will arrange a separate call to discuss certificate transparency further.
*   Chris will work on framework aspects for the Vesper verifiable STI personas draft, in alignment with other groups such as Spice.
*   SIPCOR Call Info draft will get another working group last call.