[MINUTES] W3C CCG Credentials CG Call - 2022-02-22

Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2022-02-22/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2022-02-22/audio.ogg

----------------------------------------------------------------
W3C CCG Weekly Teleconference Transcript for 2022-02-22

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2022Feb/0111.html
Topics:
  1. Introductions/Reintroductions
  2. Announcements
  3. Deep Dive on SRI Cryptographic Review
Organizer:
  Mike Prorock
Scribe:
  Our Robot Overlords
Present:
  Charles E. Lehner, Heather Vescent, Manu Sporny, Kimberly Linson, 
  Mike Prorock, Mahmoud Alkhraishi, rgrant (Ryan Grant), Ryan 
  Grant, Anil John, TallTed // Ted Thibodeau (he/him) 
  (OpenLinkSw.com), PL, Chris Abernethy (mesur.io), Erica Connell, 
  Dmitri Zagidulin, David Balenson, Leo, Brent Zundel, Lucy Yang, 
  Will Abramson, Kaliya Young, Kerri Lemoie, Marty Reed, Jeff 
  Orgel, Joe Andrieu, David I. Lehn

Our Robot Overlords are scribing.
Mike Prorock:  Cool all right well hello and welcome Happy 
  Tuesday with all sorts of things in the agenda for today is up on 
  the mailing list and I have linked it out and we discussed last 
  week as well so basically we will be running a fun continuation 
  of last week last week we got a great overview from the work done 
  by asri thanks to sponsorship by Anil John over at DHS.
Mike Prorock:  Ecosystem and cryptography and all sorts of fun 
  stuff so today we're going to be diving into kind of a top-five 
  practical takeaways you know from that report at what does that 
  mean for implementers and users of the city of these types of 
  systems Etc IP note so just to start this off anyone can 
  contribute or participate in these calls but any substantive 
  contributors to actual work items on the ccg must be members of 
  the.
Mike Prorock:  For IP our agreement signed the link is in the in 
  the agenda that I sent out these minutes in an audio recording of 
  everything set on this call are archived at our GitHub under the 
  meetings project and we do use the jitsi chat and or IR C 2q 
  speakers so feel free to type Q Plus to get on the Q q- to remove 
  yourself from the queue you can also do things like say Q Plus 
  with the word to afterwards.
Mike Prorock:   To mention something specifically.
Mike Prorock:  And if you for some reason can't add yourself to 
  the queue all you have to do is just speak up and say hey I can't 
  get on the Queue because I'm dialed in or whatever the situation 
  is and we'll get you on the queue.
Mike Prorock:  We this meeting is held by voice not by chat log 
  so just be aware of that if we need to clean up chat log or IRC 
  we will do so which we might need to do given the auto 
  transcriber we will be rolling with the auto transcriber today 
  for the transcript which is probably a little bit of Overkill but 
  it is what it is and it seems to be improving so as it learns us.
Mike Prorock:  The I believe that is really what we're after I do 
  want to make a quick call first to intros and an eerie intros I'm 
  seeing mostly familiar faces here but is there anyone new to the 
  group today due to the call today that would like to introduce 
  themselves.

Topic: Introductions/Reintroductions

Mike Prorock:  And with that I am not seeing any volunteers for 
  that so let's go ahead and move on and just check if there are 
  any announcements Clea think you might be on the call I know 
  there is some some items coming up on that front leave Thursday 
  any announcements for new on that front or anyone else Community 
  related items.

Topic: Announcements

Kaliya Young:  DIFcon is happening,  I posted it on the list if 
  is having its virtual face-to-face meeting on Thursday so people 
  are interested in learning about what the working groups are are 
  doing each one of them has a time to present.
Kaliya Young:  I'm also doing a one-on-one conversation with Anil 
  John about his SVIP work to give exposure to that work into the 
  deaf community.
<identitywoman> IIW has scholarships for people from 
  underrepresented groups if you want to explore that possibility 
  please contact me kaliya@identitywoman.net
Mike Prorock: 
  https://drive.google.com/file/d/1lT01WGf8iOnEurSBr97dYM2NVI0lUE6G/view

Topic: Deep Dive on SRI Cryptographic Review

David Balenson:  It's quite alright this is so bizarre I've never 
  been part of meetings like this with the assistant of the side 
  here with the little language and notation for doing things so 
  it's very interesting anyway yesterday I was talking with Mike 
  and others and Mike originally asked me off the top of my head or 
  ask me for my top three items and I said hmm good idea off the 
  top of my head there are actually five things that occurred to me 
  and.
David Balenson:  He's been mentioning this morning that there's.
David Balenson:  So there were a couple of themes that sort of 
  threads if you will that were woven throughout the different set 
  of recommendations that I outlined last week but I think one of 
  the number one things that came up in that we need to discuss is 
  what I will call the need for crypto agility and so this is 
  especially Critical with the forthcoming.
David Balenson:  Ocean from the current set of nist approved 
  algorithms to the Future set of post Quantum crypto algorithms 
  that are hopefully ultimately going to come out of the post 
  Quantum crypto competition that they had been hosting I know that 
  that Mike and Mary and others have already started pursuing 
  crypto agility they've been doing some prototyping and we can 
  discuss that further perhaps they can.
David Balenson:   Gus it further but clearly.
David Balenson:  The need for crypto agility the ability to be 
  able to swap in new algorithms over time and all of the king 
  material the parameters the the inputs and the outputs that go 
  along with that is probably number one on the list.
David Balenson:  Number two when it comes to government use of 
  these Technologies and the underlying crypto it's the use of 
  validated crypto algorithms and modules there is a program by 
  which such algorithms and modules can can be validated it's not a 
  trivial Endeavor it takes some time and.
David Balenson:  There are some modules that are out there that 
  have been algorithms and modules that have been evaluated 
  improved and there are others that probably would need to be in 
  order to be sufficient for government use and would love to 
  discuss that further with all of you to get a better idea as to 
  what you're currently using what if any experience you have with 
  the US government.
David Balenson:  Validation programs and and just have that 
  discussion number three this was my number for yesterday but I'm 
  going to make it my number three today and that is pay attention 
  to bit strength pay attention because that that's sort of drives 
  the security level of the algorithms that you're using and 
  depending on whether you're using it for four hash or Mac or 
  signature or.
David Balenson:  There's going to be different different levels 
  than this guidance and we excerpted some of this in the tables in 
  the report and in the slides there's guidance on on the bit 
  strength that you need to have in order to ensure appropriate 
  security and back to item one the crypto agility all these 
  strengths apply now to the current algorithm sweets right so 
  things like SHS, SHA-3 AES DSS but as we transition in the future 
  to public key cryptography we're going to have to pay attention 
  to the bit strengths of those algorithms as well.
David Balenson:  Top five number four is what I'll refer to is 
  sort of keeping track of the keying material or memory management 
  so there were a number of recommendations that talk about 
  treating the different Randomness seeds other parameters just 
  like you would the king material itself generate it use it and 
  then destroy it.
David Balenson:   It don't keep it around .
David Balenson:  The more of an attack surface over time it 
  presents the more susceptible it is to being attacked through 
  various vulnerabilities or exploits oh so you want to pay 
  attention you know consciously to sort of the I'll call the life 
  cycle of that material from the moment it's created until the 
  moment that it's destroyed and then finally number five is.
David Balenson:  As you write various standards whether it be the 
  base standards or some of the axillary or supplementary standards 
  the glue standards whatever the case might be make sure that your 
  documentation fully addresses the use of crypto and includes all 
  of the different areas that we recommended in that are mentioned 
  here in the top five list.
David Balenson:  Its strength recommendations for proper handling 
  of keying material and discussion of potential government needs 
  or requirements I think one of the things that's important to 
  recall from what we presented last week is even though this is 
  primarily the government compliance is primarily for for their 
  purposes and meeting fisma requirements and and that in turn 
  requires the use of.
<mprorock> Top 5 topics: 1) Crypto Agility 2) Verification of 
  Modules for .gov use 3) Bit strength 4) Tracking and managing key 
  material 5) Documentation and ability to approach the tech
David Balenson:  Krypto the fips approved modules even though 
  that's primarily for government that is of benefit for 
  non-government for commercial use as well.
David Balenson:  So number five very important to document I'll 
  also point out one of the challenges Nick Jenice my collaborator 
  and I had when we were going through the V CDM and did standards 
  was trying to find the references to nist Photography in fact we 
  found that there weren't necessarily references in this 
  cryptography there were references to other w3c documents to 
  other ietf documents and then those documents in turn had 
  references.
David Balenson:   Has to various other documents and we were.
David Balenson:  Only after some time and Care able to trace to 
  the nest crypto documents themselves and people who were on saw 
  the presentation last week may recall the graphs that we had 
  shown where we traced all that so I think part of documenting 
  crypto is also being more explicit about the crypto including the 
  use of government flying compliant crypto including the use of NE 
  standards.
Mike Prorock:  Yeah thanks David I think that's a great starting 
  place there and we can obviously kind of drill into some other 
  stuff man ooh I see you on the Queue here.
Manu Sporny:  Yeah I've got a very long list of questions which 
  is I mean all good stuff so let me start off by saying some of 
  these are going to be controversial and I'm not trying to insult 
  or anything I'm just trying to and they're not directed at you 
  David it's kind of you know directed at the community and in 
  really looking forward to your input on this this is great like I 
  wish we were able to do this every couple of months in the group 
  and I would like us to try and figure out how we can.
Mike Prorock: +1 Manu - more frequent attention to security and 
  privacy in practical terms is much needed
Manu Sporny:  The regular discussion over the next two years the 
  guidance is really appreciated okay so the first first question 
  David is so I took a look at your background which is I should 
  have done before but you've got a really interesting background 
  both in Academia and also chairing a number of cryptography 
  conferences and security conferences input from people like you I 
  think.
Manu Sporny:  Is fantastic and we need more of it we've also I've 
  read through the entire report multiple times it's a great report 
  but it is a bit motherhood and apple pie right I mean these are 
  all things that I'm sure that you have had to repeat over your 
  career over and over and over again because people keep getting 
  the basics wrong and I think it's totally appropriate to keep 
  repeating it as the VC and did stuff our or happen.
Manu Sporny:   Because there are all very valid point.
Manu Sporny:  Um however there's a little bit of reading between 
  the lines that I think some of us are having to do in I just want 
  to try and be a bit more explicit in those cases so the first 
  thing is you know this is very much kind of a review based on a 
  presumption that it is nist standards that you have to comply 
  with you know to deploy stuff in the US and in worldwide and in 
  other governments that.
Manu Sporny:   A tree using a.
Manu Sporny:  That's good to know there are new forms of 
  cryptography like the post Quantum stuff CL signatures come 
  initial listens get signatures Anon creds BBS plus that have not 
  had appropriate cryptography review yet in the message seems to 
  be you will not be using any of those things until there is 
  proper nist.
Manu Sporny:  Let's go.
Manu Sporny:  Government had will have a very hard time saying 
  yes to the some of that that new Step could you could you 
  elaborate on that a bit more like just because something is not 
  nist approved in Phipps certified does that mean that it's 
  automatically not a possibility when we talk about some pretty 
  heavy-duty government credentials like for example the u.s. 
  permanent resident card and things like that.
David Balenson:  Sure happy to and yes though I know and 
  understand I'm sort of the messenger here you're not out to Kill 
  the Messenger and in earlier discussions we've emphasized this 
  and I want to emphasize it again we're not setting any of these 
  requirements these have been set under by Congress under law.
David Balenson:  And fisma which is law that law is binding on US 
  government departments and agencies and so ultimately it's the 
  Departments and agencies that have to abide by that law and they 
  have to figure out how best to abide that by that unfortunately 
  fisma requires Phipps the use of the Phipps is mandatory in 
  earlier incarnations many years ago you used to be able to get.
David Balenson:   Get waivers to using the.
David Balenson:  Um it's no longer possible to get waivers that 
  said I'm pretty confident that the various government departments 
  and agencies have run into situations where for various reasons 
  they need to use different types of cryptographic algorithms and 
  I'm sure that they have worked through all of this and figured 
  out exactly when and where they need to be fully compliant versus 
  when.
<anil_john> :-)
David Balenson:  Use Alternatives and unfortunately I'm not 
  familiar with that process that's really something that you've 
  got to reach back and talk to them about Anil and I have had this 
  discussion several times we do expect in the future to have 
  explicit discussions with them about the recommendations and get 
  their thoughts and reactions to using them as well as to learn 
  more about.
David Balenson:   How they address some of the issues.
David Balenson:  You're.
David Balenson:  About I don't know Anil if you want to step in 
  and offer anything further about that but ultimately it's a 
  question of what is your Market what portion of that market is 
  your government customer who are those customers and what are 
  their needs and requirements and just as any other sales 
  opportunity when you're working to promote your.
David Balenson:   Technologies with your customers.
<anil_john> +q to add a bit of nuance
David Balenson:  You need to talk with them and understand their 
  needs and requirements and it's important to have that 
  conversation and and work with them collaboratively to give them 
  what they need to either meet the requirements or if it's not 
  practical to meet the requirements to justify using the 
  Alternatives even if it's not possible to get a waiver there 
  might be other processes or procedures by which they can 
  entertain alternatives.
Mike Prorock:  Until I see you on the Queue so I'm going to defer 
  to you and then I'll talk a bit about what I've been hearing on 
  the commercial side which is going to be also important from an 
  adoption front but I think you can speak best directly to the 
  government side.
Mike Prorock:  Hopefully Mike is working now.
<heather_vescent> Is there any audio?
Manu Sporny:  Yeah no audio from Anil might need to refresh Anil.
Mike Prorock:  Well wall Anil is refreshing I will ask yourself 
  here be you know one of the one of the thought one of the things 
  may know I've been seeing case in point directly to this like 
  with some of the post Quantum stuff we're working on even to get 
  that stuff registered like you know two major Cloud providers 
  that are engaged in that work said that you know said yep we're 
  in but only if we.
Mike Prorock:  I'm doing two things one making sure whatever nist 
  approves you know we ensure that rolls through the 
  standardization process and that we cover the standardization for 
  the other thing so that we can register them appropriately to say 
  do not use them right if they're not you know and we don't want 
  to see them on our networks so like that's the kind of thing like 
  I'm even hearing on the commercial side just to engage with folks 
  beyond the government front Anil is your audio picking up now.
Manu Sporny:  Nope still no audio.
David Balenson:  So if I could while we're waiting for a meal I 
  think it's great to be talking to the large commercial vendors 
  they're obviously going to be interacting extensively with the 
  government and so they would have a lot of good interesting and 
  hopefully helpful perspective there I also want to make another 
  comment which is you talked about the these alternative 
  algorithms right the the public key crypto but also the CL.
Mike Prorock: +1 David
David Balenson:  BBS Plus for example it's also important not 
  only to have the conversations I mentioned with the government 
  customers and other customers but I think it's also to have 
  conversations with the folks who are developing these 
  cryptographic algorithms and then with nest and making sure that 
  they are aligned and working collaboratively on these algorithms 
  with an eye towards possible future standardization so that they.
David Balenson:  I'm by government customers so for example when 
  Nick and I were working on this we actually spoke with the number 
  of the the cryptographers and subject matter experts at nist and 
  they were familiar with the number of these efforts that you all 
  are interested in including the BBS plus signatures and they 
  understand the potential utility of them they understand the 
  potential need to standardize them.
David Balenson:  You've got to speak to them they can better 
  explain their process in their priorities but the sense that we 
  got from them was that right now their primary focus is on post 
  Quantum crypto and at this point it's highly unlikely they're 
  going to standardize on anything else until they get over that 
  that major hurdle.
Anil John:  Can you can you hear me Mike.
Mike Prorock:  Anil feel free to sound check if here I see joint 
  back in.
Anil John:  Oh okay finally thank you so just a bit of nuance to 
  the discussions around you know what Mike mentioned and the 
  questions that Manu is asking as well right so and and what Dave 
  noted about what the requirements are regarding fisma compliance 
  on agencies so the work that we're doing in DHS does not come 
  under National Security.
Anil John:  That so if you want to find out what how that is 
  different go look at that particular section I think day provides 
  a good overview in the paper on how certain things are binding on 
  one part of the government and not may not be binding on the 
  other but the long and the short of it is I would I would I'm 
  going to nuances a tad bit and I'm also going to tap dance a bit 
  and by noting that in general as Dave node is there are certain 
  things that we cannot way when it comes.
Anil John:   He's too you know.
Anil John:  Of Photography and what cryptography can be you so 
  from so from that perspective I sort of interpret that to mean 
  that if there is a specific direct guidance that you know this 
  particular cryptography can only be implemented using ABC and 
  options you do not have the luxury of getting out of that or 
  waving that and I think.
Anil John:   A lot of the work a lot of the guys.
Anil John:  And a lot of the information that they provided there 
  is very much around if you're using you know digital signatures 
  you know these are the things that are really really important if 
  you're using XYZ these are really really important and you cannot 
  basically you know you don't have a get-out-of-jail-free card 
  there where things get a little bit more interesting at least 
  from my perspective is when cryptography that currently is not 
  standardized and is.
Anil John:   Not laid down in law is potentially.
Anil John:  Has a specific set of benefits that may be from the 
  perspective of the agency is beneficial to the agency in 
  delivering your capability then that that particular aspect 
  whereby how an agency sort of implements that becomes more of a 
  risk based decision within the agency and a calculation own 
  whether or not.
Anil John:   Does the security properties.
Anil John:  Other privacy properties of this can we have 
  confidence in that and is it is it something that can actually 
  deliver significant amount of value to the agency and if we 
  implemented right so that that becomes a more nuanced discussion 
  internally and it tends to be very agency and in a component 
  specific in in in in how that is implemented beyond that I'm you 
  know.
Anil John:   No I I can't give you.
Anil John:  You a lot more information and to be blunt a lot of 
  these things that we're talking about a lot of the cryptography 
  that we're talking about is basically you know as as Manu noted 
  as Dave noted really good practice Market ography that has stood 
  the test of time and we obviously will require that to be 
  implemented but there are other pieces of the cryptography that 
  nist has not standardized and is still you know something that 
  may be of value to the government.
Anil John:  And see and those are things that we will you know 
  paying attention to you to make a roof space decision on whether 
  that makes sense provided that it does not violate any existing 
  law or in a broader security policies within government right so 
  I'll that's my tap dancing and I'm going to stop there.
Mike Prorock:  Yeah that's helpful and one thing I did want to 
  comment on to that I think David mentioned that I think is also 
  important is if you are looking at crypto in any of this kind of 
  stuff you should be in touch with the authors of this stuff and 
  you should be in touch with nist or other regulatory bodies if 
  you're trying to bring something new in because that's kind of 
  how that process works and crypto is slow for a reason David I 
  see you on the cube.
David Balenson:  Yes thank you so plus one on what you just said 
  Mike absolutely I think it's important to have the conversations 
  with with the government customers as an eel was just saying 
  they're making a risk calculation you need to help them make that 
  calculation and provide them the information necessary to support 
  the case that this this is alternative crypto it may be approved 
  but it provides necessary benefits.
David Balenson:   And yet it's still.
David Balenson:  Your mitigate the risks and give them the 
  information they need to be able to make that case and then as 
  you just alluded to as part of that talk to the algorithm 
  developers talk to nist as well this is not trying to obstruct 
  right they want to support as much as they possibly can but they 
  have a lot that they're wrestling with and the whole transition 
  to public-key crypto is clearly an important priority and then 
  the other thought that occurs to me is this is yet another 
  reason.
David Balenson:   Reason why building crypto agility in.
David Balenson:  Is absolutely critical because you're going to 
  need and want to be able to support alternative algorithms not 
  just over time through things like transition from current crypto 
  to Future public post Quantum crypto but also to be able to 
  support different sweets for different needs for different 
  customers.
Mike Prorock:  Yeah thanks man of your On Cue.
Manu Sporny:  Yeah so all this is super super helpful so I'm 
  trying to reflect back what I'm kind of hearing right so you know 
  there's the established cryptography it exists we can point to 
  nist standards we can point to ietf drafts this is stuff like you 
  know shot three and shs and you know those sorts of things and 
  then there's the you know when it comes to Phipps compliance 
  there's the.
Manu Sporny:   The what's deployed out there like what.
<anil_john> Specifically US Federal PKI
Manu Sporny:  To you so to give folks an understanding like a 
  flavor of what this actually means in practice if you go and you 
  look at things like the certificate authorities that the 
  government runs the US government runs Ori Canadian any 
  government runs with specifically US Treasury certificate 
  Authority stuff what you will find in there are Keys like keys 
  that are 23 years old meaning the.
Manu Sporny:   LG was invented 23 years.
Manu Sporny:  Still what is used for kind of the certificate 
  chain in so you know even if nist you know has approved some of 
  these Newark you know forms of cryptography and all that kind of 
  stuff when you get to Phipps compliance and if you have to use 
  those fips-compliant systems you're talking about picking up and 
  using technology that's that's 23 years old in some cases right 
  what I think all of us want to see is the ability to in parallel 
  you some of these newer Technologies so.
Manu Sporny:   I think that there's a.
Manu Sporny:  Plan for the Post Quantum stuff nist as David you 
  mentioned nist is all over the poet's you know standardizing post 
  Quantum crypto ietf you know is they're doing quite a bit of work 
  you know in that area not as much as I think some of us would 
  like to see but there's work happening there Mike you know put 
  out you know spec with a number of really good names you know on 
  it so that work feels like it's going to mature and it's going to 
  happen right the BBS.
Manu Sporny:   Plus stuff also you know there's work happening.
Manu Sporny:  F this involvement in that is a bit fuzzy to me but 
  you know I think they're aware of it so that's good like that's 
  on a good good track so I feel like at least those two things 
  that this community feel strongly about is happening in some 
  capacity or another but it's definitely not going to be like at 
  the same level that you all three is today at any point in the 
  next year or two.
Manu Sporny:   You know or three and I think.
Manu Sporny:  We're saying.
Manu Sporny:  Is that there's still a way to use that stuff 
  certainly in Private Industry because they don't have this as 
  strong requirement says US federal government systems have and so 
  there's there we have this ability to kind of put it out in the 
  market and in try it out okay so all that sounds good David in 
  your report shifting gears a bit in your report there was there 
  was this great thing that I feel like Nick and you did which is 
  you create.
<anil_john> NIST and Pairing Based Cryptography -- 
  https://csrc.nist.gov/Projects/Pairing-Based-Cryptography
<mprorock> thanks anil
Manu Sporny:  It's like if you needed to draw a line to the nist 
  Publications how does that flow from the w3c doc to an ITF dok2 
  in this stock so it is in I think they were named things like w3c 
  description of hash functions w3c description of digital 
  signature functions and things like that there's this presumption 
  that there would be a specification that did that and I know I 
  think you were you were kind of.
Manu Sporny:   Sketching in the abstract in.
Manu Sporny:  Paper in reality those types of documents won't 
  exist at w3c w3c is too big of a place in there too many 
  different application areas for w3c to publish one document on 
  hash functions one document on signature functions and things of 
  that nature so I mean we are taking that input into account David 
  like I'm one of the editors we've got multiple editors of 
  specifications on this call today that are going to.
<mprorock> direct link to the actual report on Pairing 
  https://nvlpubs.nist.gov/nistpubs/jres/120/jres.120.002.pdf
Manu Sporny:  Of that document and I just wanted to confirm with 
  you that you weren't being literal when you said there's a you 
  know a w3c description of hash functions you were saying there 
  exist some document that then draws a clear line to ITF specs and 
  then nest and Phipps Publications is that is that a proper 
  interpretation of what you wrote.
David Balenson:  I believe it is yes that was really our attempt 
  to come up with an as when I'll call an as-built specification 
  sort of the graph the path of the connection among the different 
  crypto related documents and it was not an attempt to either.
<mprorock> a counter approach btw - 
  https://w3c-ccg.github.io/traceability-interop/ we have directly 
  linked to FIPS, NIST, as well as IETF in line in the profile
David Balenson:  Analyze what was in each of them or to make any 
  recommendations as to what should go into any of them ultimately 
  that's up I think to you and the community is to decide what the 
  right set of intermediate documents or specifications or glue 
  documents that are needed in order to connect everything up we 
  were just trying to make sure we had an understanding of what.
David Balenson:  What the path was and and ensured that there was 
  in fact the path right path to to the required NIST documents.
Mike Prorock:  Cell phone the queue and I do want to kind of 
  comment on that a little bit because the I thought I did yep you 
  know one of the things we've kind of as a takeaway and it you 
  know but all and feedback from David and others in the Trade 
  Center op side of things that's part of why we have direct links 
  out as appropriate to the very specific here is this exact 
  publication here's the exact version of it you know.
Mike Prorock:   No any superseding comments just below.
Mike Prorock:  Like when I was coming in and looking at this 
  stuff for the first time you know with a reasonable background in 
  cryptography it was very hard to go find those underlying things 
  and what exactly was going on and make sense of it compared to 
  other things and so I think that kind of to that fifth point that 
  they've had brought up around documentation that's an area that 
  we all can always continue to improve right and that's not to say 
  we've done it right there on the trade side but that's one of the 
  goals there is to try to improve that aspect of it.
Mike Prorock:   So that if you've got someone from the security 
  side.
Mike Prorock:  And you know like we work with a number of 
  chemical companies and crop protection companies and stuff right 
  when they're going in and looking at your the standards that you 
  say you're following they should be able to quickly get to the 
  reference points that thereafter they shouldn't have to click 
  through three or four links to get it because they won't frankly 
  he'll just say no has been my experience I did want to also 
  comment because you know I know Manu that some of the stuff is 
  like yep.
Mike Prorock:   Four-year-old yo crypto or you know whatever 
  else.
Mike Prorock:  Reality with cryptography is outside of certain 
  things that Force adoption of you know the you know like in this 
  case you know post Quantum right or when things get broken on you 
  know other other items right that force and Adoption of a new 
  thing generally the older and more hammered something is on is 
  the better right you did generally try not to take oh this is my 
  cool thing that I like is it solves this problem and well that 
  gets broken.
Mike Prorock:   You should assume that that will get broken right 
  first and.
Mike Prorock:  Assume that getting broken is desirable right 
  because it doesn't get broken publicly someone else won't break 
  it behind the scenes and I'll tell you about it and then it 
  becomes a real problem and it for those of us that have had 
  engagement with like stream ciphers over the years right like our 
  C4 is the classic example of something that's like oh this is 
  cool it's super fast everything else got all these great 
  properties gets widely deployed in turns out to be a nightmare in 
  actual practice with all sorts of holes and then quickly 
  everyone.
Mike Prorock:   Who did not think about crypto agilities redoing 
  massive amounts of their.
Mike Prorock:  So a lot of this stuff is very well tied together 
  men who c1q here.
<mprorock> a?
Manu Sporny:  Yeah and I def I'm trying to not jump on the Queue 
  too much and if it's other people but I've got a ton of questions 
  for David's I'm not gonna I'm not gonna let the opportunity pass 
  so I wanted to I wanted to acknowledge Mike what you're saying 
  the old stuff stays around for much longer because it's tried and 
  tested and it's been hammered on and you know it's secure and 
  like there's all those are.
Mike Prorock: +1 Manu - there is a good reason to shake up 
  certain things
Manu Sporny:  Let me also remind all of us that the verifiable 
  credentials initiative took three years of lobbying like before 
  anything really happens because the x.509 community had such a 
  violent reaction against some new form of issuing a certificate 
  right I mean so verifiable credential you could just do this with 
  x.509 certificates I don't see what the problem is the problem 
  was solved along time ago and you're just injecting.
Manu Sporny:   Completely useless new specification that's going 
  to.
Manu Sporny:  Iron like these are the arguments that were used 
  against verifiable credentials for a good three years by existing 
  you know certificate authorities large vendors that kind of thing 
  right and then the the the argument shifted from x.509 20 Json 
  web token exists it you can express any kind of claim that you 
  want you can already do verifiable claims and in jwt's you don't 
  need to change anything just register your properties at ITF in.
Manu Sporny:   Are done right and that fight took.
<mprorock> i am not sure that fight is done
Manu Sporny:  So there is a dark side to the the amount of 
  vetting that is necessary that that we talked about and that is 
  that the people that are bringing new technologies to bear on 
  these problems where the old Technologies very clearly do not 
  solve the problem have a really hard uphill like multi-year 
  uphill fight to just even be given the chance to put.
Manu Sporny:  All gee you know out there on a standard Strack so 
  I wanted to make sure that you know there is there tends to be 
  this kind of flippant response to anything new by establish 
  vendors in the space that harms our ability to actually solve 
  these problems right you have to convince everyone that there is 
  actually a problem be be solved.
Manu Sporny:  Changing subjects really quickly actually you know 
  what no I'm gonna I'm gonna be quiet and let someone else go.
Mike Prorock:  Nowadays I think you hit on some good things there 
  and in a think one of the key topics is that that I think you got 
  at is what your when you look at some of these established things 
  why they're established and what is worth shaking up you know 
  going after new crypto can be really hard for just the math proof 
  reasons write them to and difficulties related to that and the 
  fact that they rely on hard problems so it limits.
Mike Prorock:   It's the space of.
Mike Prorock:  That's the stuff but looking at how you transform 
  and represent this stuff I mean that's where verifiable 
  credentials obviously is a case in point like brings an actual 
  like real Solution on top is especially around the semantic 
  meaning side and things like that they're highly valuable those 
  are critical things of value that differentiate from existing 
  x.509 or the continuing fight with jwk you know where aspects of 
  jwk right on its own.
Mike Prorock:   You know so I think.
Mike Prorock:  Wing what battles to go pick you know crypto 
  itself is probably like the actual underlying cryptography 
  probably barking up the wrong tree as far as like getting broad 
  commercial adoption if you're after broad commercial or covid 
  option but you can definitely fight those battles on things like 
  key representations and things like that right especially if 
  there are significant value to be had since we actually have like 
  a customer of this kind of stuff on the line I'm going to put 
  them on the spot I.
Mike Prorock:  It's on you know that aspect of the discussion 
  like as far as Expo nines and JW case and movement forward 
  adoption new tech I mean what motivated you to even start looking 
  at this space from a you know gov you know / commercial aspect.
Anil John:  So you may or may not like the answer that I gave you 
  Mike so it's a lot but I'll give it any where right so I think 
  I've been very clear from the beginning of my involvement in this 
  community that I work for a sovereign I tend not to buy into the 
  Techno utopianism of some of the my colleagues here on this call 
  right so having said that the rationale for moving forward with 
  verifiable credentials.
Anil John:  Two fires in particular were very straightforward 
  I'll start with decentralized identifiers primarily because of 
  the the I was going to use a pejorative I'll refrain from it the 
  disaster that is a social security number where I'm number that 
  in the 1930s was designed to be a identifier for a social benefit 
  as over time become conflated and being used as an.
Anil John:  A was a problem that we thought that I needed to get 
  a solution to and so when when Drummond read my new Christopher 
  Allen and less Jason paying me way back you know five or six 
  years ago and said hey we want to like take a look at this and is 
  there any way is there any interest in your community would there 
  be any funding for it I was happy to find it because I saw that 
  as a.
Anil John:  As a potential solution to Iraq and identify a 
  representation that clearly separate your dedication from an 
  identifier functionality and provided a set of capabilities on 
  top of it having said that to be blunt I had no idea that they 
  and the did working good would actually have a opportunity to 
  solve one of the fundamental problems in.
Anil John:   It which is if.
Anil John:  Digitally signed document how do you basically get 
  access to the public key that was you know the mate of the 
  private key that was used to digitally sign that document I 
  consider the resolver functionality that is in the did to be the 
  super secret super power of the decentralized identify our 
  ecosystem I don't care about decentralization I don't I love the 
  separation of.
Anil John:   Ian and and authentic.
Anil John:  Shouldn't but the secret super power is a resolution 
  functionality where you can feed in an identifier and you get a 
  container of that basically contains metadata about the issuer 
  right so that's a big deal so so that that was a reason for going 
  down that particular path the very fiber credential very simple 
  json-ld is really really attractive because it is a global 
  standard it basically is the underpinning of verifiable could.
Anil John:  I'm not used in isolation and we really did not have 
  a mechanism that provided a generic way that of representing 
  information that was semantically aware supported language 
  translations because in a bit because of the rdf underpinnings 
  and provided a mechanism for providing information in a developer 
  friendly manner so so those were some of the rationale for going 
  down this path and.
Anil John:   What came out of.
Anil John:  Out verifiable credential is that clear separation 
  that separated out the holder which typically has been either 
  ignored or glommed together with the with the issue itself that 
  was articulate in the verifiable credentials data model and a lot 
  of the other properties that have come along for the ride where 
  by you giving agency and power to that holder the ability to put 
  in place capabilities that does not.
Anil John:  You know does not continue to encourage a an 
  environment where you are an issuer has the ability to track you 
  across space and time depending on whether credential is used so 
  the the ability to sort of architect the solution such that you 
  can prevent the phone home problem and things like that was 
  really attractive so all of that and the potential bridge to 
  paper that that technology provides.
Anil John:   Really become really really important.
Anil John:  You my two primary customers write my two primary 
  components at the people that I do this work on behalf of which 
  also just so happens to be the two oldest parts of the US 
  government to entities that have been around as long as America 
  has been around u.s. immigration which is in the business of 
  producing everything from the permanent resident card employment 
  authorization and u.s. Customs which is in the business of 
  digitizing trade document right so and.
Anil John:   They saw the value of these Technologies.
Anil John:  In the because it provided the open Global 
  Perspective that is not very u.s. Centric that actually is 
  something that a global Community can get behind and I know that 
  it was a long-winded answer to probably something that you were 
  hoping was short Mike but that's the rationale.
Mike Prorock:  No I that's actually exactly what I was looking 
  for so that was extremely helpful because I think we don't often 
  enough think about the Practical like sometimes it's very easy to 
  get distracted by like tech for tech sake because sometimes it's 
  just cool right now and a lot of times it's important to go back 
  and look at the motivation for adoption so that we can focus on 
  the amplifying that message for further adoption across other 
  areas so.
Mike Prorock:  I see you on the Queue and then we'll pass it to.
Mike Prorock:  Bubbly response Andorra wrap up so.
Manu Sporny:  Okay great thanks and yeah that's it's always 
  really interesting to me to hear Anil you go through the 
  rationale for why these Technologies are interesting to the US 
  government it certainly I mean it's strange I've heard that 
  multiple times throughout the years every time I hear it it feels 
  new and in like really good it they're really solid points.
Manu Sporny:  Is that for whatever reason are not the motivating 
  factors for at least our organization I mean we it is they are 
  motivating factors but they're not the primary one so I think 
  it's really neat that this technology has gotten people that are 
  very much interested in self Sovereign identity interested in 
  them and Sovereign Nations interested in the same technology 
  there's a bridge building going on there that's interesting 
  socially interesting.
Manu Sporny:   Last question is is.
Manu Sporny:  To David it's really to the general ecosystem 
  you've spoken a couple of times about this is really food for 
  thought you've spoken a couple of times about cryptographic 
  agility and I think everyone here is totally on board with that 
  and we're building our systems to make sure that their 
  cryptographically agile it was a lesson learned long ago you know 
  with our C4 and md5 and all that all that kind of stuff however I 
  think there's a gap in the.
Manu Sporny:  That you've got people working on cryptographic 
  Primitives like the crypto form research group at ITF in nist in 
  there basically these tools these Primitives that you kind of 
  throw out on the table and then the step that happens after that 
  at least to me is horrifying because then you have a bunch of 
  seemingly random developers picking those Primitives off of the 
  table and putting them together in ways that I would suggest or 
  dangerous right so.
Manu Sporny:   This kind of gets the the concern that.
<mprorock> lol @manu - this is a very concerning and awesome and 
  terrifying point
Manu Sporny:  Don't have an OSHA for cryptography so OSHA is the 
  occupational safety and health administration when you go on a 
  job site any kind of physical job site you know in the United 
  States and people aren't wearing their harnesses or their hard 
  hats OSHA can come in and find them because it's an unsafe work 
  environment we do not have that in cryptography and so what you 
  end up having is like web developers that have very little 
  understanding.
Manu Sporny:   Of cryptography just kind of slapping things 
  together.
<anil_john> We *USG* does have it via FISMA/FIPS pubs :-)
Mike Prorock: +1 Anil
Manu Sporny:  And we've seen some of that in this space in there 
  some of us are really trying to make sure that you know things 
  are built in the right way and it's debatable on what the right 
  way there is so does anyone know of such a thing because it's not 
  ITF and it's not nest and it's not the it's not the the 
  conference's paper conferences what is the equivalent of Osha 
  for.
<tallted_//_ted_thibodeau_(he/him)_(openlinksw.com)> NSA
<mprorock> no such...
Anil John:  I'll just jump in here my new and say that I disagree 
  with one Nuance on it right so it's the US government does have 
  something that is the equivalent of it and that is the entire 
  theme of this today's and last briefing right the fisma Phipps 
  Publications that are binding on the US government is the 
  equivalent of Osha for cryptography on the US government now it's 
  not binding on the private sector and I.
Anil John:   I have no answer there.
<manu> FISMA/FIPS has never stepped in in our commercial 
  contracts and fined us (or anyone), nor has the NSA :)
Anil John:  Hey these what what nist is doing and Publishing is 
  open and they are they do encourage other people to adopt it.
David Balenson:  Yeah I would agree with that wholeheartedly and 
  point out that in many ways this is not dissimilar to just the 
  whole software Assurance challenge right so crypto is not the 
  only area where we've run into challenges with the process that 
  you're describing manyu right we've got people who are slapping 
  together software that aren't always applying the right software 
  security.
<mprorock> software supply chain is a big deal that shares the 
  same issue
<mprorock> the work Krebs started on this front is quite good
David Balenson:  When they couldn't should be and I know that 
  there are a lot of efforts of foot to try to improve software 
  Assurance I know that sza the cyber security and infrastructure 
  Security Agency and another one of the many components within DHS 
  is been working on identifying vulnerabilities and trying to come 
  up with new processes to improve software Assurance to improve 
  improve supply chain security.
David Balenson:   There's efforts such as.
David Balenson:  Software bill of materials just for tracking 
  what the software components are right you can't even begin to 
  know what are the issues the challenges the vulnerabilities if 
  you don't even know what what software you're using and then 
  there's also always forget the with the acronym stands for vex 
  it's a companion effort on Vex and then you've got things like 
  CDE and what have you and.
David Balenson:  Perhaps extending these processes or coming up 
  with similar processes for cryptography you also excluded the ITF 
  and yes they're not the OSHA fisma is more like the OSHA but I 
  still think it's good I was even going to mention this earlier 
  it's good to align with the ITF into work as a community to 
  develop the appropriate standards.
David Balenson:   And I think that that.
David Balenson:  Because then that provides the standards that 
  the software developers can write the packages to and then the 
  packages are in better shape for for web developers and others to 
  to adopt and use in fact it's one of the things I mentioned this 
  to you the other day Mike I would be curious to know what are 
  some of the common crypto package that folks in this form are 
  using are they using packages that are already out there like 
  like TLS.
David Balenson:  There's or are they rolling their own and sort 
  of where did they.
Mike Prorock:  Yeah II that actually would be a great topic for a 
  future meeting and if you would like to join us on that I 
  absolutely will spin a topic call on that because I've been 
  digging pretty heavy into that over the last few months actually 
  and if there's some interesting and surprising stuff as well as 
  some good stuff but it's kind of a little bit all over the place 
  unfortunately we are at time but the one note that I'm going to 
  say in closing man who is Wala we don't have someone like oh sure 
  that comes in and finds you.
Mike Prorock:  If you do it wrong you do have folks that want 
  adopt your contracts.
Mike Prorock:  I'm not sure we need.
Mike Prorock:  Sara Lee in cryptography what people that can come 
  in and find you for that for the simple reason you know 
  legislation and other areas that are pushing for things like back 
  doors and crypto that frankly break the whole damn thing right 
  that we should never allow to come into play so it so it's a fine 
  line right it's a very nuanced topic like a lot of the stuff 
  we're dealing with here especially when it relates back to 
  personal privacy so.
<anil_john> Thank you CCG, thank you Dave .. appreciate the 
  opportunity to contribute to the discussion today.
David Balenson:  And and real quick let me let me just throw in 
  another potential future topic is globalization right and and 
  when you're dealing with different countries different 
  government's right I mean I support automotive cybersecurity and 
  we're having this challenge with manufacturers who are trying to 
  sell in the US and Asia and China for example right and and 
  different requirements for different crypto.
<manu> SM9 and GOST are mentioned in the new VC 2.0 WG :)
Mike Prorock:  Yeah absolutely export restrictions are a thing 
  like if you're dealing with real crypto and are not familiar with 
  that you will probably run into it at some point.
David Balenson:  And I'm not even talking about export 
  restrictions I'm just talking about global markets and how do you 
  support different crypto that are required for different 
  different markets.
David Balenson:  I'm back.
<manu_sporny> Yes, thank you David!!! Really enjoyed this 
  meeting.
Mike Prorock:  Yep yeah and it could Point man who just a rabbits 
  out that sm9 goes siderite that's stuff BC next PC working groups 
  going to be pretty critical here so really appreciate the time 
  thanks everyone who are going five minutes over here the once 
  again David thank thank you very much really appreciate this deep 
  dive hopefully this is the first of many back and forwards on 
  certain key deep topics as relates to the community so.

Received on Wednesday, 23 February 2022 21:32:58 UTC