Meeting minutes
Meeting Organization And Time Slot Conflicts
Wesley_Smith: Hey folks, Benjamin, do you know who is running this call
Benjamin_Young: I do not has somebody chaired these in the past or…
Benjamin_Young: have there been dedicated barcode calls in the
Wesley_Smith: I don't think there have been dedicated barcode calls in the past. Manu, I didn't think you were going to be able to make it. do you know who's running this call today, Manu? Do you have somebody in mind?
Manu_Sporny: you are or…
Wesley_Smith: Okay, that's exciting.
Manu_Sporny: lane you two are the editors that's typically the people that run the calls.
Wesley_Smith: All right,…
Manu_Sporny: So, usually about 4 the hour,…
<Ted_Thibodeau_Jr> FYI, this meeting slot collides with longstanding Federated Identity Community Group (https://
Wesley_Smith: sounds good. Yeah. how long should we wait before we get started for folks to check in?
Manu_Sporny: people trickle in by then.
Wesley_Smith: So, I expect today is going to be largely process and talking at a high level about the future. Manu, is that your expectation as well?
Manu_Sporny: And I think we can, get agenda ideas from everybody. I've got a couple before we start
Wesley_Smith: And then Greg, are you running the data integrity half of the call or who is running that?
Greg_Bernstein: I Dan or…
Greg_Bernstein: whoever else like to get involved. But I did put down some notes.
Wesley_Smith: Yeah, I'd be happy to run from a process perspective,…
Wesley_Smith: but I don't have insight into the current state of that work as you do.
Greg_Bernstein: Okay. I put down is happening or…
Greg_Bernstein: what's on the plate there.
Wesley_Smith: Okay, Ted,…
Wesley_Smith: I see your note in chat. Monty, you scheduled this call, I believe. Was this a difficult to find slot?
Manu_Sporny: No. I just picked it because it's the one that we had been meeting on for another call. I mean, these time slots are incredibly difficult. 10:00 a.m. and 11:00 a.m. Eastern are always conflict with something else. So, …
Greg_Bernstein: Thanks.
Manu_Sporny: if there are folks that need to be at the federated,…
Manu_Sporny: group calls, then let us know if it's a conflict for you directly. it's just going to be impossible to find anything that works for everyone, right? …
Ted_Thibodeau_Jr: Yeah, I recognize that to be the case,…
Ted_Thibodeau_Jr: but I don't know how many others might have the same conflict. I will be bailing out on this one shortly and we'll be there. Manu Sporny:
Manu_Sporny: Plus one. we can send out another doodle poll and see what people say and…
Ted_Thibodeau_Jr: Yeah, hopefully I'll see it. All right.
Manu_Sporny: then go ahead Elaine you got your hand up but Wes I think Yeah.
Elaine_Wooton: considered Monday also.
Elaine_Wooton: Mondays just tend to be People travel or whatever, but that was another slot that we considered. I think Manu was Monday at the same time. So, I don't…
Elaine_Wooton: if that's better or ask people
Manu_Sporny: Yeah, we'll just send a poll out,…
Manu_Sporny: it'll and see what for the folks that need to be on these meetings, what works. And we've got 11 today. That's a pretty good turnout for something as esoteric as barcodes and digital signatures. but yeah, how about this? I have very little spare time these days. since Wes, Elaine, Greg, y'all are kind of the lead editors for these things, y'all should probably arrange and send the poll out and that sort of
Wesley_Smith: Sounds Happy to do that. so we waited a few minutes. We have a good number of people here.
Wesley_Smith: Mont, you said you had a preliminary agenda that you wanted to work off of today.
Manu_Sporny: just some suggestions.
Greg_Bernstein: What's that?
Manu_Sporny: There are a number of administrative items we should cover. so that would be just an agenda plus for those administrative items like the specs moved over, what's our work mode? we need to talk about publishing a first public working draft and see what the timeline for that is. We need to establish, the timeline that the group believes they're on, things high level things like that for both the barcode spec and the quantum safe data integrity suite as well as the other data integrity things.
Greg_Bernstein: I'm sorry.
<Greg_Bernstein> (a) DI spec update plans: moving selective disclosure functions -- https://
Wesley_Smith: Okay, that sounds good.
Wesley_Smith: And thank you for the reminder. I need to get an IRC myself.
Manu_Sporny: Just to be clear, we don't use RC for this call.
Wesley_Smith: Sorry. okay.
Manu_Sporny: when we're auto transcribing and auto recording.
Wesley_Smith: What is the agenda plus mechanism you're referring to?
Manu_Sporny: I'm saying I'm requesting those items be added to the agenda to the people that are running the call, which would be you and Elaine and Greg. And you can say,…
Wesley_Smith: Understood. That sounds good.
Manu_Sporny: "Nope, we're not going to talk about that today.
Wesley_Smith: Ivan, you have your hand up.
Ivan_Herman: Yes, I have still on the practicalities. I don't know from the top of my head, but I can look it up. Who of you are already officially on the task force?
Wesley_Smith: Hey,
Ivan_Herman: I know you Was Lea, Greg, Manu, I'm sure probably Ted and myself and Phil Archer and Brent. The others may not. please send me an email with your email account that you use on W3C and then I will put you on the list. And that means that for example and if anyone else whom you take the responsibility of putting him or her on the list then send me that as well.
Ivan_Herman: There is a mailing list which is task force specific that you can use to do things like setting up the dial in details and timing etc. yeah that's it. So please give me your credentials to be able to do that.
Wesley_Smith: Okay, thanks Greg, sorry. Did I interrupt you?
Greg_Bernstein: Nope. Nope.
Wesley_Smith: Okay, excellent.
Greg_Bernstein: I guidance for the DI part of the call in the chat.
Greg_Bernstein: Wait, that's for the DI portion. Wesley Smith:
Wesley_Smith: Okay, that sounds good. all right. So, with respect to some of the process items that you mentioned, Manu, can you or Ivonne or somebody else speak to what is required in order for first working drafts for these documents to be released, specifically the VC barcodes and data integrity specifications?
<Ivan_Herman> For info, this is the list of current participants Participants | VC Barcodes and Data Integrity | Task Forces | Discover W3C groups | W3C
Process For First Public Working Drafts
Manu_Sporny: So we would need to resolve to publish them. the first public working draft is kind of the first official document that we are publishing as a group. It doesn't mean we agreed to all the content in it. it doesn't mean any of that stuff, but we just kind of need to get a document out there on what's called the technical report space at W3C. usually what happens is someone makes a proposal to publish a first public working draft of for example the VC barcode spec we have to pick a short name like barcodes which is the current short name and then we'll see some discussion and a bunch of pluses or minus1's or whatever to publish.
Manu_Sporny: We can also decide it's too early and people want to review the document before we publish an FPWD. once that's done presuming that people are supportive of publishing the first public working draft then there is a process that Avon performs to raise a request and do the publication and that sort of thing. I'll also note that there's a publication moratorum coming up towards the latter part of this month. which basically means we can't publish anything during that time frame. but that's it from a first public working graph perspective. I think the only one we're ready for FPWD on is VC barcodes. The data integrity stuff we can talk about. Greg, I don't know if you feel like we're ready there.
Manu_Sporny: There's the postquantum suite which we might discuss today isn't even moved over from the CCG. So we have to have a discussion about that. it is one of the things we could work on but it hasn't been moved over yet.
Manu_Sporny: So I'll just stop there. That's kind of some of the administrative background on what we'd need to do for an FPWD.
Wesley_Smith: Yeah, thanks.
Wesley_Smith: And sort of quick question,…
Wesley_Smith: apologies for my ignorance, but if we're not using IRC, what's the mechanism by which we take a consensus vote? Just the Google. understood.
Manu_Sporny: you can use chat just put it in the chat channel it would be and…
Manu_Sporny: I'm not saying do this now but we use all the same commands we use in IRC so you would do all caps proposal colon and then the proposal which would be like publish VC barcodes as a first public working draft using the barcodes shortname right as an example and then the rest of us would plus one minus one whatever that in the chat channel. and then if there's consensus you put resolved or…
Manu_Sporny: resolution all caps colon and then the exact same thing again if there were no modifications to it.
Wesley_Smith: Understood. Thanks.
Wesley_Smith: Ivon, you have your hand up.
Ivan_Herman: Yeah. …
Ivan_Herman: one thing that I think Manu did not say but the document itself may need some care to be along the publication guidelines of W3C. So that may require some editing. I haven't looked at this document yet so I don't know in which state it is now but usually there are minor things that have to be done to the respect preamble to be correct. it has to go through the pub rule checkers which will shout at you if something is not correct. you have to go through HTML.
Ivan_Herman: You have a pub rule checker that will tell you whether the HTML is correct or not. You have a link checker. So, there are some mechanism that have to be followed before it can go to publication. actually be preferably before I raise the issues for transition requests.
Wesley_Smith: Thanks, Savon. So, just to be clear,…
Greg_Bernstein: Okay.
Wesley_Smith: those things are things that can happen after the group votes on moving to first working draft.
<Manu_Sporny> I can help w/ all the pubrules stuff :)
Wesley_Smith: All right. thanks very much, Phil.
Ivan_Herman: This is correct.
Phil_Archer: Thank you.
Phil_Archer: Task forces have a lot of agency and can do all sorts of stuff. you can resolve to change this and accept that merge request or whatever it can be. When it comes to things like resolving to do a first public working draft, that needs to be a full working group resolution. same for candidate reckoning, that kind of transition. so I would ask that if this task force resolves to go to first public working drop which is completely uncontentious and everyone hopes it's going to happen that's going to be contingent on the same resolution being taken at a full working group meeting on Wednesday and please let the group know in advance hey this week we're going to be asking you to we want to transition this document here to first of all the working draft candidate record whatever it may
Phil_Archer: The group needs a bit of advanced notice. given that today is the first working day for most Europeans since Thursday, if you want to send it out today saying we're going to put it on the call for tomorrow in the task force section, that's fine. I'm not going to worry about that. But it does need to be a working group,…
Wesley_Smith: Absolutely. Thanks, Greg.
Phil_Archer: an all working group resolution to make a document transition. Please
Greg_Bernstein: Ivan could you somehow send us up to those various checks? I've been cleaning up the safe stuff and it had a lot of different authors and so there's a lot of things that I've fixed but as I'm going through and get getting in shape. So I may not have used the right such like that. So if you could kind of send a link chat run those sooner and…
Greg_Bernstein: fix those things. Yes.
Ivan_Herman: Greg, I think you were addressing me.
<Manu_Sporny> Your audio is dropping pretty badly Greg -- can still understand you, but it's difficult.
Ivan_Herman: As money put it on IRC, the audio was pretty bad. but I think I got the sense of it. But I believe that Manu has already proposed to help with the Pabru stuff. So you will get the right help at the start. And if money for whatever reasons is out of circulation, then I can jump in as well. But it's better…
Greg_Bernstein: What's
Ivan_Herman: if he does it because he knows better I haven't seen the document at all yet, which is my fault to be honest.
<Phillip Long> Sounds like vox is clipping the audio
Wesley_Smith: Thanks everybody for useful perspective and feedback. I guess at this point I would like to move to talking specifically about the VC barcode specification and moving that to FPWG. so does anybody else have any points they'd like to make about process or guidelines we should follow here? Anything along those lines? Hearing none. so before I put forward a proposal in front of the group, I'd like to open up the floor to talk a little bit about the V VC barcode spec specifically. so I'm one of the authors and editors of that specification.
Wesley_Smith: I believe the specification is in the shape required to be a first public working draft. It is not finalized but it's in pretty good shape both the kind of informative and normative aspect of the specification. I think that I don't see any reason why we would not want to entertain a proposal to move it to first working draft today. but I'd be happy to hear if anybody has a different perspective then hearing none, I will type up a proposal in chat. I suppose I should link to how should I indicate or…
Manu_Sporny: You can include a link or you can just name it. It should be pretty clear which one we're talking about. But including a link to the actual spec.
Wesley_Smith: to not be circular with a short name or something.
Manu_Sporny: Barcodes. I can try to get that.
Wesley_Smith: I got it.
Wesley_Smith: Is the correct link or does it matter? the SER page github.io link.
Manu_Sporny: You can use the served page. So, this one. That one's probably good.
Wesley_Smith: Okay, bear with me folks. Thanks for your patience.
Wesley_Smith: Does that look about what folks are expecting or…
Manu_Sporny: Yeah, that looks good at you can put whatever you want to in a proposal.
Wesley_Smith: contingency? The claus is legal in proposals.
Manu_Sporny: And then if we don't see any minus ones then it's basically copy paste the same text but you put resolved or you can also put resolution in the same Text.
Wesley_Smith: Right. is Phil Archer, I'm going to call you out specifically.
<Manu_Sporny> Verifiable Credential Barcodes v0.8
Wesley_Smith: Is this compliant with…
Wesley_Smith: what you were suggesting?
Phil_Archer: very happy.
Proposal To Move VC Barcodes To FPWD
<Wesley_Smith> PROPOSAL: Move the Verifiable Credential Barcodes v0.8 specification to First Public Working Draft, with short name "vc-barcodes" contingent on a similar resolution being passed by the full VCWG.
Phil_Archer: Yes, of course. Yes. Yes. Yes. I don't want to be an ogre. I'm just trying to make sure all the eyes are dotted. Sorry. No.
<Manu_Sporny> +1
Wesley_Smith: No, no, no. you raised an excellent point. I want to make sure that what we're doing here lines up with that.
<Ivan_Herman> +1
Phil_Archer: Spot on. Thank you.
<Phillip Long> +1
<Wesley_Smith> +1
<Dave Longley> +1
Wesley_Smith: All seeing lots of plus ones and no minus ones, I'm going to go ahead and…
<Greg_Bernstein> +1
<Parth_Bhatt> +1
Wesley_Smith: call that contingently resolved. Manu, I will chat with you probably offline about how to disseminate the heads up about the proposal to the VC working group. so, Ivon, go ahead.
Ivan_Herman: Yeah, I mean something that it's worth discussing think now is the timing of all this.
<Dave_Lehn> +1
<Benjamin_Young> +1
Ivan_Herman: I'm looking at the calendar here and we have to know that the publications for these kind of drafts happens on Tuesdays and Thursdays. this is when we can publish something like a first public workinging draft and before that I have to get a transition request in and it has to be approved. So there is an administrative step to do we get the I'm thinking out loud here.
Ivan_Herman: We have the resolution probably hopefully tomorrow. I can raise the transition request tomorrow evening or on Thursday at the latest Friday. Maybe we get a plus one. We were surprised Manu and I to have a very quick turnaround with the VC draft last time. So maybe it happens again. There are wonder it is not impossible to get it published on the 16th of Thursday but it's close to a wonder if we can. manu you will take care of the final version of the document with changing dates etc. Yeah.
RESOLUTION: Move the Verifiable Credential Barcodes v0.8 specification to First Public Working Draft, with short name "vc-barcodes" contingent on a similar resolution being passed by the full VCWG.
<Dave Longley> ^this text doesn't get saved, though, right? do we have a tool that will parse and save it later if we want?
Manu_Sporny: Yeah, I'll work with Wes. I'd say let's try for the date and if it doesn't happen, that's fine. We can just update the date.
Ivan_Herman: So we can try for the 16s and if it is not that one then it will be the 23rd or the 28. That's just for the records. We will try to wait go for the next week, but promises.
<Elaine_Wooton> +1
Wesley_Smith: All right, that sounds good. Thanks folks. All right. with that out of the way, I guess maybe Greg, I'll pass it over to you. I don't know if there are any process or similar items you wanted to do with the data integrity specification before we move over to more technical items.
<Manu_Sporny> The text gets saved now
Greg_Bernstein: That's easy.
<Manu_Sporny> (and integrated into the minutes)
<Dave Longley> oh, ok, good to know, thanks!
Wesley_Smith: Manu, you have your hand up.
Manu_Sporny: Just real quick for the barcode spec. over the last week, Avon and I moved it over to the repository, updated the respec headers, aligned the editors with the current editors, and did I think everything we needed to get it into shape. So just reporting that we think it is in good working group shape at this point and the expectations are the FPWD will go forward and then Avon and Avon has to set up Akidna which is the autopublisher mechanism which then means that any new change that we push to the main branch for the spec will automatically be pushed as a working draft
Manu_Sporny: to the technical report space at W3C. So, it kind of automates the process and makes it really easy from then that point on. we'll have a chance to talk about that in upcoming meetings, but that's kind of just to set expectations. We're on a good trajectory with the end. That's it.
Wesley_Smith: All right, thanks very much. Greg, over to you. Anything you want to talk about process-wise for data integrity?
Greg_Bernstein: process wise.
Greg_Bernstein: We have a few different types of things going on. We've had a desire to refactor and clean up some of the existing specs.
Greg_Bernstein: So is right now all our selective disclosure function actually defined in the ECDSA crypto suite spec and those are actually reused by the BBS as we'll see we're going to probably want to reuse some of with the postquantum stuff. So, kind of upgrading or I'm not sure exactly how that in a set of issues about that suggestions back like January.
Greg_Bernstein: Then we have the quantum safe. So part of the process was how do you know these are very different things updating and…
Greg_Bernstein: one is new specs. Wesley quite …
Wesley_Smith: Yeah, thanks.
Wesley_Smith: I just wanted to know that your audio is cutting out quite badly, so I was going to suggest that interest of having kind of functional meeting minutes, maybe after you finish, you could type up a brief overview of what you were saying in the chat. but yeah, that was it. I didn't have anything to say directly about the points you were making.
Greg_Bernstein: this is bad.
Greg_Bernstein: I've not had audio problems before.
Wesley_Smith: It almost sounds like you're using a microphone with some very aggressive noise suppression on it.
Wesley_Smith: It's kind of hard to tell.
Greg_Bernstein: H I'm gonna talk.
Greg_Bernstein: Does that help? I did upgrade my OS so I apologize. I haven't had problems like this before. So I will investigate mic.
Wesley_Smith: Manu, go ahead.
<Benjamin_Young> Sounds more like lag
Manu_Sporny: Right. So on the data integrity specs and the quantum safe specs. So, just to kind of recap what Greg said, the data integrity specs are version 1.1 specs, we're supposed to be in maintenance mode with them with a caveat that we can add new things related to security issues, and we can make editorial e changes.
Manu_Sporny: The stuff Greg mentioned about refactoring it and moving the selected list disclosure algorithms from the ECDSA spec to the core data integrity spec so that we can then reuse them across a bunch of different specs. those changes I'll assert are editorial changes, it is a pretty big kind of restructuring, but We're not removing features. We're just changing where the content's going. so I suggest it's important to make those changes. It's a good cleanup. I suggest we make those changes as quickly as we can and then reuse it.
Data Integrity Specifications FPWD Process
Manu_Sporny: Which means that we are going to want to propose FPWDs for data integrity, EDDDSA, at least just those three. We can't do the quantum safe one yet because that spec is still in the CCG. It has not been handed over to this group yet. So, we would need to have a separate discussion on when the timing for that is and all that kind of stuff. We should talk about the new Google announcement that they moved up their quantum safe, deadline. There's been some scary postquantum security papers published in the past two months that we think Google's acting on.
Manu_Sporny: So we may want to have a little bit of that discussion. But maybe what would be good is for us to just get FPWDs for the data integrity version 11 one specs done and…
Manu_Sporny: then we can talk about what to do about the quantum safe thing. That's it.
Greg_Bernstein: So that means Manu,…
Greg_Bernstein: we would have to refactor documents ready to go.
Manu_Sporny: We can make a proposal and…
<Dave Longley> do we still need to move di-quantum-safe to w3c github space and should we also vote to do a FPWD when that's done?
Manu_Sporny: resolution that we're going to do it and…
Greg_Bernstein: Okay.
Manu_Sporny: then we can refactor. I don't know. I thought the refactoring had already been done if let me put it this way. It would be good for us to do an FPWD because we have to do that no matter what. And if the refactoring is in there, If it's not, and there's still some work that needs to be done, that's also fine.
Greg_Bernstein: Ivan's got his hand up.
Manu_Sporny: But let's get the FPWDs out, I guess, is what I'm trying to
Wesley_Smith: Please. Yeah.
Ivan_Herman: May I Wes?
Ivan_Herman: I have one sort of technical comments and then another which is more administrative. The technical thing that for the refactoring I am all in favor of it. So that's not the issue. But we had a slightly similar issue coming up. I may be wrong, but I believe it was on the that the render method task force was referring and using an algorithm which was in I think it was the ECDSA but I am maybe the EDDDSA.
Ivan_Herman: Dave will remember that I sume. so that was also then discussed that we should take it out and put it in some other place because it looks odd for a render method to refer to a crypto suit when it is not talking about crypto at all. So that should probably be done together unless what you propose Greg already covers that I don't know the technical details about all that. the other thing which is much more administrative I'm sorry but that's also my job. is it so officially that this task force will take care of the maintenance of the DI and the DIP spec and the crypto in general?
Ivan_Herman: It's But then I will have to add some things to make it sure for the task force description that this task force takes care of those as well as Okay.
Wesley_Smith: money.
Manu_Sporny: I believe the answer to that is that this group would handle maintenance and the quantum safe DI crypto suites. Yes, correct. Yeah. Yeah. everything all the DI specs this group as well as Marcus.
Ivan_Herman: That's fine with me. I didn't realize that. So, I will take care of that. I don't know this week.
Manu_Sporny: On your other point Avon plus one to what you're saying yes we have stable links to the 10 specs, right? So we're not going to destabilize anything by moving these things around. We're going to, all of the changes that we're talking about are in the new specs, not in the old specs.
<Benjamin_Young> it's in ECDSA
Manu_Sporny: So we're talking about one specs for all the maintenance specs and version 10's for the barcode and quantum safe specs. so I think that's fine and we can make those changes over time. I don't think there's any sequencing issues that we have right now. I will also mention that the VC barcode spec has a crypto suite in it as well and that is also weird. and we may want to move that into the data integrity ECDSA crypto suite,…
Manu_Sporny: but there's a kind of a question mark there around are we allowed to do that? I'm thinking probably but we should kind of talk about that in a future call. if we can't do it, then we just leave it in DC markets, so that's the fall back position.
Ivan_Herman: For once,…
<Benjamin_Young> specifically Data Integrity ECDSA Cryptosuites v1.1
Ivan_Herman: putting the administrative aspect aside for a moment. isn't there a danger that it will turn the DIP spec into a huge monster which will be very difficult to maintain and would it be an option we can see the administrative things later to have it as a nor separate document I don't know DI algorithm or whatnot I just
Ivan_Herman: don't remember now all the details and I don't know how much it will increase the size of the DI but the DI is already a pretty big one just wondering Mhm.
Wesley_Smith: Money.
Manu_Sporny: the stuff for so I think it'll be fine meaning the DIP spec I don't remember it the ECDSA one is big that's the big one right and…
Manu_Sporny: and we are talking about moving one of the big algorithms from ECDSA to the DIP spec spec. I don't think it'll be unwieldy. I think having yet another DI spec would be more unwieldy.
Ivan_Herman: Okay. Just
Manu_Sporny: The other thing we're talking about moving is the ECDSA signature algorithm from barcodes to the ECDSADI crypto suite. Meaning the algorithm in barcodes would move to the o The refactoring that Greg is talking about is moving the selective disclosure generalized algorithms into the core DI spec.
Manu_Sporny: So I think we're okay with the current specs that we have.
Ivan_Herman: There is an entry in the charter…
Manu_Sporny: The only question is the fairly esoteric one around are we allowed to move a crypto suite from a work item that we have adopted in the working group into a maintenance specification. up. Yeah,…
Ivan_Herman: which said we are allowed to touch the document when there's a security issue coming up and b I don't remember the exact formulation but when it is necessary for the newly adopted documents to be finalized or something of that amount.
Manu_Sporny: it's supportive of work that the group has taken on or something to that effect.
Ivan_Herman: Yes. …
Ivan_Herman: this is a bit of a borderline, but I don't think that it will be a big problem.
Wesley_Smith: Okay, thanks folks.
Wesley_Smith: Going back to the broader agenda were any of the points discussed about actions that need to be taken for the various data integrity works. Does anything need to happen today or is anybody hoping that things will happen today to that effect or is that in the near future?
Wesley_Smith: Okay.
Manu_Sporny: I think ideally we propose to publish the base data integrity spec in EDDDSA as version 1.1.1 First public working drafts.
Wesley_Smith: Greg, do you want me to handle this pushing the buttons?
Wesley_Smith: All Can you go ahead and drop me the links I need then in the chat? Dave, go ahead. Okay.
Dave Longley: I was going to wait until after. we should consider doing a proposal to also publish first public working draft of the quantum crypto safe suites once it's moved over from CCG.
Dave Longley: We could just do the vote, I would think. but there's still work that has to
Ivan_Herman: I would prefer to do that when it has been moved and…
Ivan_Herman: and pushed it into the bin at the working group level so to say. let's not push things. if people want to kick us in the backside and don't give them the possibility
Dave Longley: Okay.
Greg_Bernstein: I have a little pro u process right now. The 1.1 specs and the crypto suites haven't been changed much. You're saying we do this first public E1 ones even…
Wesley_Smith: Morning.
Greg_Bernstein: though they don't look that different from the ones. I'm trying to understand the process here.
Manu_Sporny: Yes, one can be an exact copy of the version 10 spec. All we're doing is we're kickstarting the W3C process so that we get them published. There is a clear announcement to the public we have started the 111 work. it kickstarts the patent and IPR commitment stuff. it kickstarts Akidna autopublishing. By doing an FPWD, we're like setting all of those things up. But the delta between the 10spec and…
Greg_Bernstein: That also helps.
Manu_Sporny: the 11 one can be zero, right?
Greg_Bernstein: Am I changing if I go start moving algorithms from one spec to another because that was part of the thing it's like I can start right out…
Wesley_Smith: Am I on?
Greg_Bernstein: but yeah it was like I can't mess with one so yeah okay if we have the one's official number
Ivan_Herman: Yeah. …
Ivan_Herman: if we decide to publish it quickly, then it's better to have a stability of the document, Greg. So, keep your horses and wait until it's published as I want one and then you can do whatever you want. but I put in a request with a document which is on GitHub. I don't want it to change until it is officially published.
<Manu_Sporny> Verifiable Credential Data Integrity 1.1 Data Integrity ECDSA Cryptosuites v1.1 Data Integrity EdDSA Cryptosuites v1.1
Greg_Bernstein: That sounds great. Yes. Yes. and…
Wesley_Smith: sounds good.
Wesley_Smith: All right.
Greg_Bernstein: I'm highly constrained as to what we can do under the charter.
Ivan_Herman: You can do everything you want on your machine. Just don't commit it.
Wesley_Smith: All right, sounds good. Couple things. Number one, I expect this is also a resolution that we want to be contingent on a similar resolution being passed by the full working group. number two, could somebody please give me the existing short names for the 1.0 versions of these specifications tell me if they should be different, but I expect they should be the same.
Ivan_Herman: Yes.
Wesley_Smith: And if they should be the same what they are. Okay.
Manu_Sporny: That was an excellent I totally forgot. we are going to need new short names of So VC data integrity-1.1 and then 1.1 and then 1.1. Those are the short names I think we want.
Wesley_Smith: There's a word missing in there. Specifications is missing. I'll run it back. Can I delete that or can I just ignore that? Okay.
Manu_Sporny: If it's editorial you can change it in the resolution.
Wesley_Smith: I'm only seeing about half the people voting. If we could get some more, plus ones, zeros if you don't know or don't care, minus ones if you do care, don't like it. All right, that's pretty close to the number of folks on the call.
<Manu_Sporny> vc-data-integrity-1.1 vc-di-ecdsa-1.1 vc-di-eddsa-1.1
Wesley_Smith: So I'm going to go ahead and call that resolved and Manu, we will roll this update into the existing update about the other resolution that needs to happen on the group call. What was missing? the word that was missing. Specifications 1 fresh. Okie do. Thanks folks. any other process stuff that needs to be done? if there is not other process work that needs to be done, I'd be happy to spend a little bit of the rest of our time today kind of doing a temp check on the VC barcode spec, talking about where I think it is, what I think we need to do with it, that sort of thing.
<Wesley_Smith> PROPOSAL: Publish the https://
Wesley_Smith: All right, hearing I will say some words about barcodes. I can share my screen as normal in these calls, It's recorded, but I can Okay, let me go ahead and do that. Can everyone see my screen? And also am I streaming the issues list of VC barcodes?
<Manu_Sporny> +1
Manu_Sporny: Yes. Yep.
<Elaine_Wooton> +1
<Wesley_Smith> +1
<Greg_Bernstein> +1
<Phillip Long> +1
Wesley_Smith: So I'll briefly talk about what issues are currently outstanding and what the delta is between what the issue list is and where we need to be as I understand it. And then Elaine you raised a couple of issues a few days ago.
<Ivan_Herman> +1
<Dave Longley> +1
Wesley_Smith: if you can briefly say a couple words about those issues and that sort of thing. So there are a handful of issues on the specification. most of them are small and editorial or they are sort of polished. So there are a lot of things like improve the examples and the test vectors and things like polishing extension points things like allow PDF47 barcode types beyond AMPA driver's license. Obviously we don't want to overly couple the design of the specification to our current use cases and so we want to make sure that we're providing the appropriate extension points and so on and so forth. these are fairly small.
<Benjamin_Young> +1
<Parth_Bhatt> +1
<Dave_Lehn> +1
Wesley_Smith: With that said, there are a couple items that will require a bit more work. some of which are what Elaine directly raised a couple of days ago. So, Elaine, do you want to briefly talk about this issue you raised about postquantum Yeah,…
Elaine_Wooton: That one I think we put in there because you and I talked about it, but obviously we need to either address it or it needs to be addressed somewhere else and referred to, right?
RESOLUTION: Publish the https://
Post-Quantum Hardening For VC Barcodes
Wesley_Smith: So, as Manu alluded to, quantum is coming. We have known this for a long time. signals from the research and industry communities seem to suggest that it is somewhat accelerating the pace at which we are approaching a cryptographically relevant quantum computer.
Wesley_Smith: And so I think it would be good for us to get at least some sort of postquantum hardening feature into the VC barcode spec before it is its V1.0. if it gets a recommendation and so on. But while we're developing the spec before it is standardized, we should at least get some sort of postquantum hardening in there. we've talked a little bit about what this might look like and I think we can actually usefully generalize the addition of such a feature to be not at all quantumspecific but instead be a fallback mechanism for defense against key compromise.
<Phil_Archer> (I'll remain neutral on such votes. Not that I don't care, I do, but those decisions are for the specialist task force members to make).
Wesley_Smith: And this key compromise might be in the form of quantum computers allow you to do forgery which is effectively a key compromise for digital signatures or it could be an actual key compromise right somebody breaks into some hardware enclave somehow and steals your key. So that is the only kind of major feature that I know of today that we probably want to work through and add in this group. Elaine, you also had raised an issue about adding privacy considerations. that's an excellent point. right now there's basically a hole in the specification where privacy considerations go and as you point out there are aspects unique to this particular medium that we need to talk about.
Wesley_Smith: you can read a barcode with a optical scanner or a powerful camera or something to that effect that you can't do with lots of the ways in which verifiable credentials are used. so that's sort of it. I think there's a fair amount of polish and updating. There is one major outstanding feature that we need to do some design and testing and implementation around which is how do we add an effective key compromise hardening mechanism. and then there's a lot of editorial stuff. sorry I've been tabbed out for a million years so I've missed hands.
Wesley_Smith: Elaine you have your hand up.
Elaine_Wooton: Yeah. …
Elaine_Wooton: I just want to add just part of the reason that I'm participating is that I've got a pretty idea what's going on, in the implementation zone for this stuff. And I'll tell you whenever I talk about any kind of barcode that's cryptographically signed, somebody in the audience says postquantum. So it's got to be in there because that's what people are interested in. and then the other issue that people always ask about is the privacy consideration. So obviously when you all worked on this before, you knew that was a gap that we needed to fill, but I'm just saying that's an issue for sort of regular people driving up to this spec. These are issues that they raise anyway.
Elaine_Wooton: So we need to address them.
Wesley_Smith: Yeah, heard and…
Wesley_Smith: your perspective coming from those communities is really useful as we put this spec together. Manu, go ahead.
Privacy And Security Considerations Guidance
Manu_Sporny: Yeah, plus one on that. a couple of random thoughts. I'll start with the privacy considerations So Phil Avon, this may be a question we want to raise on the main call. I specifically wrote the security group and ping and I was like I thought we were doing threat models. Now, we're just going to do a threat model and we're going to say and point the privacy and security considerations section over to the threat model which is supposed to cover the privacy and security considerations for the system. and Simone and I went back and forth a number of times. I asked the question, I feel like in three different ways, and I'm not getting a clear answer back.
Manu_Sporny: I thought the new specs we were doing could only have a threat modeling section in it and it would address privacy considerations and security considerations. but what I got back was you could do it in a whole bunch of different ways which is not the type of guidance we want. I don't know if we need to find out are we the worst possible answer that could be provided to us is no you are now doing a threat model and you're doing a privacy consideration section and you're doing a security consideration section at which point I'm kind of like those are duplicative of each other. I don't know what we're doing.
Manu_Sporny: I don't know what the whole purpose of, W3C going with threat modeling was if we're adding that as yet another thing we have to produce. I think we can answer all the questions with the threat modeling section. I think it is the right direction for W3C to take. I would like the VC working group at this point to ask officially to the security group and the privacy group, you need to tell us exactly what you want because we're getting ready to do a lot of work and we don't want to do the work and then have to throw it out. That's it.
Wesley_Smith: Greg, you have your hand up.
Greg_Bernstein: the updated quantum safe spec. I made sure I links of signature are shopping for a post cryptography signature. You can look at the di size of those keys and signatures and the bill. And you can also see which ones are more for Very nice small signatures, but one of the less mature one, MLDDSA and things like that. so it includes that information so it's easier for people to find.
Wesley_Smith: Okay. Thanks. You had some audio issues, but I think I caught the gist of what you were saying. fail you have your hand up.
Phil_Archer: Yes,…
Phil_Archer: thank I just want to respond to Manu. I don't know the answer to your question, and Ivan hasn't put his hand up, but suggests he hasn't got a clear idea either. It's possible Brent does know, but what I'm going to suggest next time I speak to Brent is that we invite Simony to one of our calls and he answers you directly and gives us a clear answer. Would that be okay?
Phil_Archer: Okay, that's Yes,…
Wesley_Smith: That's a great idea and…
Wesley_Smith: it also removes the need for my next question which is what we're actually going to do about that. So you are handling inviting Simone to one of Excellent.
Phil_Archer: I will. Yeah, sure.
Wesley_Smith: Thank you very much l. I'm down deep in the call stack again. What are we talking about? we were talking about VC barcodes. Man, you raised the general point regarding privacy and security considerations that we need to formalize exactly what that needs to look like in these specifications. Okay, I think that's all outstanding points resolved. I have gone over the discussion I wanted to have about the sort of temp check for VC barcodes. what do these calls wrap up at 5 minutes to the hour or on the hour?
Manu_Sporny: your prerogative, but usually five tilts.
Wesley_Smith: All so Greg, I will hand it over to you. Do you got three to five minutes? Do you want to say anything else about the specifications that you're working on?
Wesley_Smith: What needs to be done? Anything like that?
Greg_Bernstein: Yes. on the DI quantum safe,…
Greg_Bernstein: please take it's been uped extensively. It's got a lot more helpful information and it's got a full suite of effects that nobody else has checked against yet. It also has spies refactored way of e of the algorithms that may be helpful in others.
Greg_Bernstein: I am currently working on the privacy and security consideration sections and u some of that's similar to what happened with EDDDS extented features security features a list of topics and things like that and that's about it. I will get a microphone.
Wesley_Smith: Man, go ahead.
Ivan_Herman: I'm sorry,…
Ivan_Herman: Greg. I just
Manu_Sporny: Yeah, Greg,…
Manu_Sporny: it sounds more like a network stack issue to me, you're dropping packets. not necessarily audio hardware, but we're all guessing. on the quantum safe crypto suite. we remember it's the CCG work item still. We have no authority over that document until it's handed over to us. I think we should accelerate the handover process. plus one Greg asked people should look at it and review it. Greg's done a bunch of really good work lately just updating test vectors and becoming really clear about all of these things.
<Greg_Bernstein> The DI-Quantum-Safe spec now has key sizes and signatures lengths explicitly listed for ease of use.
Manu_Sporny: But we need to make a decision on whether or not we want to pull that work into this group sooner than later given the new postquantum time frame. I would suggest we pull it in so that we just signal very clearly, hey, we're working on this nobody needs to freak out. We're aware of the timeline and we've got some good solutions already in place. I will also mention that the barcode postquantum signature thing is not as simple as it sounds. even if we use the smallest postquantum signature on the driver's license solution it will not work for the size constraints that we have.
Manu_Sporny: We have to basically fit the entire verifiable credential including digital signature in something like Wes correct me if I'm wrong here but 145 to 185 bytesish and so we need a different kind of solution for it what Wes mentioned we have a solution we have a design for a solution and it doesn't use bleeding edge new cryptography or anything like that but we shouldn't think that the quantum safe crypto suite solution is going to work for every barcode. It'll work for some of them, but not for all of them. but sorry, going back to the original, I think we should pull in the quantum safe thing. Maybe during the next meeting and the meeting after that, we make a resolution and I think that might be something that the main group needs to make a resolution on. that's
Wesley_Smith: Avon, your hand up.
Ivan_Herman: Yeah, I'm more back to the administrative things or…
Ivan_Herman: partially. First of all, I have made a screen dump of this call and I will put everybody who is on the call on the task force list so you can assure it will happen. I have a question to Greg. what is the status of Because we have as part of the charter the point of finalizing whenever BBS is ready.
Ivan_Herman: And I get questions sometimes that I don't have an answer on what's going on with that.
Greg_Bernstein: I'm going to Try talking here.
Greg_Bernstein: You can hear PBS. We are waiting for CFR C panel review to finalize.
Greg_Bernstein: We are updating the extra specs that provide some of the extra features we want. So we are waiting for essentially.
Ivan_Herman: So that's the status I always answer and…
Ivan_Herman: I am not wrong. Okay. that's good.
Wesley_Smith: All we are about out of time folks. Thank you all for being here. and looking forward to getting into some of these work items in earnest. I will see you all next time.
Elaine_Wooton: Thanks. Bye.
Wesley_Smith: Yeah, thanks. Manu, any buttons I need to press to end the call?
Manu_Sporny: Nope. It's all automatic.
Wesley_Smith: All right. Thanks so much, folks. Talk to you next week. Meeting ended after 00:59:17 👋 This editable transcript was computer generated and might contain errors. People can also change the text after it was created.
<Phil_Archer> Need to drop. Speak tomorrow
<Greg_Bernstein> Sorry. See the revised quantum safe spec! Working on security/privacy section.
<Greg_Bernstein> Note that ML-DSA and SLH-DSA are FIPS specs now.
<Greg_Bernstein> Yikes
<Wesley_Smith> I'll speak more to what post-quantum solutions for vc-barcodes might look like next time :)
<Greg_Bernstein> Waiting for CFRG at IETF