Closed fournet closed 9 months ago
NEW (during WG discussion):
OLD (I really missed the topic here, nvm):
The SCITT architecture highlight in Section 1:
A Statements payload content MAY be encrypted and opaque to the Transparency Services, if so desired: however the metadata MUST be transparent in order to warrant trust for later processing.
Following this language, this type of reference would be a... non-opaque
statement. A statement that MUST be transparent and that has a well-known (standardized CBOR) structure
, maybe?.
Take a look at:
Lots on inspiration there... see also:
??? What is the point of this specification? Minimizing interoperability while maximizing complexity?
@cabo string encodings for this table: https://github.com/multiformats/multicodec/blob/master/table.csv
notice the hash functions, public keys, and other "binary types", they get a byte prefix that is uvarint, and then they get a byte prefix for base encoding, such as base64url, base64, base32, base16, base2, base8, base32hex, base32z, base58btc, base58flickr, base64pad.... and of course my favorite: base256emoji
I am removing myself from this issue, I don't believe it is actionable.
A simpler and more direct issue should be raised.
The new issue, should describe spec text suggestions only.
For example:
Closing this issue as it's a bit dated as the terminology has evolved a bit, and we've had subsequent PRs to clarify portions. @fournet, please open new issues to the remaining gaps.
This issue summarizes discussions so far on references between transparent statements---see also slide 22 at the last IETF SCITT session. I am using "reference" below but identifier or URL may be better.
Motivation: We need a standard way to refer to previously-registered statements. In particular, references to transparent statements may be included in new statements (in headers or payloads or receipts) to point, for example, to a policy statement, to some keying information, to a prior statement it replaces on a given stream, or to statements for artifacts it depends on in the supply chain.
Goals:
Syntax: references include both a locator and a commitment. Concretely, we may use DID URLs of the form
did:web:ts.software.org/42&digest=4ce2320130450...
where
42
is the serial registration index in the log of this TS anddigest
is the SHA256 hash of the transparent statement.We may provide a more compact format by making the DID optional for local references within a TS, and making the digest optional when the transparent statement is attached.
We may even just use the raw digest
4ce2320130450
as an opaque identifier (since the hash already authenticates the locator) and separately deal with locators.Discoverability The TS, or an auxiliary database of transparent claims, may support transparent-statement lookups given their reference. This auxiliary lookup service is not a requirement (random access is hard to guarantee) and it need not be trusted (since clients can easily verify the receipt of the resulting transparent statement against their reference). Alternatively, a transparent statement may be distributed together with supporting transparent statements it refers to. This facilitates offline verification and auditing but is more verbose. Or it may include auxiliary headers to help retrieve the supporting statements from any other location.
Open issues:
A TS may produce multiple receipts for the same registered statement, hence multiple commitments with different digests. We could simply ignore the problem, and assume the “primary” receipt is the first one produced by the TS. We could also provide flexibility, using something of the form
did:web:ts.software.org/42®istered=SHA256(signed statement)&digest=SHA256(receipt)
digest-sha256=...
for agility; we also argued about a TS federating multiple logs, in which case we may need more than a serial registration index.