IETF SCITT relation

[simon-friedberger]

Since I didn't see it on the TPAC list of related work: https://datatracker.ietf.org/group/scitt/about/ This is quite a bit more generic but might be a good way to solve the problem for source code/web content. The trust model may be more complicated for the web but a fairly similar use case would be https://www.ietf.org/archive/id/draft-ietf-scitt-software-use-cases-01.html#name-firmware-delivery-to-large-

[twiss]

Right, I definitely agree it's very related and could potentially work for this use case as well :+1: In particular it would be worth checking whether the architecture described at https://www.ietf.org/archive/id/draft-ietf-scitt-architecture-02.html is sufficient for our use case. I'll have to look into that, but if you or anyone else wants to weigh in that'd be welcome too :)

[OR13]

I'm interested in exploring a small PoC for this.

We've also looked at persisting the transparency log in indexdb.

[SteveLasker]

Providing some links for the latest version of the docs, and where to find the latest:

• Architecture:
  • datatracker: https://datatracker.ietf.org/doc/draft-ietf-scitt-architecture/
  • latest: https://www.ietf.org/archive/id/draft-ietf-scitt-architecture-04.html
• Use Cases:
  • datatracker: https://datatracker.ietf.org/doc/draft-ietf-scitt-software-use-cases/
  • latest doc: https://www.ietf.org/archive/id/draft-ietf-scitt-software-use-cases-02.html