Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address what is stored on the ledger #335

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Address what is stored on the ledger #335

wants to merge 1 commit into from

Conversation

SteveLasker
Copy link
Collaborator

Fixes #329

SteveLasker added a commit that referenced this pull request Dec 23, 2024
@SteveLasker
Remove content covered in PR #335
08e711c 
Signed-off-by: steve lasker <[email protected]>
aj-stein
aj-stein suggested changes Jan 14, 2025
View reviewed changes
draft-ietf-scitt-architecture.md
Comment on lines +561 to +562
The Append-only Log is the verifiable data structure that records integrity protection of the registered Signed Statements and supports the production of Receipts.
Transparency Services may provide ancillary services to store the contents of the Signed Statement, however the Append-only Log does not store the Signed Statement contents avoiding concerns of persisting personally identifiable information.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I hope this is constructive, I apologize, it will be a longer comment and I cannot recommend surgical edits. I would hope that the WG, if we want to address #329, should be able to break down the requirements into the following, for clarity.

  • What MUST a TS store in the ledger?
  • What MAY at TS store in the ledger?
  • What MUST NOT a TS store in the ledger?

As it stands, we are making progress in that direction, but it is written in prose form that is not liek the specification style we would need here in my opinion. Doing so would improve the ability for implementers to act on it.

Additionally, regarding "does not store the Signed Statement contents avoiding concerns of persisting personally identifiable information," it does not follow logically to me without further explanation, but that is probably best to avoid. Can it only be in the Signed Statement? Is PII the only concern, and not other forms of confidential information, why? (I recall some of the backstory here, but it is not explained at all in the text and I think that detracts from the value of writing it there in the first place.)

And a final concluding remark: "storing on ledger" is a murky concept and this change at the present time does not actually define what is being stored or how beyond the notion of VDS. To go back to my original 3-part question, I would argue we need to address that in this part or I am not sure if this addition will be constructive to implementers. I hope that feedback is helpful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aj-stein aj-stein aj-stein requested changes

@henkbirkholz henkbirkholz Awaiting requested review from henkbirkholz henkbirkholz is a code owner

@ad-l ad-l Awaiting requested review from ad-l ad-l is a code owner

@fournet fournet Awaiting requested review from fournet fournet is a code owner

@yogeshbdeshpande yogeshbdeshpande Awaiting requested review from yogeshbdeshpande yogeshbdeshpande is a code owner

@JAG-UK JAG-UK Awaiting requested review from JAG-UK JAG-UK is a code owner

@OR13 OR13 Awaiting requested review from OR13 OR13 is a code owner

@aj-stein-nist aj-stein-nist Awaiting requested review from aj-stein-nist aj-stein-nist is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Draft 11 - SECDIR Review IETF 122
Development

Successfully merging this pull request may close these issues.

Clarify what is stored on the ledger
2 participants
@SteveLasker @aj-stein