Wenjing Chu 

Wenjing shared screenshot #1 about the advances being made with HPKE that would add support for PQC. 

Samuel Smith agreed that this helps illustrate the growing interest in PQC. He noted that they do not support authenticated modes because they are only needed if you don't sign.

Jacques Latour asked about whether this applied to a digital signature outside of the TSP. Sam clarified that the TSP only deals with authenticity, confidentiality, and metadata privacy in the TSP protocol.

Sam mentioned that the HPKE report mentions key compromise impersonation attacks. HPKE provides no protection from impersonation by the party with whom you are connecting with. So you need to combine the verification of the VID with the TSP.

This emphasizes the importance of VID verification as a critical first step BEFORE using the TSP with the VID. Sam gave the example of Signal being hacked (twice) not by breaking the encryption, but by impersonation of a phone number.

Drummond Reed: As a side note, relative to the question of authenticated mode, this thread started last week by a group of cryptographers in the EU in response to the EU Architecture Reference Framework (ARF) is fascinating: https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/issues/200

Samuel Smith Drummond Reed 

This was a topic at DICE raised by Jan Christoph Ebersbach (known as "JC"). See this Github Gist page.

The opportunity we have is to combine our efforts on VID Appraisability Framework with JC's (tentatively to start at DIF) and Mirko Mollik's work at OWF.

The opportunity we have is to combine our efforts on VID Appraisability Framework with JC's (tentatively to start at DIF) and Mirko Mollik's work at OWF.

JC said the work began at IIW, where he was interested in did:web and did:tdw, but he wanted to understand the different security aspects of cryptographically verifiable identifiers. So at the DIF ID Working Group, JC started to put together a taxonomy of traits of these identifiers.

He noted that the purpose is not necessarily to provide specific security guidance/recommendations, but to at least describe the different options in a consistent way, and then help implementers choose a VID that meets their specific needs.

JC said that, in the session at DICE, we discovered that, besides the DIF effort, Mirko was also working on this in the Credential Formats SIG at OWF, and that we were working on VID appraisability frameworks here in the TSPTF.

JC was very interested in combining our efforts to just help us get to the goal faster and more comprehensively.

Sam explained that the term "appraisability" that we are using here at ToIP comes from the Trusted Computing Group definition of appraisability of security risks. It covers both static and dynamic risk assessment. At the TCG work, the term appraisability when applied to dynamic risks means that you have done a real-time appraisal of the risk assessment. So Sam suggests we should not use the term "appraisal" or "appraisability" unless it is a subset of dynamic risk assessment. 

Darrell said that he was very grateful for JC's work.

Mirko pointed out that there is no perfect solution, so the more information is going to be very helpful.

Markus pointed out that this work appears closely related to the DID Rubric work that was part of the W3C DID Core Working Group. That was meant to consider all the different dimensions of DIDs that could be relevant to the selection of a DID method. This Identifier Traits gist looks similar to that for identifiers.

JC acknowledged that the DID Rubric was discussed in the Identifier Traits session at DICE, and also that some parts of it does apply to Identifier Traits (the Rubric was one of JC's starting points). However JC's main focus was on a list of traits/features.

Sam pointed out that this list of traits would be contribute nicely to a static risk assessment. That would be step one in a security architecture. The counterpart is dynamic risk assessment, which can detect real-time attacks before damage is done to the attacked party. The latter—being able to detect dynamic appraisability— is the primary innovation of KERI architecture.

Drummond summarized that static risk assessment based on identifier traits should be combined with dynamic risk assessment. He thanked JC and Mirko for attending and said he looks forward to working with both of them on Identifier Traits and being able to use that in conjunction with our work here on dynamic risk assessment with appraisability frameworks.

ACTION: Drummond Reed to put on the agenda of the next TSPTF meeting the topic of Samuel Smith giving a full-length example of how dynamic risk assessment works using KERI.