Replies: 8 comments 27 replies
-
Question: To what extent should the spec(s) that we write be opinionated about what constitutes "good" trust? Justification for including this question on the list: Wenjing suggested that we should only expose and communicate clearly about whatever trust already existed in a given trust domain -- not try to create new trust of any kind. Sam has taken the opposite tack, suggesting that systems that do not provide certain trust guarantees are not appropriate foundations at all. Seems like an issue ripe for fertile debate. |
Beta Was this translation helpful? Give feedback.
-
Question: What kind of adoption costs are we willing to impose on which different groups who are considering implementing or deploying support for TSP? Justification: Whether something is easy to adopt will depend on who is doing the work, and how close they are to compatibility with our mental models and techniques. Not all possible adopters are equally valuable. Knowing whether we want to have theoretical excellence and long-term robustness versus easy agreement and casual usage in the short term will help us make more informed tradeoffs. |
Beta Was this translation helpful? Give feedback.
-
Question: What is the timeframe over which our design should be evaluated for optimum goodness? Justification: A design that is really good today but that falls apart when NIST's quantum recommendations are finalized is obviously a bad choice. Do we think we'll be writing a spec for 2 years, then doing implementations for 5, then seeing benefits in a decade -- or are we imagining a much quicker payback? |
Beta Was this translation helpful? Give feedback.
-
Question: To what extent should we bind the tech to specific algorithms, versus defining logical interfaces that can be swapped in and out? Justification: Wenjing proposed a very flexible model that would allow a lot of plugins and have less strong opinions about which ones are better, I think Sam and I and Michael are imagining being a bit more opinionated -- but I could be wrong. I am not super wedded to my first assumption. It just seems to me that whichever answer you choose, there are tradeoffs -- so I would like to make the tradeoffs knowing where we come down on this question. |
Beta Was this translation helpful? Give feedback.
-
Question: Are non-technical requirements valid? If so, how do we decide which ones to accept? Justification: Some requirements that are not technical include things like power dynamics, whether a spec is likely to "sell" well to a particular audience, whether we are framing things in a way that is likely to ease is standardization, when and where we intend to standardize outside ToIP, cost to implement, time to implement, endorsements by legal jurisdictions, endorsements by academic or cryptographic communities, etc. |
Beta Was this translation helpful? Give feedback.
-
Question: Do we want a set of use cases that help us decide what is in and out of scope? Justification: I feel like "trust" is an incredibly broad, ambiguous, and charged word. I really appreciated Wenjing's careful attempt to narrow the focus of TSP. I agree with his conceptual boundaries, but I wonder if concrete examples would help a lot. |
Beta Was this translation helpful? Give feedback.
-
Question: What are the participants in this protocol -- systems or identity owners? Is it: "Alice sends a message to Bob" -- or "Alice's device 2 sends a message to Bob's device 3"? Justification: Sam and Wenjing both talk in terms of systems being the source and destination. I don't think that maps onto identity correctly; Alice wants to send to Bob without regard to his devices. The scope of identifiers is identities, not their devices. I'm not sure where Michael comes down on this. I suspect our whole community could benefit from exploring this question carefully. |
Beta Was this translation helpful? Give feedback.
-
Question: What assumptions do we want to make about the SETUP of a TSP-facilitated channel? (Out-of-band vs. in-band, one-way vs. two-way, what guarantees must we provide, etc.) Justification: Making assumptions about setup without stating them explicitly is going to lead to a lot of confusion. Further, I think a lot of the imperfections in our current alignment are actually caused by different setup assumptions and priorities. |
Beta Was this translation helpful? Give feedback.
-
This is an attempt to distill, from all 4 of the proposals we've seen so far, important points where there is not yet alignment about the framing of the problem -- that is, proper scope, legitimate versus unreasonable requirements, etc. I don't want to discuss and resolve the questions here -- only capture them carefully so we have a list that will serve as fodder for the next stage of our TF's work.
Discussions are organized by an overarching theme, then by individual posts that can have clusters of replies. I suggest we use individual posts in this discussion to propose a single question, and let the replies suggest refinements or reasons why the question should be split / abandoned / rephrased / ignored. But let's NOT try to answer the questions here -- only list them.
Beta Was this translation helpful? Give feedback.
All reactions