Jonathan Holt: Scribe+ jonathan_holt ✪

Jonathan Holt: Dee: I am in the payments and blockchain industry. glad to be here. ✪

Jonathan Holt: ?Akin: involved in DCreds blockchain, contributor to chain link. & Deco ✪

Jonathan Holt: Marty: food track and trace. Interested in decision science. ✪

Jonathan Holt: ?Brian: from ? and interested in ? sorry, missed the details. Please add. ✪

Wayne Chang: IIW coming soon in a few weeks. Excellent source of info for ID. [scribe assist by Jonathan Holt] ✪

Kaliya Young: Hi - I help run IIW and we are committed to accessibility if you need help to be able attend please reach out. ✪

Kim Hamilton Duffy: TPAC meeting is next week. Overview of what we have done and highlights of accomplishments and what we are up to. encourage you to join. [scribe assist by Jonathan Holt] ✪

Wayne Chang: Kaylia will help if interested in IIW. [scribe assist by Jonathan Holt] ✪

Wayne Chang: Github filter link. first issue is regarding Jitsi [scribe assist by Jonathan Holt] ✪

Kim Hamilton Duffy: Chairs have been discussing problems [scribe assist by Jonathan Holt] ✪

Manu Sporny: From a tech perspective with Jitsi. we believe we hit stability last week by giving more CPU power. [scribe assist by Jonathan Holt] ✪

Jonathan Holt: ... The machine is keeping up. my hope is we hold 4 meetings and go into the next leg and Jitsi become self-aware and become our AI overlord ✪

Jonathan Holt: ... We could allow other sub-groups to use it, DID education, LD-security, DIF, and span out with auto-scribe, scribe selection. thank you everyone for sticking with it. next, what are the next priorities. ✪

Heather Vescent: https://www.surveymonkey.com/r/JXHKBJ7 ✪

Heather Vescent: Shout out to the survey which has the option to get feedback regarding Jitsi, as well as participants and process moving forward. Regarding interrupt with the minutes as we are re-tooling. Last week we got good minutes. if you want updates for the last month, reach out the the chairs. [scribe assist by Jonathan Holt] ✪

Heather Vescent: Here's the survey: https://www.surveymonkey.com/r/JXHKBJ7 Please take it! ✪

Kim Hamilton Duffy: Feedback from what the chairs discussed last week. we were supposed to migrate the publishing of minutes. concern is that there are some lingering issues. given we aren't auto-publishing the minutes. we have given ourself a deadline to fix. there was some lack of clarity who would step up and what the status is. the risk is at the end of the month we might need options to reach parity. Chairs will discuss Thursday and will be [scribe assist by Jonathan Holt] ✪

Jonathan Holt: Reaching out for help. ✪

Wayne Chang: If you are interested in updating some scripts please reach out. [scribe assist by Jonathan Holt] ✪

Manu Sporny: I'm a bit dismayed to hear that. we publish the logs. I'll take a look and try to fix. [scribe assist by Jonathan Holt] ✪

Wayne Chang: I'm interested in looking at the scripts and attempt to fix as well. [scribe assist by Jonathan Holt] ✪

Wayne Chang: Regarding proposed work item. [scribe assist by Jonathan Holt] ✪

Orie Steele: I've introduced this item before. regarding vocubulary associated with supply chain proof of origin credential. i.e. steel, food, timber, etc. [scribe assist by Jonathan Holt] ✪

Heather Vescent: No, Fan has not started. ✪

Heather Vescent: We are doing regular meeting business, almost done with it. ✪

Heather Vescent: When we are done with this item. ✪

Jonathan Holt: ... This vocabulary supports chemistry ontologies, testing of traded goods as the move across borders. it attempt to use common terms across use-cases. ✪

Wayne Chang: My comments as chair. we require at least 2 persons to contribute. [scribe assist by Jonathan Holt] ✪

Orie Steele: Is it OK for me to more to CCG repo? [scribe assist by Jonathan Holt] ✪

Manu Sporny: +1 To move repository to CCG repository. ✪

Jonathan Holt: S/more/move ✪

Wayne Chang: Heather, kim your thoughts? [scribe assist by Jonathan Holt] ✪

Kim Hamilton Duffy: We need a bit more administrative bits, and chairs can update. [scribe assist by Jonathan Holt] ✪

Orie Steele: It is possible that I already updated the boilerplate stuff. [scribe assist by Jonathan Holt] ✪

Kim Hamilton Duffy: I'll check it out. [scribe assist by Jonathan Holt] ✪

Heather Vescent: Let's look as chairs and circle back. [scribe assist by Jonathan Holt] ✪

Kim Hamilton Duffy: This is the LICENSE: https://github.com/w3c-ccg/vc-ed-models/blob/main/LICENSE.md ✪

Wayne Chang: Topic main event. [scribe assist by Jonathan Holt] ✪

Phil Archer: No ✪

Wayne Chang: Fanz is an author of Deco and allows a user to prove data via TLS. such as bank account with Zkp and maintaining privacy. [scribe assist by Jonathan Holt] ✪

Juan Caballero: Same ✪

Juan Caballero: Nah ✪

Phil Archer: No ✪

Juan Caballero: Still nah ✪

Joe Andrieu: Apologies, my system is failing to stay connected to Jitsi. Will try another browser. ✪

Joe Andrieu: No ✪

Phil Archer: Nothing is being displayed. ✪

Juan Caballero: You're pointing a mirror at a mirror :D ✪

Joe Andrieu: Now we can, showing a jitsi page ✪

Juan Caballero: Yay! ✪

Jonathan Holt: Fanz: let get started. I am a security researcher. previously at Cornell. ✪

Jonathan Holt: ... How to change any TLS web page into a verifiable claim. ✪

Jonathan Holt: ... Why do we care? The current one sucks. ✪

Jonathan Holt: ... Many of use have experience with cryptocurrency. the first thing you do is the know your customer experience with presenting your face to web-cam. ✪

Jonathan Holt: ... Demos how to present yourself with ID. ✪

Jonathan Holt: ... The point of ID verification is a burdening process. Verification system is not keeping up with our digital life. ✪

Jonathan Holt: ... This is also prone to potential fraud. Decentralized ID is promising solution with users controlling their identity. ✪

Jonathan Holt: ... In DID systems, each individual has public/private keys and credential bond to public key ID. ✪

Jonathan Holt: ... Alice can use private key to prove ownership of identity including with the use of Zero knowledge proofs. ✪

Jonathan Holt: ... DID has many benefits, reduce fraud, good for enterprise reducing risk of storing PII. ✪

Jonathan Holt: ... How do we get there? ✪

Jonathan Holt: .. Many groups including here are bringing this to reality. however, after reviewing several DID standards some details got swept under the rug. ✪

Jonathan Holt: ... This talk i'm going to focus on the boot-strap problem. ✪

Jonathan Holt: ... Using DMV as a case, ✪

Jonathan Holt: ... Many additional problems, unlikely that issuers will join this ecosystem. ✪

Jonathan Holt: ... Conversely, the eco-system will not mature unless issuers join. Classic chicken and egg. ✪

Joe Andrieu: Can you take over? [scribe assist by Jonathan Holt] ✪

Joe Andrieu: I can ✪

Joe Andrieu: Scribe+ ✪

Joe Andrieu: Fanz: the challenge is how to we prove over the Internet that the web page contains a legitimate proof that Alice is over 18 ✪

Joe Andrieu: ... Option 1: alice could send a screen shot ✪

Joe Andrieu: ... But these are easily tampered with, even though widely used in practice ✪

Joe Andrieu: ... Another option is that Alice could send her password and the recipient can check themselve ✪

Joe Andrieu: ... This only works if the password is one-time use to just read the information intended. ✪

Joe Andrieu: ... That's almost never the case ✪

Joe Andrieu: ... Option 3: use TLS ✪

Joe Andrieu: ... When visiting TLS secured sites, browsers and websites automatically secure the interaction ✪

Joe Andrieu: ... Unfortunately TLS doesn't give us the cryptographic property we need ✪

Joe Andrieu: ... The problem is that TLS doesn't sign the data ✪

Joe Andrieu: ... The certificate is only used to bootstrap the channel ✪

Joe Andrieu: ... This means that for bob the "chat log" is no better than a screenshot ✪

Joe Andrieu: ... It's trivial for Alice to change the log she saved ✪

Joe Andrieu: ... Solution 1: change servers to be DID friendly ✪

Joe Andrieu: ... Servers already have certificates (for TLS), they can sign if they choose to, using that ✪

Joe Andrieu: ... Drawback: this requires a lot of changes in infrastructure ✪

Joe Andrieu: ... Back to square one ✪

Joe Andrieu: ... Solution 2: work with existing servers: prove statements about TLS data without any modifications to the server ✪

Joe Andrieu: ... That's our goal ✪

Joe Andrieu: ... (Which does seem to conflict with earlier statement of limits of TLS) ✪

Joe Andrieu: ... This is the magic of Deco ✪

Joe Andrieu: ... The session key established with the server is split between the prover and the verifier ✪

Joe Andrieu: ... The crux is that the prover does not have the full key and can't forge data ✪

Joe Andrieu: ... This is done with a 3-party handshake that shares the appropriate secrets between parties ✪

Joe Andrieu: ... This is the main idea of Deco ✪

Moses Ma: Can someone repost the URL for the slides? Thanks! ✪

Dmitri Zagidulin: How does splitting the key help? [scribe assist by Joe Andrieu] ✪

Joe Andrieu: Fanz: the problem before was that the prover had the same key and then could forge a signed statement ✪

Joe Andrieu: ... But when you split the key, only the server has the full key ✪

Joe Andrieu: ... So the prover cannot generate a false signature ✪

Joe Andrieu: ... After the handshake that establishes the split key, Alice & Bob use the key in a secure manner and Alice can prove things to Bob, all transparent to the server ✪

Joe Andrieu: ... The server just sees a regular TLS session ✪

Joe Andrieu: ... Our work on "CanDID" will be reviewed at IIW ✪

Joe Andrieu: ... CanDID is based on a committee, which assumes k-out-of-n are honest ✪

Joe Andrieu: ... Committee stores secrets and verifies proofs ✪

Joe Andrieu: .. So, if a user wants to issues a credential (from the committee) about, for example, her age ✪

Joe Andrieu: ... The user performs the handshake with committee members ✪

Joe Andrieu: ... After members of the committee independently verify her age, the committee as a group issues a signed satement about her age ✪

Joe Andrieu: ... The committee only learns attested data ✪

Joe Andrieu: ... We can use zero knowledge proofs for that ✪

Joe Andrieu: ... Https://deco.works for more info ✪

Joe Andrieu: ... Https://eprint.iacr.org/2020/934 for the paper, accepted to IEEE S&P 2021 ✪

Kim Hamilton Duffy: Sergey, good question -- can you queue yourself to ask? ✪

Jonathan Holt: https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses-09 ✪

Jonathan Holt: There is SGX from Google which is a signed response, which does something similar [scribe assist by Joe Andrieu] ✪

Joe Andrieu: ... Single handshake exchange of data. What are you thoughts about overlap? ✪

Joe Andrieu: Fanz: the one I am familiar with is about http signing. ✪

Joe Andrieu: ... Those solutions are a promising direction to go. the challenge is that this needs changes at the server side ✪

Joe Andrieu: ... This is a big adoption barrier ✪

Joe Andrieu: ... Our goal is to be able to do this with existing servers without changes ✪

Joe Andrieu: ... Google's solution is nice, similar to OpenID Connect, but needs changing the server ✪

Adrian Gropper: I've proposed a solution to this bootstrap problem using a notary instead of a committee. Would you consider that a valid use of Deco? [scribe assist by Joe Andrieu] ✪

Joe Andrieu: ... The notary has to install the new technology. The verifier and Alice both choose to trust the notary, and Deco would be the technology embedded along with the other credential management, but without a committee ✪

Joe Andrieu: Fanz: that's correct. The notary is just a committee of size one. ✪

Joe Andrieu: ... So as long as Alice & Bob trust the notary, it works ✪

Joe Andrieu: ... Note also that the committee does additional things, such as storing secrets. ✪

Joe Andrieu: ... When that is distributed it has some security and privacy enhancements ✪

Ryan Grant: Can Alice send post data without a functional key on the TLS channel? [scribe assist by Joe Andrieu] ✪

Joe Andrieu: Fanz: Yes. The protocol on top of TLS doesn't matter. TLS is still fully functional ✪

Manu Sporny: I don't understand how the actual signed statement actually gets over to the verifier [scribe assist by Joe Andrieu] ✪

Joe Andrieu: ... E.g., using the Deco protocol, I end up at the SSA said which asserts age. How is the ZKP for that value... how is that statement sent back to the verifier? ✪

Joe Andrieu: ... Typically we'd use a VC for that, but you seem to be suggesting something else ✪

Brent Zundel: And how is the information associated with the holder in a verifiable way? ✪

Joe Andrieu: Fanz: Good question ✪

Joe Andrieu: ... The relying party in the CanDID statement is not the committee. ✪

Joe Andrieu: ... The verifier gets the statement from the committee ✪

Kim Hamilton Duffy: It looks like Chainlink acquired DECO ✪

Joe Andrieu: ... The committee members reach a consensus and then generate a new credential which can be used by Alice ✪

Manu Sporny: How does the committee become convinced? [scribe assist by Joe Andrieu] ✪

Joe Andrieu: Fanz: they committee is participating in Deco. They can tell that the data comes from SSA. They can see the data directly and verify that it is derived from the web page. ✪

Joe Andrieu: ... It is as if they are looking at Alice's profile at SSA without the password. ✪

Manu Sporny: Basically a cryptographic screen sharing [scribe assist by Joe Andrieu] ✪

Joe Andrieu: Fanz: exactly. cryptographic tamper proof AND also ZKP for minimal disclosure ✪

Juan Caballero: Wait a literal screenshot or the HTML of the displayed page??? ✪

Wayne Chang: Thanks, Fan! [scribe assist by Joe Andrieu] ✪

Heather Vescent: Thanks manu. I'm already gone actually ✪