...
- Mark K: Line 1157 "However, there appear to be two solutions: anything or “two-factor” authentication". What "anything" means?, he believes a word is missing.
- Mark K: Lines 624-626 "Two major forms of digital signatures are DSA and PKI. However, Merkle signatures schemes are often used for blockchain protection against change". This is confusing.
- IAWG agreed that it seems like a lot of theory that hasn't been thought through and in a coherent matter.
- Richard pointed out that the practices have not been adopted by service providers, it seems impractical to meet a pseudo normative standard based on a theoretical paper.
63B_SAC issues
ARB questions on two 63B_SAC criteria, 63B#0030 and 63B#0150.
...
- Richard explained that originally, when they did 63B_SAC, they didn't have the choice of roles. They only had the assumption that it was a CSP. They introduced this new criterion with the last revision, stimulated by the creation of the 63C criteria, which assigns criteria to various roles within the Federation. So, the four roles are derived directly from the roles identified in 63C. For consistency reasons, they chose to replicate those four roles in 63A and B 63B SACs.
- IAWG does not want to change this because they don't have any grounds for making it applicable to CSP or maybe RPs as well, because the NIST requirement clearly says “Agencies”.
...