Automotive Working Group Teleconference

08 Sep 2020



Ted, Isaac, Peter, Ulf, Glenn, StevenM, Magnus, Arman, Gunnar, MagnusF, Adnan


<scribe> scribenick: ted

<scribe> Scribe: Ted


<magnusg> https://rawcdn.githack.com/UlfBj/automotive/be53b05a589cccde4280a0159091573d0ddff9cb/spec/Gen2_Core.html

Isaac: we introduced distinction between short and long term grant tokens
... for long term we need proof of possession of private key in order to get an access token
... we created a section on this proof
... as Ulf mentioned this was a main concern of the group

Gunnar: any updates on key generation part, how to get pair in the first place?

Isaac: to be honest, I think that should be left open to implementers
... I don't see going into more details. if you have the hardware/software support for key generation you can go for long term otherwise short

Gunnar: point of the hardware part? [faint audio]

Isaac: long vs short term is based on concerns raised previously, to handle vehicle having connectivity issues which prompted long term use case for offline
... in this scenario the application will send the key pair to access grant server. there is no identity bound to it
... with access token server if you include this proof you can get longer token

Gunnar: are there concerns with man-in-the-middle for initial key pair?

Isaac: we did not address that
... we could include in the chapter a security model where we acknowledge the risks we are mitigating and distinguish what we are not and defer to implementers

Gunnar: I want us to describe a secure method or what the actual exchange is and how to secure it
... clarify what is out of scope and theoretical description of issue so it can be addressed

Ulf: there is no risk in sharing public key

Gunnar: risk is in sending initial pair, someone can intercept and send their pair

Isaac: we have nothing on authentication for instance

Ted: are there more areas you wish to address before accepting the PR? as a reminder people can raise additional issues

Ulf: yes, let's proceed
... we have made updates from most comments
... instead of changing order of sections as you suggested, we link to that topic
... I don't believe anything remains from comments that should be raised to issue level initially

Peter proposes to accept PR

Adnan: ok for me

<magnusg> actually it was magnus :)

Peter: Ted please merge the PR

[no objection]

Github issue walkthru


issue 306 - data model paragraph, now have permanent normative reference

Gunnar: there has been no input on alternate taxonomies and we have to work with what we have
... we can also encapsulate additional data in VSS
... ok with the proposed text but also want to push back

[brief revisit of debate on trying contain all types of data in VSS vs separate data models/taxonomies]

Peter: we are uninterested in the media case

Gunnar: there could be more data, take CVII as that identifies other possible data

MagnusF: private branches can be staging areas and later become candidate for inclusion in the main tree

Ted to create PR for 306 and 307 in VISS and Gen2 respectively

TPAC agenda

Peter: Adjourned

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version (CVS log)
$Date: 2020/09/08 19:41:04 $