[Keytrans] More prior art
Phillip Hallam-Baker <phill@hallambaker.com> Mon, 31 July 2023 18:43 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: keytrans@ietfa.amsl.com
Delivered-To: keytrans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C95FAC1516F2 for <keytrans@ietfa.amsl.com>; Mon, 31 Jul 2023 11:43:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.404
X-Spam-Level:
X-Spam-Status: No, score=-1.404 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6riOodGp0U-X for <keytrans@ietfa.amsl.com>; Mon, 31 Jul 2023 11:43:47 -0700 (PDT)
Received: from mail-oo1-f52.google.com (mail-oo1-f52.google.com [209.85.161.52]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17933C151994 for <keytrans@ietf.org>; Mon, 31 Jul 2023 11:43:21 -0700 (PDT)
Received: by mail-oo1-f52.google.com with SMTP id 006d021491bc7-5661e8f4c45so3520669eaf.1 for <keytrans@ietf.org>; Mon, 31 Jul 2023 11:43:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690829000; x=1691433800; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UYQ2MwT4zVYVblFpiedzDa9D5yLkweSDHyQUmFaInmQ=; b=F61+j8N99mBrMtGbKtji99gMmId1iPW2AvdlNom8Iuql5Xg1KhI4u6XwiLImHV/VBD e5WvIRQRSLtRWjwNepDjiPPWDV9/AWP4FNDdkk+5a+MYrGABNrvCUNXjnDe1ozl29wDY ukLh/feMg9e8EnPDYSqKoqBMROF5+XwUKb4ubra/IdSrqeDmVve4snNNFtmpyg4NkTGc hpAFT3r2GsUISrYJqs1XQ2YU5+rQ2PI88Jk8uYAMTLGRzN1Q9a6x4xK1ydGoNOcYUFl/ J1ACIJmqwMpfmDCmS5iB2JBmhzYTR9GYDfz6XQ6J4cMJpcVPmk8XjflItJ/P9KbzbOfE LKAA==
X-Gm-Message-State: ABy/qLY1qpjaVYbcOJmLMgIGEAMa7E/iFDEf6Ulgp/VrKrrgduTlZVGJ EiYwCyd6RXRSvXIJvProTHiD+v9xa0rDcY43fETlvg4hXFv+6Q==
X-Google-Smtp-Source: APBJJlHgAMyPQVQoEoDswW/mgcWDCPIfAH6AC4TtFtAwkTxu1ptbXI2EWlC+KCJi2CnGpUExvWTDMHHduaD2mQ/52VU=
X-Received: by 2002:a4a:3041:0:b0:56c:771c:85a8 with SMTP id z1-20020a4a3041000000b0056c771c85a8mr6938808ooz.9.1690829000054; Mon, 31 Jul 2023 11:43:20 -0700 (PDT)
MIME-Version: 1.0
References: <c1e8a3f7-2fb7-4be3-be88-2bbea4a288e0@kuix.de>
In-Reply-To: <c1e8a3f7-2fb7-4be3-be88-2bbea4a288e0@kuix.de>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 31 Jul 2023 14:43:05 -0400
Message-ID: <CAMm+Lwi8gnvDHNBytEbS4WFLznHf+PuA8aZTcxXOSB-O4c5R1A@mail.gmail.com>
To: Kai Engert <kaie@kuix.de>
Cc: keytrans@ietf.org
Content-Type: multipart/alternative; boundary="000000000000eca2ea0601cccdff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/keytrans/H_xtjVsImCgK7ERghGYE42P4oB0>
Subject: [Keytrans] More prior art
X-BeenThere: keytrans@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Key Transparency <keytrans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/keytrans>, <mailto:keytrans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/keytrans/>
List-Post: <mailto:keytrans@ietf.org>
List-Help: <mailto:keytrans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keytrans>, <mailto:keytrans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jul 2023 18:43:48 -0000
It is always useful to know what already exists, I have been working on applying BlockChain technology to certificates since before BitCoin existed. I even tried to buy out the Surety patents at one point. So, I have this in the public record going back to at least 2013-10-16. If necessary, can go back further. https://www.ietf.org/archive/id/draft-hallambaker-mesh-trust-09.html https://datatracker.ietf.org/doc/draft-hallambaker-prismproof-trust/ I am not sure if it addresses Plausikey directly, but it does describe the basic notion of churning keys and key assertions into an authenticated append only log and provides metrics for evaluating the benefit 'social work factor'. My plan was to demonstrate this system at SF and then I got COVID and lost three weeks development time: https://datatracker.ietf.org/doc/draft-hallambaker-mesh-architecture/ The code all runs in console mode. What I expect to deliver in a very few weeks is an end-to-end secure iOS/Android app that allows people to * Connect as many devices as they wish to their personal mesh, * Connected devices are automatically provisioned with credentials according to their designated role, e.g. 'IoT', 'admin', 'developer', 'messaging'. My toaster does not need my code signing or email decryption keys. * Create contact assertions containing a set of contact addresses and public keys, 'family', 'work', 'developer', 'vendor' * Exchange contacts with minimum 2^120 bit work factor authentication via a range of modalities (QR code in-person, remote). The Mesh is based on authenticated sequences of encrypted data. I have not yet implemented signing the sequence but that is merely signing the zone apex. The dev issue is actually writing the test code rather than the implementation. By the time we meet at Prague I hope to at least have a prototype of an app in which everyone runs their own notary log which is used to periodically checkpoint all the other catalogs and spools and to notarize important signatures (e.g. contact assertions). The user periodically cross notarizes with their Mesh Service Provider which in turn (typically) cross notarizes with the Mesh callsign registry. The net is that if Alice is asking the question, 'Did Bob sign this document at time T', she can come up with an answer 'Bob signed the document after T1 and before T2' and the ultimate source of trust for that is Alice's own personal log. Of course, people may need greater fidelity for certain applications but the risk of relying on a TTP for notary log signing is really small because 1) it is really only possible to defect once and 2) we can validate against as many TTPs as we like and they had better all give the same result. The long term plan is to allow people to reinforce their credentials with as many checkpoints as they like. So for example, I might bring a laptop to Prague and just have it running with an app that runs the contact exchange protocol. Anyone who want to can do a contact exchange against the device which will create a signed assertion 'Fred was at IETF118'. Now lets say Fred is wanting to join the GPG developer group and they (understandably) ask 'WTFAY', Fred can say, 'I am the Fred who went to IETF 118, BlackHat 2024, RSA 2025, etc. etc.' Not proof perfect that Fred isn't a bad 'un but vastly better control than we have ever had in the past. Like I said, I do have running code. The code base is essentially JSON based but for encoding efficiency, I use a superset of JSON which uses the unused tag code points in ASCII for binary tagging. As folk can probably understand I am not going to be very interested in proposals of the form 'please delay release of the thing you have been working on for over a decade, the last five at your own expense to switch to this random encoding we think is prettier / let us start thinking about the problem'. On Mon, Jul 31, 2023 at 8:56 AM Kai Engert <kaie@kuix.de> wrote: > Hello, > > shortly, in a separate email, I will send a document that describes a > potential solution for key authentication and key transparency for > OpenPGP public keys for email addresses. > > At this time I don't have the document published anywhere on the web. > > To ensure nobody can claim to have had this idea before, and to > hopefully prevent anyone from registering any patent claims or similar, > I'm sending the full document to this list, to create a proof that this > idea has already been published. > > I release this idea into the public domain, I have not submitted any > patent claims, and don't intend to do so, and hopefully nobody else will > ever be able to successfully submit such a claim. > > This disclaimer is just me being careful. > > I haven't yet shared this idea with anyone else, so it might as well > turn out that the idea is nonsense or impractical or has obvious flaws, > in which case I apologize for the noise. > > Best Regards > Kai > -- > Keytrans mailing list > Keytrans@ietf.org > https://www.ietf.org/mailman/listinfo/keytrans >
- [Keytrans] Heads-up: Plausikey Kai Engert
- [Keytrans] More prior art Phillip Hallam-Baker