[saag] Key Management in the Mathematical Mesh
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 30 March 2023 13:54 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AB95C13AE4D; Thu, 30 Mar 2023 06:54:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.549
X-Spam-Level:
X-Spam-Status: No, score=-1.549 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.096, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q64TraDeprUt; Thu, 30 Mar 2023 06:54:05 -0700 (PDT)
Received: from mail-oi1-f169.google.com (mail-oi1-f169.google.com [209.85.167.169]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF826C1524DE; Thu, 30 Mar 2023 06:54:05 -0700 (PDT)
Received: by mail-oi1-f169.google.com with SMTP id q27so13449369oiw.0; Thu, 30 Mar 2023 06:54:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680184445; x=1682776445; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=pC1c8kxhl7FpJeOXcgnjVu0LAmtlGlxkEy8khLdPNKs=; b=oDFz9/5gC6KSjQdnbH/pkcx4oDLO1OoNWy0pg6CfLXaOpoLtxLVp9R+Sd9G2ANSIoR kjmcKZKhsuoIJOSpkqo2KtL62+H7JVbaogHfeVZ9q9eauWryeds7QyBiuO3N5VNAbRLh OosDNGhJe9SLMCNdmAbW0vVb1XRiL/2WWGzkthAAxgThd3BqF16JIwAh9t+7Hi/8x5n2 OLqIWMlsJFwHfs6H/WE8Tu28U8EV0K6decgGlJ8377IfjS9UmLsgYymZlqfVEMMA4rMf JqD0lR0jtu5N4djam1BnY6sxGFQx90bfqp5A2W73gHANuZY3dGLzuwDGKH4pckRhpl0J q32g==
X-Gm-Message-State: AO0yUKWWvlp1RnJD0Xt2JO+5o5QE1Jr4rXHRLIrbBijjBs4tyaEd2B56 tUVoyvzQzezGpBBLrFiJNT7pUQ5uH3Rs7yCl08FxSvnsxsFKfw==
X-Google-Smtp-Source: AK7set/UsgzynyHb1J1W/YHrEusYkMC+iMM9xnpTpyRvcjFmIXY4VqJdeDWEW3evbOpaaGSR8qatSkl8zeyvy4NOVdM=
X-Received: by 2002:a05:6808:21a3:b0:387:17bc:c319 with SMTP id be35-20020a05680821a300b0038717bcc319mr7627839oib.6.1680184444459; Thu, 30 Mar 2023 06:54:04 -0700 (PDT)
MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 30 Mar 2023 09:53:53 -0400
Message-ID: <CAMm+LwjqL4sWKXMNBRdWc9cDf_wJNKX5LX2nEuym_zJ+RT1HeA@mail.gmail.com>
To: keytrans@ietf.org, IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f81fbc05f81e6ca0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/IRAd0kALyqPzOhePJKBYI1a6tPo>
Subject: [saag] Key Management in the Mathematical Mesh
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2023 13:54:08 -0000
I didn't hear about the session until after it occurred. It might have been useful to advertise the BOF on SAAG, it is one of the things the SAAG list is supposed to be for. My view is that it is a feature of a key management infrastructure and not a standalone protocol. I have running code which I am in the process of deploying this year so my interest in starting from scratch to implement a small subset of the problem that isn't useful on its own is nil. Plenty of people have known I have been working on this, I am rather surprised nobody invited me to participate. Or rather I am not surprised at all. The minimum viable feature set is contact exchange. Alice is a developer, she joins a project using Github that is applying software lifecycle assurance. This requires her to provide an SSH key to access the repository, an OpenPGP key to sign her commits and various PKIX certificates for signing development releases on different platforms. All these keys are 'Alice' but plonking them all into a hash chain individually isn't useful because we need to know that they all relate to Alice and that they have specific purposes. So that leads us to a signed contact assertion which is of course just another form of certificate. but it is in JSON format so, thats OK. Alice can exchange her Mesh contact assertion via QR code in person, various forms of remote exchange or rely on TAFU. Once she acquires Bob's contact assertion, she puts it in her contacts catalog which is a Merkle Tree validated sequence. Alice attends an IETF, she checkpoints her contact assertion during registration. This adds the cost of attending an IETF in Yokohama in 2023 to the social work factor of her contact assertion. And that can be used by Bob in 2027 to determine that if the contact assertion she presents is a forgery, the impostor spent $4000 four years ago to establish it. It would not be difficult to achieve a pretty sizable social work factor in a fairly short time. This is something I proposed a decade ago, long before the Blockchain bandits started attempting to patent everything that moves. I have strong prior art for my system. The Mesh approach has the feature that every user is their own ultimate root of trust. If Alice is asking 'was this document signed between dates X and Y' and she was participating in the Mesh at times X and Y, she can validate that assertion by consulting her own notary log. No third parties are required. The scope of this aspect of the Mesh is not limited to keys, it is designed to authenticate digital evidence so that if there is a court case in which the evidence of Alice the forensic expert is being challenged, this can be demonstrated against the notary log of the court, or the state or NIST if they are participating in the Mesh. This is possible because everything in the Mesh is represented in an append only log format authenticated by means of a digital signature over the apex value of a Merkle Tree: https://www.ietf.org/archive/id/draft-hallambaker-mesh-dare-16.html So Alice isn't doing anything special to run a notary log, she just creates an entry in her log when she signs her data. She periodically adds the apex values of her personal catalogs and stores to her personal notary log and signs them. She also periodically exchanges apex signatures with her Mesh Service Provider to achieve 'cross notarization'. Mesh Service Providers periodically cross notarize with the callsign registry which is one way to connect the graph but doesn't need to be the only way. The 'gossip' protocol with a public blackboard mentioned in some of the slides is the same idea but lacks the scaling. It never happened for CT and I see no reason for it to happen for KT without a strong business model to support it. One of the main reasons I needed the callsign registry was precisely to provide a business model to support a central node that could connect the Mesh notaries together. Perhaps some of you might actually look at some of the work I have done over the past five years before you try to repeat it. I have built an operating system for cryptography: It manages the private keys you use across all of your devices and all of your applications and it manages the public keys of the other parties you rely on. And it does all of that without users ever having to know they are using cryptography.
- [saag] Key Management in the Mathematical Mesh Phillip Hallam-Baker