IETF Logo Mail Archive

Re: [Sat] Lock-Evidence artifact type/enumeration

Thomas Hardjono <hardjono@mit.edu> Wed, 08 February 2023 12:38 UTC

Return-Path: <hardjono@mit.edu>
X-Original-To: sat@ietfa.amsl.com
Delivered-To: sat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11DF5C14F721 for <sat@ietfa.amsl.com>; Wed, 8 Feb 2023 04:38:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rFkl584tWVtW for <sat@ietfa.amsl.com>; Wed, 8 Feb 2023 04:38:33 -0800 (PST)
Received: from outgoing-exchange-3.mit.edu (outgoing-exchange-3.mit.edu [18.9.28.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5308C14CF15 for <sat@ietf.org>; Wed, 8 Feb 2023 04:38:32 -0800 (PST)
Received: from oc11exedge1.exchange.mit.edu (OC11EXEDGE1.EXCHANGE.MIT.EDU [18.9.3.17]) by outgoing-exchange-3.mit.edu (8.14.7/8.12.4) with ESMTP id 318CcLtw012365; Wed, 8 Feb 2023 07:38:24 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1675859904; bh=5idUgO9ODTZVvbzzeLitCpK03gm+Ix2Ixna6SJK33oc=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=LNrLS3bsoPwcNrQOT2yFDpROq4dFS/4BhmoRAdmk569WJ6Zhzg6qUM7RqDI1qqVH+ kUP00J/DrylXYFxjtc2v/jtQfjXOxvlc514oTjiueQlZl6rXWGMPIstccdl6bD22uW AFlP2XcM9n1gu+vdQl8Zb7onPHqgIzDwO9zp+oR0zSxma3nZkDtqLCVpCdwvn7w7EB AA6+toRBmAGNMh3S/cNHM+mYVFLK5bAKhWzo7ju5v8jKxYiW763VEFI993QzitwBZY WYlHLhP81NQHQlAzBGSxXZqfHrSzBcUAgZQ87RZyzvEsyXqMeZfsosz9TAxvubdd1A qlRL98f2njqKw==
Received: from w92expo23.exchange.mit.edu (18.7.74.77) by oc11exedge1.exchange.mit.edu (18.9.3.17) with Microsoft SMTP Server (TLS) id 15.0.1497.45; Wed, 8 Feb 2023 07:37:53 -0500
Received: from oc11expo23.exchange.mit.edu (18.9.4.88) by w92expo23.exchange.mit.edu (18.7.74.77) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Wed, 8 Feb 2023 07:38:22 -0500
Received: from oc11expo23.exchange.mit.edu ([18.9.4.88]) by oc11expo23.exchange.mit.edu ([18.9.4.88]) with mapi id 15.00.1497.042; Wed, 8 Feb 2023 07:38:22 -0500
From: Thomas Hardjono <hardjono@mit.edu>
To: Denis Avrilionis <denis@compell.io>, "Chen, Shiping (Data61, Eveleigh)" <Shiping.Chen@data61.csiro.au>, Orie Steele <orie@transmute.industries>
CC: "sat@ietf.org" <sat@ietf.org>
Thread-Topic: [Sat] Lock-Evidence artifact type/enumeration
Thread-Index: AQHZOkEvA3ZidI5dY0aEM3V03OVd067CtCNQgAEjPICAAL5pgIAAiXeA///gGw0=
Date: Wed, 08 Feb 2023 12:38:21 +0000
Message-ID: <cf175c097bdb47e6be9b45ea373156ac@oc11expo23.exchange.mit.edu>
References: <26754e6a5b784d4586773a4a506f9f20@oc11expo23.exchange.mit.edu> <ME3PR01MB811346CE9BB65C0EC0873692D1DB9@ME3PR01MB8113.ausprd01.prod.outlook.com> <CAN8C-_J75sJstAUo9YB+M00vZu6g9DUsAWi11+ZEBOeAEVbANg@mail.gmail.com> <ME3PR01MB81135D736C0A58CDF8398C9ED1D89@ME3PR01MB8113.ausprd01.prod.outlook.com>, <DE4A1A03-D67D-42FE-A724-402BDDFE4F2A@compell.io>
In-Reply-To: <DE4A1A03-D67D-42FE-A724-402BDDFE4F2A@compell.io>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [73.100.88.16]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sat/hY9criMAKgCA9JWWL8jXaUetqE4>
Subject: Re: [Sat] Lock-Evidence artifact type/enumeration
X-BeenThere: sat@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "The purpose of this mailing-list is to discuss the secure asset transfer \(SAT\) protocol and related aspects." <sat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sat>, <mailto:sat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sat/>
List-Post: <mailto:sat@ietf.org>
List-Help: <mailto:sat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sat>, <mailto:sat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2023 12:38:37 -0000

Thanks Denis,

I think we could help implementers tremendously by using something you suggested:

did:gateway:tz:tz1aaYoabvj2DQtpHz74Z83fSNjY29asdBfZ



>>>  In such a case we wouldn’t need to implement cascade resolvers, 
>>>  we could just state which resolver we would use to verify the cascade part.

Yes agree. We need to avoid the complexity of (and delays caused by) cascading.


--Thomas



________________________________________
From: Denis Avrilionis [denis@compell.io]
Sent: Wednesday, February 8, 2023 4:30 AM
To: Chen, Shiping (Data61, Eveleigh); Orie Steele; Thomas Hardjono
Cc: sat@ietf.org
Subject: Re: [Sat] Lock-Evidence artifact type/enumeration

Dear Shiping, Orie, Thomas,

Going in the direction of Shiping, one aspect that we may consider is that gateways depend on networks whereas the networks don’t have dependencies on gateways. Therefore we could consider a gateway identity that follows the identification of a given network (see some "network-specific” DID methods in section 14 (registries) here: https://www.w3.org/TR/did-spec-registries/): such a method could look like this:

did:gateway:tz:tz1aaYoabvj2DQtpHz74Z83fSNjY29asdBfZ

the “gateway” is the method, whereas the "tz:tz1aaYoabvj2DQtpHz74Z83fSNjY29asdBfZ" is the method-specific-id of the DID “gateway" method (gateway is kind a of “meta” method)

As defined in https://www.w3.org/TR/did-core/#did-syntax the method-specific-id could be used to contain complete DID methods of “cascade” DIDs. In the example above we should implement the resolution part of the “gateway” part, then define explicitly which resolver we would use to continue verification of the method-specific-id (for example a did “tz” for the tezos registry resolver that would take care of "tz:tz1aaYoabvj2DQtpHz74Z83fSNjY29asdBfZ”). In such a case we wouldn’t need to implement cascade resolvers, we could just state which resolver we would use to verify the cascade part.

Denis

On 8 Feb 2023, at 03:18, Chen, Shiping (Data61, Eveleigh) <Shiping.Chen@data61.csiro.au<mailto:Shiping.Chen@data61.csiro.au>> wrote:

Thank Orie for your input to this discussion.

>There are 2 possible DID "strings", not sure which would be best for your use case

I mean the 1st, i.e. the DiD string, instead of a specific service.
Please refer to https://datatracker.ietf.org/doc/draft-chen-dlt-gateway-identification/ for its rationale and details.

Since it is still in draft, we are open and welcome to other solutions/suggestions.



Cheers
-
Shiping

From: Orie Steele <orie@transmute.industries<mailto:orie@transmute.industries>>
Sent: Wednesday, 8 February 2023 12:57 AM
To: Chen, Shiping (Data61, Eveleigh) <Shiping.Chen@data61.csiro.au<mailto:Shiping.Chen@data61.csiro.au>>
Cc: sat@ietf.org<mailto:sat@ietf.org>; Thomas Hardjono <hardjono@mit.edu<mailto:hardjono@mit.edu>>
Subject: Re: [Sat] Lock-Evidence artifact type/enumeration

There are 2 possible DID "strings", not sure which would be best for your use case:

## DID

did:example:123

This resolves to cryptographic keys for relationships, such as authentication or assertion, and services for interacting with the DID Subject.

## DID URL

did:example:123/resources/456?query=789#fragment-123

This can dereference resources internal to the DID or external to it... it tends to be more "method specific", so not all methods will support it to the same degree.

It sounds to me like you are discussing a "service" which might be identified like this:

did:web:gateway.example#gateway-42

where there is a service in the DID Document that looks like this:

```
 "service": [{
    "id": "did:web:gateway.example#gateway-42",
    "type": "SATPGateway",
    "serviceEndpoint": "https://gateway.example/api/"
  }]
```

Regards,

OS

On Mon, Feb 6, 2023 at 7:43 PM Chen, Shiping (Data61, Eveleigh) <Shiping.Chen@data61.csiro.au<mailto:Shiping.Chen@data61.csiro.au>> wrote:
> gateway-ID":  "mygateway.com/gw1<http://mygateway.com/gw1>

Its value would/can be a DiD string if being standardized, something like: did:gateway:dwu231dwh, which is resolvable by 1 or multiple DiD repository services.


Cheers
-
Shiping

-----Original Message-----
From: sat <sat-bounces@ietf.org<mailto:sat-bounces@ietf.org>> On Behalf Of Thomas Hardjono
Sent: Tuesday, 7 February 2023 3:01 AM
To: sat@ietf.org<mailto:sat@ietf.org>
Subject: [Sat] Lock-Evidence artifact type/enumeration


Hi All,

I recently received an interesting question about SATP Core and the lock-evidence.

The specific question was about (a) what does the Lock-Evidence artifact (data structure) look like and who will spec it (IETF?), and (b) how to assign some kind of identification to the *type* of the lock (because each network/ledger will have its own data structure).


The lock-evidence structure must have enough information (e.g. block number; record number) to allow the authorized third party (e.g. auditor) to later verify that the Lock-Evidence is true/accurate. This need is independent from the fact the GW1 has signed the message 2.5 (carrying the Lock-Evidence) and is now liable in the case that it makes a mistake or is lying (or was hacked).

The information stated in the Lock-Evidence may also need to be recorded in the Receipt from GW2 to GW1 at the end of the flows in message 3.8.

As reference, here is the link to the current message-flow diagram (v15):

https://bit.ly/3Yw20BT


There are at least 2 places in the message-flow diagram that the type of the lock/ledger needs to be stated.

The first mention is in Stage-0 when gateway GW1 and GW2 are negotiating artifacts and parameters.

The second mention is in message 2.5 in the message-flow diagram, which is also in SATP Core draft in Section 8.3:

   *  lock_evidence_claim REQUIRED.  The lock or escrow evidence (on the
      network behind the client).

   *  lock_claim_format OPTIONAL.  The format of the evidence.

   *  lock_evidence_expiration REQUIRED.  The duration of time of lock
      on the asset (after which the lock is released).


I sketched the following lock-evidence structure (in JSON notation) that could be used in the lock_evidence_claim:

{
       "gateway-ID":  "mygateway.com/gw1<http://mygateway.com/gw1>"
       "lock-evidence type":  "escrow",
       "network-ID":  "7777xa"              [32-byte identifier EIP3220]
       "block number": "775,306bla",
       "block hash": "0000-39ca",
       "escrow holder":  "b7bd-159d"     [hash of address]
       ...
}


Thoughts?


More questions:

-- Do we need some kind of IANA registration for the lock-evidence type value (e.g. alphanumeric)?

-- Is there some similarity of requirements between Views and the lock-evidence type?



best
--thomas




--
sat mailing list
sat@ietf.org<mailto:sat@ietf.org>
https://www.ietf.org/mailman/listinfo/sat

--
sat mailing list
sat@ietf.org<mailto:sat@ietf.org>
https://www.ietf.org/mailman/listinfo/sat


--
ORIE STEELE
Chief Technical Officer
www.transmute.industries<http://www.transmute.industries/>

[https://drive.google.com/a/transmute.industries/uc?id=1hbftCJoB5KdeV_kzj4eeyS28V3zS9d9c&export=download]<https://www.transmute.industries/>
--
sat mailing list
sat@ietf.org<mailto:sat@ietf.org>
https://www.ietf.org/mailman/listinfo/sat

v2.23.0 | Report a Bug | By Email