[Wpack] DARE Containers as possible packaging mechanism

Phillip Hallam-Baker <phill@hallambaker.com> Thu, 27 June 2019 17:01 UTC

MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 27 Jun 2019 13:01:14 -0400
Message-ID: <CAMm+LwjuB=+_Q4SGdgtQikU+hX3fVi39jvQjF0i+MguRK6Ad9A@mail.gmail.com>
To: wpack@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a40f6a058c511cd5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/wpack/BzYQqYKp04u2Xh0KUoyaJgCHIfM>
Subject: [Wpack] DARE Containers as possible packaging mechanism
Precedence: list

As most of you know, I have been working on a new PKI to manage client side
keys providing an almost transparent user experience. This infrastructure,
the Mathematical Mesh makes use of a cryptographic repertoire that is
rather broader than the one traditionally used in commercial cryptography.
In particular, it makes use of meta-cryptography, that is operations on
keys.

Almost any network protocol can be made end-to-end secure with minimal
effort if every user has the necessary private keys available at every
device they wish to use. The purpose of the Mesh is providing the
capabilities necessary to achieve that securely under real world conditions
such as users losing devices, devices being compromised by malware or in
manufacture, etc.

The cryptographic platform on which the Mesh is built is called Data At
Rest Encryption (DARE). At a very basic level, this may be seen as being a
version of the PKCS#7/CMS scheme used in S/MIME applied to JSON Object
Encryption and Signature to provide an 'envelope' capability. For
efficiency, a modest extension of JSON encoding is available as an option,
this simply allows direct encoding of binary and UTF8 sequences without the
need for Base64 or escape encoding.

Envelopes may be joined together in an append only sequence to form a
container. While it is not their primary purpose in the Mesh, DARE
containers provide a full superset of ZIP archive capabilities combined
with modern cryptographic capabilities, i.e.

* Envelopes may be signed and encrypted individually.
* A single key exchange record may be used to encrypt and authenticate
multiple envelopes in a container.
* Blockchain type integrity checking is supported by means of simple chains
and Merkle trees.
* Various indexing mechanisms are supported.
* A form of proxy re-encryption is supported.

The last capability is useful in enterprise deployments as it permits a key
server in the cloud to control the ability to decrypt documents without
having the ability to perform decryption by itself. This protects against
the type of insider attack where the administrator of the key server
decrypts all the documents and makes off for Hong Kong as well as ordinary
cloud breaches.

The application I was considering for deployment of the file archive
capability was distribution of code. Current code signing technologies
target either the distribution package or the distributed files. DARE
Container supports both approaches with a single signature. It is also
allows for redacted containers to be distributed. So a video game for PC
and MAC might be distributed as a single container but the PC version need
only download the shared content and the PC executables.

There is reference code and a very comprehensive document set in
preparation. This was commissioned as pure research into where we might
want to take the industry and so backwards compatibility was intentionally
avoided. It is an open question as to whether the best approach from this
point on is to take the opportunity to jettison the baggage of the past
(ASN.1, PKIX, etc) or to attempt re-use.

I am currently working on finishing the 3.0 version of the documentation
set for Montreal.

[Wpack] DARE Containers as possible packaging mec… Phillip Hallam-Baker