Fossil: Changes To Signing and verification of artifacts






-
-
+
+

This document tries to bring closer a more ubiquitous,
seamless and useful signing and verification of artifacts.

**This is a draft!**  
It is incomplete.
It sketches out a few possible solutions
that try to balance flexibility and complexity.
It sketches out a few possible solutions.
These solutions try to balance flexibility and complexity.

<a id="toc"></a>
Table of content:

 * [Agenda and context](#context)
 * [Identity model](#identity)
 * [Auxiliary definitions](#defs)

-
+

> in some prominent (yet undecided) format...

[data in transit]: https://en.wikipedia.org/wiki/Data_in_transit
[data at rest]: https://en.wikipedia.org/wiki/Data_at_rest
[TLS]: https://en.wikipedia.org/wiki/Transport_Layer_Security
[CA]: https://en.wikipedia.org/wiki/Certificate_authority
[cold wallets]: https://en.wikipedia.org/wiki/Cold_wallet
[struct]: (/doc/2022-05-28/www/fileformat.wiki#structural)
[struct]: /doc/2022-05-28/www/fileformat.wiki#structural

<a id="identity"></a>
Identity model
==============

**Identity** is a cryptographically sound avatar of a human being.
[Identity is distinguished by the public key of it's **main keypair**]

-
+

In both cases a [human-friendly variant of base32 encoding][^base32]
is used in order to prevent confusion with artifacts' UUIDs and also to
facilitate verbal transfers (in the context of signing parties and alike).

Identity does not expire, but can be explicitly **abrogated**.
Identity's *main key* may be used to claim that it was *compromised*
or [intentionally *destroyed*.][^indestroy]
Also identity's *main key* may be used to declare a **trusted revoker** —
Also identity's *main key* may be used to declare a [**trusted revoker**][^revoker] —
a public key that is authorized to claim that identity's *main key*
is *lost*, *destroyed* or *compromised*.
The former claim may be recovered using the identity's *main key*, while
in the later two cases the whole identity is permanently *abrogated*.
A *trusted revoker* may be a key that is under exclusive control of
identity's owner or may be a *main key* of some other identity.
In both cases authorization of the *trusted revoker* may have an expiration








-
+
+

+


+
-
+





+
+
+
-
+
+
+
+
+
+
+
+









+
+
+

    * honesty:  
      — intolerance to the falsity of one's own propositions;
        one's own *claims* in particular.

    The integer values of 0, ±1, ±2 and ±3 may be interpreted as
    "same", "slightly", "noticeably" and "much" respectively.

A *claim* with proposition about *trustworthiness* is propogated to all
A *claim* with proposition about *trustworthiness* will be referred to as
**t-claim**. *T-claim* is propagated to all
projects that are relevant for both the *source* and the *destination*.
*T-claims* form a global "social graph".

A *claim* with propositions about *connectedness* and *integrity*
will be referred to as **ci-claim**.
is propagated to all projects that 
*CI-claim* is propagated to all projects that 

 * are relevant for both ends of the *claim*, and that
 * belong to the corresponding *workspace*
   (the one which propositions are about).

For a given signed artifact it is possible to estimate its *legitimacy*
provided that "social graph" contains a path from the identity who makes
an inquiry to the identity who signed that artifact.  
*To be continued...*
Probability that a signed artifact is *legitimate* may be computed for
arbitrary moment of time as weighted average of approximated *integrities*
from the available *ci-claim*s.  
The aforementioned weights are derived from the *t-claims*
using a computation over the underlying "social graph". This computation
starts from the identity who makes an *inquiry* and computes weights of
other identities in a [BFS-like][^BFS] manner, until the author of the
artifact is reached.

<a id="footnotes"></a>
Footnotes
=========

[^base32]:
  Something like [Crockford's Base32
  encoding](https://en.wikipedia.org/wiki/Base32#Crockford.27s_Base32).

[^revoker]:
  It's yet unclear which word is more appropriate: "trusted" or "designated".

[^indestroy]:
  This is a bit speculative because the signing of the
  "intentionally destroyed" *claim* has to precede
  the actual destruction of the last copy of a secret key;
  and that actual destruction may fail silently.

[^Binary]:








-
+
+
+
+
+
+
+
+
+

  "both directions" through the network of retransmitters
  (not all of which are necessarily participants of a project).

[^when]:
  The exact values of that delay is debatable. It is assumed that two *ERL*s
  might be enough for the *destination* to react on impersonation,
  and five *ERL*s might be enough for reaction from a *trusted revoker*
  or other participants of the *workspace*.
  or other participants of the *workspace*.  
  If the delay is modeled by [Erlang-2 distribution][ErlangK],
  then two *ERL*s give 91% probability that response has been received.

[^BFS]:
  [Breadth-first search](https://en.wikipedia.org/wiki/Breadth-first_search).
  Proceeds like an expanding concentric wave on the water.

[ErlangK]: https://en.wikipedia.org/wiki/Erlang_distribution#Erlang-k

1 2 3 4 5 ~~6 7~~ 8 9 10 11 12 13 14	1 2 3 4 5 6 7 8 9 10 11 12 13 14	- - + +	This document tries to bring closer a more ubiquitous, seamless and useful signing and verification of artifacts. This is a draft! It is incomplete. ~~It sketches out a few possible solutions ~~that~~ try to balance flexibility and complexity.~~ It sketches out a few possible solutions. These solutions try to balance flexibility and complexity. <a id="toc"></a> Table of content: * [Agenda and context](#context) * [Identity model](#identity) * [Auxiliary definitions](#defs)
︙
95 96 97 98 99 100 101 ~~102~~ 103 104 105 106 107 108 109	95 96 97 98 99 100 101 102 103 104 105 106 107 108 109	- +	> in some prominent (yet undecided) format... [data in transit]: https://en.wikipedia.org/wiki/Data_in_transit [data at rest]: https://en.wikipedia.org/wiki/Data_at_rest [TLS]: https://en.wikipedia.org/wiki/Transport_Layer_Security [CA]: https://en.wikipedia.org/wiki/Certificate_authority [cold wallets]: https://en.wikipedia.org/wiki/Cold_wallet ~~[struct]: (/doc/2022-05-28/www/fileformat.wiki#structural)~~ [struct]: /doc/2022-05-28/www/fileformat.wiki#structural <a id="identity"></a> Identity model ============== Identity is a cryptographically sound avatar of a human being. [Identity is distinguished by the public key of it's main keypair]
︙
119 120 121 122 123 124 125 ~~126~~ 127 128 129 130 131 132 133	119 120 121 122 123 124 125 126 127 128 129 130 131 132 133	- +	In both cases a [human-friendly variant of base32 encoding][^base32] is used in order to prevent confusion with artifacts' UUIDs and also to facilitate verbal transfers (in the context of signing parties and alike). Identity does not expire, but can be explicitly abrogated. Identity's main key may be used to claim that it was compromised or [intentionally destroyed.][^indestroy] ~~Also identity's main key may be used to declare a trusted revoker —~~ Also identity's main key may be used to declare a [trusted revoker][^revoker] — a public key that is authorized to claim that identity's main key is lost, destroyed or compromised. The former claim may be recovered using the identity's main key, while in the later two cases the whole identity is permanently abrogated. A trusted revoker may be a key that is under exclusive control of identity's owner or may be a main key of some other identity. In both cases authorization of the trusted revoker may have an expiration
︙
347 348 349 350 351 352 353 ~~354~~ 355 356 357 ~~358~~ 359 360 361 362 363 ~~364~~ 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380	347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396	- + + + + - + + + + - + + + + + + + + + + +	* honesty: — intolerance to the falsity of one's own propositions; one's own claims in particular. The integer values of 0, ±1, ±2 and ±3 may be interpreted as "same", "slightly", "noticeably" and "much" respectively. ~~A claim with proposition about trustworthiness is pr~~opogat~~ed to all~~ A claim with proposition about trustworthiness will be referred to as t-claim. T-claim is propagated to all projects that are relevant for both the source and the destination. T-claims form a global "social graph". A claim with propositions about connectedness and integrity will be referred to as ci-claim. ~~is propagated to all projects that~~ CI-claim is propagated to all projects that * are relevant for both ends of the claim, and that * belong to the corresponding workspace (the one which propositions are about). For a given signed artifact it is possible to estimate its legitimacy provided that "social graph" contains a path from the identity who makes an inquiry to the identity who signed that artifact. ~~To be co~~ntinu~~ed...~~ Probability that a signed artifact is legitimate may be computed for arbitrary moment of time as weighted average of approximated integrities from the available ci-claims. The aforementioned weights are derived from the t-claims using a computation over the underlying "social graph". This computation starts from the identity who makes an inquiry and computes weights of other identities in a [BFS-like][^BFS] manner, until the author of the artifact is reached. <a id="footnotes"></a> Footnotes ========= [^base32]: Something like [Crockford's Base32 encoding](https://en.wikipedia.org/wiki/Base32#Crockford.27s_Base32). [^revoker]: It's yet unclear which word is more appropriate: "trusted" or "designated". [^indestroy]: This is a bit speculative because the signing of the "intentionally destroyed" claim has to precede the actual destruction of the last copy of a secret key; and that actual destruction may fail silently. [^Binary]:
︙
400 401 402 403 404 405 406 ~~407~~	416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431	- + + + + + + + + +	"both directions" through the network of retransmitters (not all of which are necessarily participants of a project). [^when]: The exact values of that delay is debatable. It is assumed that two ERLs might be enough for the destination to react on impersonation, and five ERLs might be enough for reaction from a trusted revoker ~~or other participants of the workspace.~~ or other participants of the workspace. If the delay is modeled by [Erlang-2 distribution][ErlangK], then two ERLs give 91% probability that response has been received. [^BFS]: [Breadth-first search](https://en.wikipedia.org/wiki/Breadth-first_search). Proceeds like an expanding concentric wave on the water. [ErlangK]: https://en.wikipedia.org/wiki/Erlang_distribution#Erlang-k

Fossil

Changes to "Signing and verification of artifacts" between 2022-06-04 22:54:22 and 2022-06-06 17:19:56