diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/claimant.md | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/doc/claimant.md b/doc/claimant.md new file mode 100644 index 0000000..6728fef --- /dev/null +++ b/doc/claimant.md @@ -0,0 +1,71 @@ +# Claimant model +## **System<sup>CHECKSUM</sup>** +System<sup>CHECKSUM</sup> is about the claims made by a data publisher. +* **Claim<sup>CHECKSUM</sup>**: + _I, data publisher, claim that the data_: + 1. has cryptographic hash X + 2. is produced by no-one but myself +* **Statement<sup>CHECKSUM</sup>**: signed checksum<br> +* **Claimant<sup>CHECKSUM</sup>**: data publisher<br> + The data publisher is a party that wants to publish some data. +* **Believer<sup>CHECKSUM</sup>**: end-user<br> + The end-user is a party that wants to use some published data. +* **Verifier<sup>CHECKSUM</sup>**: data publisher<br> + Only the data publisher can verify the above claims. +* **Arbiter<sup>CHECKSUM</sup>**:<br> + There's no official body. Invalidated claims would affect reputation. + +System<sup>CHECKSUM\*</sup> can be defined to make more specific claims. Below +is a reproducible builds example. + +### **System<sup>CHECKSUM-RB</sup>**: +System<sup>CHECKSUM-RB</sup> is about the claims made by a _software publisher_ +that makes reproducible builds available. +* **Claim<sup>CHECKSUM-RB</sup>**: + _I, software publisher, claim that the data_: + 1. has cryptographic hash X + 2. is the output of a reproducible build for which the source can be located + using X as an identifier +* **Statement<sup>CHECKSUM-RB</sup>**: Statement<sup>CHECKSUM</sup> +* **Claimant<sup>CHECKSUM-RB</sup>**: software publisher<br> + The software publisher is a party that wants to publish the output of a + reproducible build. +* **Believer<sup>CHECKSUM-RB</sup>**: end-user<br> + The end-user is a party that wants to run an executable binary that built + reproducibly. +* **Verifier<sup>CHECKSUM-RB</sup>**: any interested party<br> + These parties try to verify the above claims. For example: + * the software publisher itself (_"has my identity been compromised?"_) + * rebuilders that check for locatability and reproducibility +* **Arbiter<sup>CHECKSUM-RB</sup>**:<br> + There's no official body. Invalidated claims would affect reputation. + +## **System<sup>CHECKSUM-LOG</sup>**: +System<sup>CHECKSUM-LOG</sup> is about the claims made by a _log operator_. +It adds _discoverability_ into System<sup>CHECKSUM\*</sup>. Discoverability +means that Verifier<sup>CHECKSUM\*</sup> can see all +Statement<sup>CHECKSUM</sup> that Believer<sup>CHECKSUM\*</sup> accept. + +* **Claim<sup>CHECKSUM-LOG</sup>**: + _I, log operator, make available:_ + 1. a globally consistent append-only log of Statement<sup>CHECKSUM</sup> +* **Statement<sup>CHECKSUM-LOG</sup>**: signed tree head +* **Claimant<sup>CHECKSUM-LOG</sup>**: log operator<br> + Possible operators might be: + * a small subset of data publishers + * members of relevant consortia +* **Believer<sup>CHECKSUM-LOG</sup>**: + * Believer<sup>CHECKSUM\*</sup> + * Verifier<sup>CHECKSUM\*</sup><br> +* **Verifier<sup>CHECKSUM-LOG</sup>**: third parties<br> + These parties verify the above claims. Examples include: + * members of relevant consortia + * non-profits and other reputable organizations + * security enthusiasts and researchers + * log operators (cross-ecosystem) + * monitors (cross-ecosystem) + * a small subset of data publishers (cross-ecosystem) +* **Arbiter<sup>CHECKSUM-LOG</sup>**:<br> + There is no official body. The ecosystem at large should stop using an + instance of System<sup>CHECKSUM-LOG</sup> if cryptographic proofs of log + misbehavior are preseneted by some Verifier<sup>CHECKSUM-LOG</sup>. |