From 5a780e8cd56509218123671be5826cbd2f0e8d2c Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Thu, 13 May 2021 16:00:37 +0200 Subject: added claimant model, take 3 --- doc/claimant.md | 52 +++++++++++++++------------------------------------- 1 file changed, 15 insertions(+), 37 deletions(-) (limited to 'doc/claimant.md') diff --git a/doc/claimant.md b/doc/claimant.md index b98f2ad..6728fef 100644 --- a/doc/claimant.md +++ b/doc/claimant.md @@ -7,12 +7,11 @@ SystemCHECKSUM is about the claims made by a data publisher. 2. is produced by no-one but myself * **StatementCHECKSUM**: signed checksum
* **ClaimantCHECKSUM**: data publisher
- The data publisher is a party that wants to publish some data to an - end-user. + The data publisher is a party that wants to publish some data. * **BelieverCHECKSUM**: end-user
- Belief is based on seeing a valid StatementCHECKSUM. + The end-user is a party that wants to use some published data. * **VerifierCHECKSUM**: data publisher
- The data publisher tries to detect unwanted statements. + Only the data publisher can verify the above claims. * **ArbiterCHECKSUM**:
There's no official body. Invalidated claims would affect reputation. @@ -29,8 +28,11 @@ that makes reproducible builds available. using X as an identifier * **StatementCHECKSUM-RB**: StatementCHECKSUM * **ClaimantCHECKSUM-RB**: software publisher
+ The software publisher is a party that wants to publish the output of a + reproducible build. * **BelieverCHECKSUM-RB**: end-user
- Belief is based on seeing a valid StatementCHECKSUM-RB. + The end-user is a party that wants to run an executable binary that built + reproducibly. * **VerifierCHECKSUM-RB**: any interested party
These parties try to verify the above claims. For example: * the software publisher itself (_"has my identity been compromised?"_) @@ -53,41 +55,17 @@ StatementCHECKSUM that BelieverCHECKSUM\* accept. * a small subset of data publishers * members of relevant consortia * **BelieverCHECKSUM-LOG**: - BelieverCHECKSUM\* and - VerifierCHECKSUM\*
- Belief is based on two factors: - 1. seeing a valid StatementCHECKSUM-LOG - 2. seeing a number of valid StatementCHECKSUM-WITNESS from - independent instances of SystemCHECKSUM-WITNESS. -* **VerifierCHECKSUM-LOG**: SystemCHECKSUM-WITNESS
- Witnesses verify the log's append-only property from their own local - vantage point(s). -* **ArbiterCHECKSUM-LOG**:
- There is no official body. The ecosystem at large should stop using an - instance of SystemCHECKSUM-LOG if cryptographic proofs of log - misbehavior are preseneted by some VerifierCHECKSUM-LOG. - -## **SystemCHECKSUM-WITNESS**: -SystemCHECKSUM-WITNESS is about making the claims of a log operator -_trustworthy_. -* **ClaimCHECKSUM-WITNESS**: - _I, witness, claim that_: - 1. SystemCHECKSUM-LOG provides a locally consistent append-only - log -* **StatementCHECKSUM-WITNESS**: signed tree head -* **ClaimantCHECKSUM-WITNESS**: third party
- Examples of parties that may take on this role include: + * BelieverCHECKSUM\* + * VerifierCHECKSUM\*
+* **VerifierCHECKSUM-LOG**: third parties
+ These parties verify the above claims. Examples include: * members of relevant consortia * non-profits and other reputable organizations * security enthusiasts and researchers * log operators (cross-ecosystem) * monitors (cross-ecosystem) * a small subset of data publishers (cross-ecosystem) -* **BelieverCHECKSUM-WITNESS**: - BelieverCHECKSUM\* and - VerifierCHECKSUM\*
- Belief is based on seeing a valid StatementCHECKSUM-WITNESS. -* **VerifierCHECKSUM-WITNESS**: n/a
- Witnesses are trusted parties. Security is based on _strength in numbers_. -* **ArbiterCHECKSUM-WITNESS**:
- There is no official body. Invalidated claims would affect reputation. +* **ArbiterCHECKSUM-LOG**:
+ There is no official body. The ecosystem at large should stop using an + instance of SystemCHECKSUM-LOG if cryptographic proofs of log + misbehavior are preseneted by some VerifierCHECKSUM-LOG. -- cgit v1.2.3