From 6ab06df1cd3dca8f4367ee009dde77a7b2fb79b1 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Wed, 12 May 2021 16:24:05 +0200 Subject: added a first take on claimant model There might be a few inconsistencies and errors. To be discussed! --- doc/claimant.md | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 doc/claimant.md (limited to 'doc') diff --git a/doc/claimant.md b/doc/claimant.md new file mode 100644 index 0000000..2aeebf0 --- /dev/null +++ b/doc/claimant.md @@ -0,0 +1,84 @@ +# Claimant model +## **SystemCHECKSUM**: +SystemCHECKSUM is about the claims made by a _data publisher_. +* **ClaimCHECKSUM**: + _I, data publisher, claim that the data_: + 1. has cryptographic hash X + 2. can be located using X as an identifier + 3. has properties Y (_"ecosystem specific_") +* **StatementCHECKSUM**: signed checksum
+* **ClaimantCHECKSUM**: data publisher
+ The data publisher is a party that wants to publish some data to an + end-user. +* **BelieverCHECKSUM**: end-user
+ Belief is based on seeing a valid StatementCHECKSUM. +* **VerifierCHECKSUM**: any interested party
+ These parties try to verify the above claims. For example: + * the data publisher itself (_"has my identity been compromised?"_) + * third-parties that want to look further into the data (_"ecosystem + specific_") +* **ArbiterCHECKSUM**:
+ There's no official body. Invalidated claims would affect reputation. + +**Example.** +The published data could be an executable binary from a reproducible build. The +ecosystem-specific claim would be that the corresponding source code can be +looked-up in a public database using X as an identifier. A rebuilder would +verify this claim by compiling the source, comparing the hashed output to the +claimed value. + +## **SystemCHECKSUM-LOG**: +SystemCHECKSUM-LOG is about the claims made by a _log operator_. +It adds _discoverability_ into SystemCHECKSUM. Discoverability means +that VerifierCHECKSUM can see all StatementCHECKSUM that +BelieverCHECKSUM will accept. + +* **ClaimCHECKSUM-LOG**: + _I, log operator, make available:_ + 1. a globally consistent append-only log of StatementCHECKSUM +* **StatementCHECKSUM-LOG**: signed tree head +* **ClaimantCHECKSUM-LOG**: log operator
+ Possible operators might be: + * a small subset of data publishers + * members of relevant consortia +* **BelieverCHECKSUM-LOG**: + BelieverCHECKSUM and + VerifierCHECKSUM
+ Belief is based on two factors: + 1. seeing a valid StatementCHECKSUM-LOG + 2. seeing a number of valid StatementCHECKSUM-WITNESS from + independent instances on SystemCHECKSUM-WITNESS + + A _policy_ defines the exact conditions that must be met. +* **VerifierCHECKSUM-LOG**: SystemCHECKSUM-WITNESS
+ Witnesses verify the log's append-only property from their own local + vantage point(s). +* **ArbiterCHECKSUM-LOG**:
+ There is no official body. The ecosystem at large should stop using an + instance of SystemCHECKSUM-LOG if cryptographic proofs of log + misbehavior are preseneted by some VerifierCHECKSUM-LOG. + +## **SystemCHECKSUM-WITNESS**: +SystemCHECKSUM-WITNESS is about making the claims of a log operator +_trustworthy_. +* **ClaimCHECKSUM-WITNESS**: + _I, witness, claim that_: + 1. SystemCHECKSUM-LOG provides a locally consistent append-only + log +* **StatementCHECKSUM-WITNESS**: signed tree head +* **ClaimantCHECKSUM-WITNESS**: third party
+ Examples of parties that may take on this role include: + * members of relevant consortia + * non-profits and other reputable organizations + * security enthusiasts and researchers + * log operators (cross-ecosystem) + * monitors (cross-ecosystem) + * a small subset of data publishers (cross-ecosystem) +* **BelieverCHECKSUM-WITNESS**: + BelieverCHECKSUM and + VerifierCHECKSUM
+ Belief is based on seeing a valid StatementCHECKSUM-WITNESS. +* **VerifierCHECKSUM-WITNESS**: n/a
+ Witnesses are trusted parties. Security is based on _strength in numbers_. +* **ArbiterCHECKSUM-WITNESS**:
+ There is no official body. Invalidated claims would affect reputation. -- cgit v1.2.3