From 6ab06df1cd3dca8f4367ee009dde77a7b2fb79b1 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Wed, 12 May 2021 16:24:05 +0200 Subject: added a first take on claimant model There might be a few inconsistencies and errors. To be discussed! --- doc/claimant.md | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 doc/claimant.md (limited to 'doc') diff --git a/doc/claimant.md b/doc/claimant.md new file mode 100644 index 0000000..2aeebf0 --- /dev/null +++ b/doc/claimant.md @@ -0,0 +1,84 @@ +# Claimant model +## **SystemCHECKSUM**: +SystemCHECKSUM is about the claims made by a _data publisher_. +* **ClaimCHECKSUM**: + _I, data publisher, claim that the data_: + 1. has cryptographic hash X + 2. can be located using X as an identifier + 3. has properties Y (_"ecosystem specific_") +* **StatementCHECKSUM**: signed checksum
+* **ClaimantCHECKSUM**: data publisher
+ The data publisher is a party that wants to publish some data to an + end-user. +* **BelieverCHECKSUM**: end-user
+ Belief is based on seeing a valid StatementCHECKSUM. +* **VerifierCHECKSUM**: any interested party
+ These parties try to verify the above claims. For example: + * the data publisher itself (_"has my identity been compromised?"_) + * third-parties that want to look further into the data (_"ecosystem + specific_") +* **ArbiterCHECKSUM**:
+ There's no official body. Invalidated claims would affect reputation. + +**Example.** +The published data could be an executable binary from a reproducible build. The +ecosystem-specific claim would be that the corresponding source code can be +looked-up in a public database using X as an identifier. A rebuilder would +verify this claim by compiling the source, comparing the hashed output to the +claimed value. + +## **SystemCHECKSUM-LOG**: +SystemCHECKSUM-LOG is about the claims made by a _log operator_. +It adds _discoverability_ into SystemCHECKSUM. Discoverability means +that VerifierCHECKSUM can see all StatementCHECKSUM that +BelieverCHECKSUM will accept. + +* **ClaimCHECKSUM-LOG**: + _I, log operator, make available:_ + 1. a globally consistent append-only log of StatementCHECKSUM +* **StatementCHECKSUM-LOG**: signed tree head +* **ClaimantCHECKSUM-LOG**: log operator
+ Possible operators might be: + * a small subset of data publishers + * members of relevant consortia +* **BelieverCHECKSUM-LOG**: + BelieverCHECKSUM and + VerifierCHECKSUM
+ Belief is based on two factors: + 1. seeing a valid StatementCHECKSUM-LOG + 2. seeing a number of valid StatementCHECKSUM-WITNESS from + independent instances on SystemCHECKSUM-WITNESS + + A _policy_ defines the exact conditions that must be met. +* **VerifierCHECKSUM-LOG**: SystemCHECKSUM-WITNESS
+ Witnesses verify the log's append-only property from their own local + vantage point(s). +* **ArbiterCHECKSUM-LOG**:
+ There is no official body. The ecosystem at large should stop using an + instance of SystemCHECKSUM-LOG if cryptographic proofs of log + misbehavior are preseneted by some VerifierCHECKSUM-LOG. + +## **SystemCHECKSUM-WITNESS**: +SystemCHECKSUM-WITNESS is about making the claims of a log operator +_trustworthy_. +* **ClaimCHECKSUM-WITNESS**: + _I, witness, claim that_: + 1. SystemCHECKSUM-LOG provides a locally consistent append-only + log +* **StatementCHECKSUM-WITNESS**: signed tree head +* **ClaimantCHECKSUM-WITNESS**: third party
+ Examples of parties that may take on this role include: + * members of relevant consortia + * non-profits and other reputable organizations + * security enthusiasts and researchers + * log operators (cross-ecosystem) + * monitors (cross-ecosystem) + * a small subset of data publishers (cross-ecosystem) +* **BelieverCHECKSUM-WITNESS**: + BelieverCHECKSUM and + VerifierCHECKSUM
+ Belief is based on seeing a valid StatementCHECKSUM-WITNESS. +* **VerifierCHECKSUM-WITNESS**: n/a
+ Witnesses are trusted parties. Security is based on _strength in numbers_. +* **ArbiterCHECKSUM-WITNESS**:
+ There is no official body. Invalidated claims would affect reputation. -- cgit v1.2.3 From caf91fa52c192c188adb14a81219602628d46d9d Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Wed, 12 May 2021 16:32:18 +0200 Subject: fixed spacing typos --- doc/claimant.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'doc') diff --git a/doc/claimant.md b/doc/claimant.md index 2aeebf0..c10e657 100644 --- a/doc/claimant.md +++ b/doc/claimant.md @@ -27,7 +27,7 @@ looked-up in a public database using X as an identifier. A rebuilder would verify this claim by compiling the source, comparing the hashed output to the claimed value. -## **SystemCHECKSUM-LOG**: +## **SystemCHECKSUM-LOG**: SystemCHECKSUM-LOG is about the claims made by a _log operator_. It adds _discoverability_ into SystemCHECKSUM. Discoverability means that VerifierCHECKSUM can see all StatementCHECKSUM that @@ -47,9 +47,7 @@ BelieverCHECKSUM will accept. Belief is based on two factors: 1. seeing a valid StatementCHECKSUM-LOG 2. seeing a number of valid StatementCHECKSUM-WITNESS from - independent instances on SystemCHECKSUM-WITNESS - - A _policy_ defines the exact conditions that must be met. + independent instances on SystemCHECKSUM-WITNESS. * **VerifierCHECKSUM-LOG**: SystemCHECKSUM-WITNESS
Witnesses verify the log's append-only property from their own local vantage point(s). @@ -58,7 +56,7 @@ BelieverCHECKSUM will accept. instance of SystemCHECKSUM-LOG if cryptographic proofs of log misbehavior are preseneted by some VerifierCHECKSUM-LOG. -## **SystemCHECKSUM-WITNESS**: +## **SystemCHECKSUM-WITNESS**: SystemCHECKSUM-WITNESS is about making the claims of a log operator _trustworthy_. * **ClaimCHECKSUM-WITNESS**: -- cgit v1.2.3 From 540306404d792ed7387ab0d8ca63632e7750aed3 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Thu, 13 May 2021 12:33:09 +0200 Subject: added claimant model, take 2 There might be some inconsistencies and errors. To be discussed! --- doc/claimant.md | 57 ++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 34 insertions(+), 23 deletions(-) (limited to 'doc') diff --git a/doc/claimant.md b/doc/claimant.md index c10e657..b98f2ad 100644 --- a/doc/claimant.md +++ b/doc/claimant.md @@ -1,37 +1,48 @@ # Claimant model -## **SystemCHECKSUM**: -SystemCHECKSUM is about the claims made by a _data publisher_. +## **SystemCHECKSUM** +SystemCHECKSUM is about the claims made by a data publisher. * **ClaimCHECKSUM**: _I, data publisher, claim that the data_: 1. has cryptographic hash X - 2. can be located using X as an identifier - 3. has properties Y (_"ecosystem specific_") + 2. is produced by no-one but myself * **StatementCHECKSUM**: signed checksum
* **ClaimantCHECKSUM**: data publisher
The data publisher is a party that wants to publish some data to an end-user. * **BelieverCHECKSUM**: end-user
Belief is based on seeing a valid StatementCHECKSUM. -* **VerifierCHECKSUM**: any interested party
- These parties try to verify the above claims. For example: - * the data publisher itself (_"has my identity been compromised?"_) - * third-parties that want to look further into the data (_"ecosystem - specific_") +* **VerifierCHECKSUM**: data publisher
+ The data publisher tries to detect unwanted statements. * **ArbiterCHECKSUM**:
There's no official body. Invalidated claims would affect reputation. -**Example.** -The published data could be an executable binary from a reproducible build. The -ecosystem-specific claim would be that the corresponding source code can be -looked-up in a public database using X as an identifier. A rebuilder would -verify this claim by compiling the source, comparing the hashed output to the -claimed value. +SystemCHECKSUM\* can be defined to make more specific claims. Below +is a reproducible builds example. + +### **SystemCHECKSUM-RB**: +SystemCHECKSUM-RB is about the claims made by a _software publisher_ +that makes reproducible builds available. +* **ClaimCHECKSUM-RB**: + _I, software publisher, claim that the data_: + 1. has cryptographic hash X + 2. is the output of a reproducible build for which the source can be located + using X as an identifier +* **StatementCHECKSUM-RB**: StatementCHECKSUM +* **ClaimantCHECKSUM-RB**: software publisher
+* **BelieverCHECKSUM-RB**: end-user
+ Belief is based on seeing a valid StatementCHECKSUM-RB. +* **VerifierCHECKSUM-RB**: any interested party
+ These parties try to verify the above claims. For example: + * the software publisher itself (_"has my identity been compromised?"_) + * rebuilders that check for locatability and reproducibility +* **ArbiterCHECKSUM-RB**:
+ There's no official body. Invalidated claims would affect reputation. ## **SystemCHECKSUM-LOG**: SystemCHECKSUM-LOG is about the claims made by a _log operator_. -It adds _discoverability_ into SystemCHECKSUM. Discoverability means -that VerifierCHECKSUM can see all StatementCHECKSUM that -BelieverCHECKSUM will accept. +It adds _discoverability_ into SystemCHECKSUM\*. Discoverability +means that VerifierCHECKSUM\* can see all +StatementCHECKSUM that BelieverCHECKSUM\* accept. * **ClaimCHECKSUM-LOG**: _I, log operator, make available:_ @@ -42,12 +53,12 @@ BelieverCHECKSUM will accept. * a small subset of data publishers * members of relevant consortia * **BelieverCHECKSUM-LOG**: - BelieverCHECKSUM and - VerifierCHECKSUM
+ BelieverCHECKSUM\* and + VerifierCHECKSUM\*
Belief is based on two factors: 1. seeing a valid StatementCHECKSUM-LOG 2. seeing a number of valid StatementCHECKSUM-WITNESS from - independent instances on SystemCHECKSUM-WITNESS. + independent instances of SystemCHECKSUM-WITNESS. * **VerifierCHECKSUM-LOG**: SystemCHECKSUM-WITNESS
Witnesses verify the log's append-only property from their own local vantage point(s). @@ -73,8 +84,8 @@ _trustworthy_. * monitors (cross-ecosystem) * a small subset of data publishers (cross-ecosystem) * **BelieverCHECKSUM-WITNESS**: - BelieverCHECKSUM and - VerifierCHECKSUM
+ BelieverCHECKSUM\* and + VerifierCHECKSUM\*
Belief is based on seeing a valid StatementCHECKSUM-WITNESS. * **VerifierCHECKSUM-WITNESS**: n/a
Witnesses are trusted parties. Security is based on _strength in numbers_. -- cgit v1.2.3 From 5a780e8cd56509218123671be5826cbd2f0e8d2c Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Thu, 13 May 2021 16:00:37 +0200 Subject: added claimant model, take 3 --- doc/claimant.md | 52 +++++++++++++++------------------------------------- 1 file changed, 15 insertions(+), 37 deletions(-) (limited to 'doc') diff --git a/doc/claimant.md b/doc/claimant.md index b98f2ad..6728fef 100644 --- a/doc/claimant.md +++ b/doc/claimant.md @@ -7,12 +7,11 @@ SystemCHECKSUM is about the claims made by a data publisher. 2. is produced by no-one but myself * **StatementCHECKSUM**: signed checksum
* **ClaimantCHECKSUM**: data publisher
- The data publisher is a party that wants to publish some data to an - end-user. + The data publisher is a party that wants to publish some data. * **BelieverCHECKSUM**: end-user
- Belief is based on seeing a valid StatementCHECKSUM. + The end-user is a party that wants to use some published data. * **VerifierCHECKSUM**: data publisher
- The data publisher tries to detect unwanted statements. + Only the data publisher can verify the above claims. * **ArbiterCHECKSUM**:
There's no official body. Invalidated claims would affect reputation. @@ -29,8 +28,11 @@ that makes reproducible builds available. using X as an identifier * **StatementCHECKSUM-RB**: StatementCHECKSUM * **ClaimantCHECKSUM-RB**: software publisher
+ The software publisher is a party that wants to publish the output of a + reproducible build. * **BelieverCHECKSUM-RB**: end-user
- Belief is based on seeing a valid StatementCHECKSUM-RB. + The end-user is a party that wants to run an executable binary that built + reproducibly. * **VerifierCHECKSUM-RB**: any interested party
These parties try to verify the above claims. For example: * the software publisher itself (_"has my identity been compromised?"_) @@ -53,41 +55,17 @@ StatementCHECKSUM that BelieverCHECKSUM\* accept. * a small subset of data publishers * members of relevant consortia * **BelieverCHECKSUM-LOG**: - BelieverCHECKSUM\* and - VerifierCHECKSUM\*
- Belief is based on two factors: - 1. seeing a valid StatementCHECKSUM-LOG - 2. seeing a number of valid StatementCHECKSUM-WITNESS from - independent instances of SystemCHECKSUM-WITNESS. -* **VerifierCHECKSUM-LOG**: SystemCHECKSUM-WITNESS
- Witnesses verify the log's append-only property from their own local - vantage point(s). -* **ArbiterCHECKSUM-LOG**:
- There is no official body. The ecosystem at large should stop using an - instance of SystemCHECKSUM-LOG if cryptographic proofs of log - misbehavior are preseneted by some VerifierCHECKSUM-LOG. - -## **SystemCHECKSUM-WITNESS**: -SystemCHECKSUM-WITNESS is about making the claims of a log operator -_trustworthy_. -* **ClaimCHECKSUM-WITNESS**: - _I, witness, claim that_: - 1. SystemCHECKSUM-LOG provides a locally consistent append-only - log -* **StatementCHECKSUM-WITNESS**: signed tree head -* **ClaimantCHECKSUM-WITNESS**: third party
- Examples of parties that may take on this role include: + * BelieverCHECKSUM\* + * VerifierCHECKSUM\*
+* **VerifierCHECKSUM-LOG**: third parties
+ These parties verify the above claims. Examples include: * members of relevant consortia * non-profits and other reputable organizations * security enthusiasts and researchers * log operators (cross-ecosystem) * monitors (cross-ecosystem) * a small subset of data publishers (cross-ecosystem) -* **BelieverCHECKSUM-WITNESS**: - BelieverCHECKSUM\* and - VerifierCHECKSUM\*
- Belief is based on seeing a valid StatementCHECKSUM-WITNESS. -* **VerifierCHECKSUM-WITNESS**: n/a
- Witnesses are trusted parties. Security is based on _strength in numbers_. -* **ArbiterCHECKSUM-WITNESS**:
- There is no official body. Invalidated claims would affect reputation. +* **ArbiterCHECKSUM-LOG**:
+ There is no official body. The ecosystem at large should stop using an + instance of SystemCHECKSUM-LOG if cryptographic proofs of log + misbehavior are preseneted by some VerifierCHECKSUM-LOG. -- cgit v1.2.3