blob: b98f2ad704d4f82950b4c503da5e5f9f4224f1cf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
# Claimant model
## **System<sup>CHECKSUM</sup>**
System<sup>CHECKSUM</sup> is about the claims made by a data publisher.
* **Claim<sup>CHECKSUM</sup>**:
_I, data publisher, claim that the data_:
1. has cryptographic hash X
2. is produced by no-one but myself
* **Statement<sup>CHECKSUM</sup>**: signed checksum<br>
* **Claimant<sup>CHECKSUM</sup>**: data publisher<br>
The data publisher is a party that wants to publish some data to an
end-user.
* **Believer<sup>CHECKSUM</sup>**: end-user<br>
Belief is based on seeing a valid Statement<sup>CHECKSUM</sup>.
* **Verifier<sup>CHECKSUM</sup>**: data publisher<br>
The data publisher tries to detect unwanted statements.
* **Arbiter<sup>CHECKSUM</sup>**:<br>
There's no official body. Invalidated claims would affect reputation.
System<sup>CHECKSUM\*</sup> can be defined to make more specific claims. Below
is a reproducible builds example.
### **System<sup>CHECKSUM-RB</sup>**:
System<sup>CHECKSUM-RB</sup> is about the claims made by a _software publisher_
that makes reproducible builds available.
* **Claim<sup>CHECKSUM-RB</sup>**:
_I, software publisher, claim that the data_:
1. has cryptographic hash X
2. is the output of a reproducible build for which the source can be located
using X as an identifier
* **Statement<sup>CHECKSUM-RB</sup>**: Statement<sup>CHECKSUM</sup>
* **Claimant<sup>CHECKSUM-RB</sup>**: software publisher<br>
* **Believer<sup>CHECKSUM-RB</sup>**: end-user<br>
Belief is based on seeing a valid Statement<sup>CHECKSUM-RB</sup>.
* **Verifier<sup>CHECKSUM-RB</sup>**: any interested party<br>
These parties try to verify the above claims. For example:
* the software publisher itself (_"has my identity been compromised?"_)
* rebuilders that check for locatability and reproducibility
* **Arbiter<sup>CHECKSUM-RB</sup>**:<br>
There's no official body. Invalidated claims would affect reputation.
## **System<sup>CHECKSUM-LOG</sup>**:
System<sup>CHECKSUM-LOG</sup> is about the claims made by a _log operator_.
It adds _discoverability_ into System<sup>CHECKSUM\*</sup>. Discoverability
means that Verifier<sup>CHECKSUM\*</sup> can see all
Statement<sup>CHECKSUM</sup> that Believer<sup>CHECKSUM\*</sup> accept.
* **Claim<sup>CHECKSUM-LOG</sup>**:
_I, log operator, make available:_
1. a globally consistent append-only log of Statement<sup>CHECKSUM</sup>
* **Statement<sup>CHECKSUM-LOG</sup>**: signed tree head
* **Claimant<sup>CHECKSUM-LOG</sup>**: log operator<br>
Possible operators might be:
* a small subset of data publishers
* members of relevant consortia
* **Believer<sup>CHECKSUM-LOG</sup>**:
Believer<sup>CHECKSUM\*</sup> and
Verifier<sup>CHECKSUM\*</sup><br>
Belief is based on two factors:
1. seeing a valid Statement<sup>CHECKSUM-LOG</sup>
2. seeing a number of valid Statement<sup>CHECKSUM-WITNESS</sup> from
independent instances of System<sup>CHECKSUM-WITNESS</sup>.
* **Verifier<sup>CHECKSUM-LOG</sup>**: System<sup>CHECKSUM-WITNESS</sup><br>
Witnesses verify the log's append-only property from their own local
vantage point(s).
* **Arbiter<sup>CHECKSUM-LOG</sup>**:<br>
There is no official body. The ecosystem at large should stop using an
instance of System<sup>CHECKSUM-LOG</sup> if cryptographic proofs of log
misbehavior are preseneted by some Verifier<sup>CHECKSUM-LOG</sup>.
## **System<sup>CHECKSUM-WITNESS</sup>**:
System<sup>CHECKSUM-WITNESS</sup> is about making the claims of a log operator
_trustworthy_.
* **Claim<sup>CHECKSUM-WITNESS</sup>**:
_I, witness, claim that_:
1. System<sup>CHECKSUM-LOG</sup> provides a locally consistent append-only
log
* **Statement<sup>CHECKSUM-WITNESS</sup>**: signed tree head
* **Claimant<sup>CHECKSUM-WITNESS</sup>**: third party<br>
Examples of parties that may take on this role include:
* members of relevant consortia
* non-profits and other reputable organizations
* security enthusiasts and researchers
* log operators (cross-ecosystem)
* monitors (cross-ecosystem)
* a small subset of data publishers (cross-ecosystem)
* **Believer<sup>CHECKSUM-WITNESS</sup>**:
Believer<sup>CHECKSUM\*</sup> and
Verifier<sup>CHECKSUM\*</sup><br>
Belief is based on seeing a valid Statement<sup>CHECKSUM-WITNESS</sup>.
* **Verifier<sup>CHECKSUM-WITNESS</sup>**: n/a <br>
Witnesses are trusted parties. Security is based on _strength in numbers_.
* **Arbiter<sup>CHECKSUM-WITNESS</sup>**:<br>
There is no official body. Invalidated claims would affect reputation.
|
