Convener: Markus Sabadello
Abstract: We discussed a recent event called "Rebooting the Web of Trust", which explored modern technologies (crypto, blockchain, self-sovereign identity). The ambitious goal of the event was to come up with better alternatives to traditional PGP, TLS, name registration, and other Internet services. One of the key projects is to create a blockchain-based registry for permanent identifiers that anyone can use without intermediaries. The community will publish a set of white papers and hold additional events in 2016.
Tags: Trust, Crypto, Archtecture
Black chain-based registry for identifiers à public keys DPKI
Instead of rent + buy a domain name: new model of handling identifiers
Talk about an event in San Francisco, couple of weeks ago
New layer, new architecture that can fix these problems
Some of the people who attended the event in SF: Christopher Allan, Jon Callas (one of the creators of PGP), Bit coin-involved people, Juan Benet. Working on advanced, cutting-edge crypto-protocols.
Idea: come up with ideas as individuals. Own our own identity.
Technologies that are being discussed (SAML, trust frameworks + federations) - you never own something, you're only ever part of a federation (there's authorisation manager, etc.)
In PGP: you create your own private key without a SP
You get started by yourself. Don’t have to pay an account. PGP, SSL etc. try to do it better
Event: all participants submitted papers about what they're interested in: folder of these papers.
Some are pretty advanced: signatures, mark signatures, distributed file systems, semantic web technologies, trust models etc.
Might be interesting to create a new kind of way to do what we currently do with PGP
Security can be combined
User-centric identity is quite common but: self-sovereign identity - new expression people come up with. You don't need anyone else to get started. You can participate in a system without signing up.
Ongoing process. There’ll be an outcome. One of the documents (DPKI - decentralised public key infrastructure): method for registering your key with an identifier in a block-chain
What exactly is it that you put into a block-chain?
One approach: first come, first surf. Public key à then it's your identifier. Someone else can't come after you. You can always write it into a block-chain even though another one already has done it.
You got identifier, you don’t have to manually change
I can tell you my identifier is 'Markus', or a Twitter user name.
Is anyone familiar with the SUCCOS? Triangle?
Having names like twitter user names in a way that is not controlled by a single authority. Doesn’t enable block-chains.
Not saying that you can’t have all of these properties, it’s just not very likely:
Desirable attributes for identifiers (usernames, domain names, IP,)
Pseudonyms are just local.
Maybe we don't want global identifiers. Maybe I just need local identifiers for my friends. You got a name, so I know it’s you. You can link them.
(Addresses the audience) you're Johan and you're Rik.
Human readable name: Rik who is known by Johan. Mechanism.
There’s articles on that. e.g., how secure are block chains?
Extract from paper: "can be vulnerable if you look at the number of nodes that are mining. Whatever is the smallest number, is the vulnerability of the block chain" if you can compromise any of these, you can compromise the block chain. Recommendation in the paper: use multiple block chains. Supposedly decentralised - you register your identifier etc.
But err...what was the question?
Objective of the event in San Francisco: do create permanent identities? How to eliminate identities? How do you take yourself out of the circulation if you're dead?
Registration doesn’t expire. What happens when you die? You can encode these rules in the block chain thing. When you create such a registry, then you can just agree on these rules and say that it's in the consensus.
There’s a project that experiments with that, it's called 'blockstore', created by a company that is called “onename” on the Bitcoin block chain. Putting things on the block chain: approach that you store most of your data outside the block chain. This project is trying to create the higher level component (higher semantics etc.) via Bitcoin. You can register a name but you have to renew it every couple of years.
You have to pay your bit coin payment, other than that no fee.
'Registration is always done directly by the principle'. Registration services that work on behalf of services is prohibited -> you use your own server/machine, like with java script. Use Bitcoin in your browser and then put it into the blockchain. Cannot technically be prevented.
Testing tool for trying repairing your keys. (Registry playground for BIP32, BIP39,...)
Idea: creating some kind of object that you put on the block chain. That’s where you have your public key. You can generate it yourself, then register it.
Demo BIP32: interesting ideas from the Bitcoin community. Bitcoin improvement proposal.
39: creating a key pair from a phrase (number of words), not a new idea but you can create a random sequence of words and then create your key pair. Either you download your private key or you remind your key or print your QR code. To make it easier not lose your private key.
32: about hierarchical deterministic keys. Start with a master key pair, derive at another key (grandchildren keys). You can start generating new key pairs without registering new stuff on the block chain.
You also say what data can be used.
Example: I send you 0.5 Bitcoins, in my wallet: not a lot of keys. You just have to create one key, can create child key pairs too. From this perspective, it's a different key that is used.
Every friend I have: I can just use a derived child key.
HD key - but a bit off-topic.
Concept of think lions:
Full node: in a block chain means you run a full server, you're invalidating all the transactions, you need to be online, you need to have storage etc. not easy on a smartphone.
If you want to register to a block chain on a smartphone, you can't run a full stack of the block chain. You need a think lion (so you can register things and your reg. is valid).
Same challenge like a Bitcoin wallet. You’re not running a full node, not running a full protocol.
It’s similar but it’s not about Bitcoin but registering and identifying with a public key.
In the article: what if they lose their phone, backups etc.
Shamir secret sharing: sharing it with people you trust (3 best friends are given parts of my private key). They will have to return it to me if I lose mine.
Instead of splitting up my key and distribute them, I can make my friends create a new one for me (instead of getting back my old one).
There doesn't have to be friends but a more official thing.
White papers are going to be published in December.
Something about the articles:
Next year: follow-up event.
June/July 2016: demo
25th birthday of PGP