adding provenance log proposal #8
Conversation
Signed-off-by: Dave Huseby <dave@cryptid.tech>
Signed-off-by: Dave Huseby <dave@cryptid.tech>
Signed-off-by: Dave Huseby <dave@cryptid.tech>
Signed-off-by: Dave Huseby <dave@cryptid.tech>
Signed-off-by: Dave Huseby <dave@cryptid.tech>
Signed-off-by: Dave Huseby <dave@cryptid.tech>
Signed-off-by: Dave Huseby <dave@cryptid.tech>
dhuseby
force-pushed
the
cbb_provenance_log
branch
from
925b0a1
to
6002b70
Compare
| any data may be tracked. To create a cryptographically secure system for | ||
| trusting the contents, history, identity and location of provenance logs we | ||
| first need a way to calculate a self-certifying identifier from a provenance | ||
| log. The identifiers must meet the criteria for being a URN. Then from the |
There was a problem hiding this comment.
Why it needs to be URN?
URN namespaces, their identifiers (NIDs) are required to be registered with the IANA.
| first need a way to calculate a self-certifying identifier from a provenance | ||
| log. The identifiers must meet the criteria for being a URN. Then from the | ||
| identifier, we need a way to add a protocol scheme and domain information (e.g. | ||
| https://example.com/) so that the when combined with the identifier the |
There was a problem hiding this comment.
The whole point of Dynamic Data Economy where provenance log is big part of it is to decouple content from location. Each time when someone is trying to mix both it ends in disaster. The discoverability mechanism can be easily added later on any time if we have proper security in place.
The idea is that any content cryptographically verifiable can be delivered from any location/source and you can verify it's integrity and origin. Content-centric networks should play important role in the way how we design those components.
| https://example.com/) so that the when combined with the identifier the | ||
| provenance log file can be retrieved. However, the URL must also contain a | ||
| compact BLS digital signature over the URL so that resolvers are able to verify | ||
| that the controller of the provenance log created the URL as well. The last |
There was a problem hiding this comment.
Creating URL is one thing but you cannot assure about the ownership over that domain over time. How do you imagine to protect against DNS injection or domain transfer?
Leaving out the location out of the equation would provide better security and avoid mixing up namespaces all over the places. The provenance log should not be dependent on any of it.
|
As discussed in 26 May meeting, we are closing this work item proposal as stale. |
Signed-off-by: Dave Huseby dave@cryptid.tech