Skip to content

secure-systems-lab/dsse

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 2 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
implementation
 
 
LICENSE
 
 
README.md
 
 
background.md
 
 
envelope.md
 
 
envelope.proto
 
 
hypothetical_signature_attack.ipynb
 
 
protocol.md
 
 
DSSE: Dead Simple Signing Envelope Features What is it? Why not...? Who uses it? How can we use it?

README.md

DSSE: Dead Simple Signing Envelope

Simple, foolproof standard for signing arbitrary data.

Features

  • Supports arbitrary message encodings, not just JSON.
  • Authenticates the message and the type to avoid confusion attacks.
  • Avoids canonicalization to reduce attack surface.
  • Allows any desired crypto primitives or libraries.

See Background for more information, including design considerations and rationale.

What is it?

Specifications for:

  • Protocol (required)
  • Data structure, a.k.a. "Envelope" (recommended)
  • (pending #9) Suggested crypto primitives

Out of scope (for now at least):

Why not...?

  • Why not raw signatures? Too fragile.
  • Why not JWS? Too many insecure implementations and features.
  • Why not PASETO? JSON-specific, too opinionated.
  • Why not the legacy TUF/in-toto signature scheme? JSON-specific, relies on canonicalization.

See Background for further motivation.

Who uses it?

How can we use it?

About

A specification for signing methods and formats used by Secure Systems Lab projects.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

47 stars

Watchers

18 watching

Forks

15 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 10

Languages