phryk-evil-mad-sciences-llc/xmpp-service
1
0
Fork 0
Code Issues 13 Pull Requests Projects Releases Wiki Activity

Extended Cryptographic Canaries #10

New Issue
Open
opened 2022-05-04 00:11:51 +00:00 by phryk · 0 comments
phryk commented 2022-05-04 00:11:51 +00:00
Owner
Copy Link

We want granular cryptographic assurances, with layered signatures
so one person can issue an assurance and others can publicly verify
its veracity.

A good bit of time was already wasted on this in deadhand as GnuPG is awful.
Wait for sequoia-sop python bindings to be completed, fix up deadhand and
implement a script for sending assurances and their verifications as well as
integrating display of those into xmpp-site.

We will want separate canaries to assure:

  • System not being compromised
  • Not having received a warrant/request for info by $state_agency
    • possibly with one canary per major agency
    • possibly by timeframe (i.e. not received a warrant from 2023-05-05 - 2032-13-12)
  • Not having complied with a warrant/request for info
    • 1:1 mapping for receival concerning agencies and timeframes.
  • Not being under pressure/duress/targetted surveillance

We will also need (internal?) policies or guidelines on what to do
when an expected assurance or verification isn't coming in.

We want granular cryptographic assurances, with layered signatures so one person can issue an assurance and others can publicly verify its veracity. A good bit of time was already wasted on this in [deadhand] as GnuPG is awful. Wait for [sequoia-sop] python bindings to be completed, fix up [deadhand] and implement a script for sending assurances and their verifications as well as integrating display of those into [xmpp-site]. [deadhand]: https://rnd.phryk.net/phryk-evil-mad-sciences-llc/deadhand [sequoia-sop]: https://gitlab.com/sequoia-pgp/sequoia-sop [xmpp-site]: https://rnd.phryk.net/phryk-evil-mad-sciences-llc/xmpp-site We will want separate canaries to assure: * System not being compromised * Not having received a warrant/request for info by $state_agency * possibly with one canary per major agency * possibly by timeframe (i.e. not received a warrant from 2023-05-05 - 2032-13-12) * Not having *complied* with a warrant/request for info * 1:1 mapping for *receival* concerning agencies and timeframes. * Not being under pressure/duress/targetted surveillance We will also need (internal?) policies or guidelines on what to do when an expected assurance or verification isn't coming in.
phryk added the
enhancement
security
 labels 2022-05-04 00:11:52 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
moderation

Moderation features are broken or missing

  
question

More information is needed

  
security

If you found a possible vulnerability, please contact security@phryk.net before posting

  
wontfix

This won't be fixed

No Label
bug
duplicate
enhancement
help wanted
invalid
moderation
question
security
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: phryk-evil-mad-sciences-llc/xmpp-service#10
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?