Zoom Logo

Secure Data Storage - WG - Shared screen with gallery view
Juan Caballero
07:11
people coming from that call are hopped up on blockchain math
DIF
08:06
Which blockchain math?
Manu Sporny
08:19
Chair-part harmony
tobiaslooker
08:25
Haha
tobiaslooker
08:34
I’ll pass and spare you all :)
Dmitri
10:03
attendance doc: https://hackmd.io/PJRP-Sv1RueC5vGYy_GKuA
Manu Sporny
10:20
woo, congrats Kaliya! :)
Orie Steele (Transmute)
13:00
Please let me use my SSN to identify my documents
Orie Steele (Transmute)
13:10
I really want to be able to use it!
Dave Longley
13:53
what a coincidence, i also want to use your SSN!
John Walker
14:29
Unique!
DIF
16:17
Replicating it to other instances
Michael Shea
18:15
Tobias, could you go to full screen with the presentation?
DIF
19:37
wouldn't need a sequence # if you had ancestral pointers
Andreas Freund
19:50
q+
Dave Longley
20:15
q+ to mention the need for a stable ID for authorizations
DIF
20:53
I can take that
Orie Steele (Transmute)
21:09
“What is time"
Manu Sporny
21:14
I love how quickly we get to "Can you define the notion of time?" :P
Dave Longley
21:19
:)
Manu Sporny
21:22
(and Andreas is right)
Dave Longley
21:32
here come the vector clocks!
Orie Steele (Transmute)
21:36
lol
Orie Steele (Transmute)
21:54
This answer is making 0 sense to me
Juan Caballero
21:59
zero to heidegger in <60seconds
Orie Steele (Transmute)
22:01
And I know that a vector clock is
Orie Steele (Transmute)
22:13
what*
Manu Sporny
22:15
We're 17 minutes in... I had bet we'd be 9 minutes in before we started talking about vector clocks.
Dmitri
22:27
bwahahaha
Juan Caballero
22:29
lol
Orie Steele (Transmute)
22:52
Time is relative man, I get to decide when stuff happened
Andreas Freund
22:58
https://gsd.di.uminho.pt/members/cbm/ps/itc2008.pdf
Andreas Freund
23:08
this explains the problem really well
Orie Steele (Transmute)
23:11
Back off with your facist objective views of chronological order
Andreas Freund
23:17
and gives a possible solution
Orie Steele (Transmute)
23:34
K)
Adrian Gropper
23:36
q+
Andreas Freund
23:38
without having resort to time
DIF
23:47
You get stable IDs
Manu Sporny
25:05
q+ to ask about canonicalization?
Orie Steele (Transmute)
25:18
Just assume JCS
Dmitri
25:18
^ hehe was gonna ask the same
Orie Steele (Transmute)
25:22
I think we won this fight
Orie Steele (Transmute)
25:24
:)
Manu Sporny
25:56
who's winning, now? :P
Orie Steele (Transmute)
26:05
JCS is winning
Manu Sporny
26:11
I don't even know where I am right now.
Manu Sporny
26:42
So, the assumption here is we JCS the encrypted object?
tobiaslooker
26:51
Yes Manu
Orie Steele (Transmute)
26:53
To get a stable id for json
Orie Steele (Transmute)
26:56
We use JCS
Manu Sporny
26:57
ok
Dave Longley
26:57
i have so many questions ... :)
Orie Steele (Transmute)
27:12
If we don’t care about JSON, all bets are off
Dmitri
27:16
q+ to ask - so how do URLs look?
Dave Longley
27:22
what if you want to sync without copying the entire history -- no longer possible? why change the ID and not just keep a hash along with the update?
Orie Steele (Transmute)
27:32
Ipld:base32-cid ?
Orie Steele (Transmute)
27:34
lol
Orie Steele (Transmute)
27:40
Full circle
Adrian Gropper
27:52
q+
Orie Steele (Transmute)
28:34
q+ to go back to “what is time man..."
Dave Longley
28:42
Does this bind us to JSON vs. enabling CBOR representations in the future?
Manu Sporny
29:01
yes, it does :(
Orie Steele (Transmute)
29:05
Sure does but we already crossed that bridge
Manu Sporny
29:11
not everyone :)
Orie Steele (Transmute)
29:12
When we banned CBOR form the WG :)
Manu Sporny
29:20
when did that happen!?
Dave Longley
29:21
why bind this to the ID instead of just using a hash as another property that could be used to potentially avoid these issues?
Orie Steele (Transmute)
29:30
When we said we didn’t care about CWE
Manu Sporny
29:45
saying no to CWE doesn't mean we don't want CBOR
Orie Steele (Transmute)
29:55
It does for “JWE"
Orie Steele (Transmute)
30:00
We chose JWE
Orie Steele (Transmute)
30:10
You can still do whatever you want in the stream
Manu Sporny
30:10
I guess you could transcode every object
Manu Sporny
30:28
you can still store JWEs as CBOR...
Orie Steele (Transmute)
30:40
Sure, but I would’t want to bring back the JWE or no JWE debate
Manu Sporny
30:45
this would cut that option off... don't know what I think about that.
Orie Steele (Transmute)
30:46
We picked JWE
Manu Sporny
31:02
you can pick JWE and use CBOR to encode the JWE and get 33% reduction in storage...
Orie Steele (Transmute)
31:18
I few define a custom canonicalization alg
Orie Steele (Transmute)
31:21
We can do that :)
Orie Steele (Transmute)
31:30
But we will need a single description of how to compute the id
Orie Steele (Transmute)
31:32
In the spec
Dave Longley
31:32
q+ to ask what benefit do we get with binding this to the ID instead of just adding a hash as another property of the document?
Manu Sporny
31:33
well, doing JCS makes it harder, maybe...
Manu Sporny
31:49
yeah, wondering same thing as dlongley
Manu Sporny
31:54
can't we just track this information elsewhere?
Manu Sporny
32:43
replicationId, replicationAncestorId, replicationHash?
Dave Longley
33:39
so let's call out the threat here -- and make sure we're protecting against it
Dave Longley
33:49
the concern is that the EDV will change the data?
Manu Sporny
33:51
threat model?
Dave Longley
33:59
we need a threat model here so we can analyze this
Orie Steele (Transmute)
34:09
Generally the EDV is considered to not be trusted
Orie Steele (Transmute)
34:17
So strengthening that makes snese
DIF
34:26
Threat model: I can, subjectively, modify enough data in this current structure to screw with your outputs
Orie Steele (Transmute)
34:49
“Why not have multiple ids"
Dave Longley
34:51
q+ to say the EDV can rewrite history
Orie Steele (Transmute)
34:57
“Because that would suck for developers"
Orie Steele (Transmute)
35:48
I think I may have been skipped
Orie Steele (Transmute)
36:04
I want to go back to “time” and what it is
DIF
37:36
As close to 0 as humanly possible
DIF
37:38
0 trust
DIF
37:44
only that they can delete your data
Dmitri
38:15
q+
Orie Steele (Transmute)
38:20
Need be a bit clearer on what kind of integrity protection you are getting
Orie Steele (Transmute)
38:31
Its for the entire create payload
Dave Longley
38:34
we're just getting protection with the initial state ... that's it.
Dave Longley
38:48
q+ to say i agree with tobias ... but that's the only protection here
Orie Steele (Transmute)
38:50
Well, I am trying to figure out what they meant with time
Orie Steele (Transmute)
38:57
We need to answer it
Orie Steele (Transmute)
39:25
Q?
Orie Steele (Transmute)
39:34
q+ to ask about updates and time
Andreas Freund
39:41
we need the notion of a "time stamp" … generalized time stamp to be precise without a global clock for reference
Manu Sporny
40:33
q+ to note -- we started w/ replication and we're talking about integrity protection, which is important, but perhaps beside the point -- what do we want to focus on discussing?
Orie Steele (Transmute)
40:48
Please manage the que?
Manu Sporny
41:12
queue: Longley, Orie, Manu
DIF
42:37
id: 123, payload: 1id: 123, payload: 2^ which is document 123?
Orie Steele (Transmute)
42:49
What is time?
DIF
43:01
Why do you keep asking that?
Orie Steele (Transmute)
43:12
Because its an underspecified assumption
DIF
43:15
If you want to get into how data is allowed vs when permissions are active, sure
DIF
43:16
we can
DIF
43:23
but people said they didn't want to get into it
Orie Steele (Transmute)
43:50
Your question regarding updates and order in a distributed eventually consistent system is related to the quest about time
Andreas Freund
43:55
there is an implicit assumption there are clocks which are being referred to and that those clocks are trusted
Dave Longley
44:01
how hostile are we assuming the EDV server is? what are the assumptions around what it will do/not do? that informs this entire design discussion
DIF
44:40
I can answer this, if you want to go into it
Dave Longley
44:44
if the number of updaters in a vector clock system is unbounded ... that can be very troublesome.
DIF
44:55
has nothing to do with vector clocks
Orie Steele (Transmute)
46:21
This is not the answer to my question
Orie Steele (Transmute)
46:24
I will reque
Dmitri
46:38
acknowledge
Orie Steele (Transmute)
46:41
q+ to ask 2 replicas order the updates
Dave Longley
47:04
we need to decide what we trust the EDV server to do/not do.
Orie Steele (Transmute)
47:13
^yep
DIF
47:24
The EDV server is a dumb box that has no authority whatsoever
tobiaslooker
47:30
+1 I think the trust model is perhaps the best place to start?
DIF
47:43
the worst it can do is stop storing your stuff or not replicating it around when you want it to
Dave Longley
47:46
we've dramatically simplified things so far by assuming the EDV server will not change your data or try to decrypt it.
DIF
48:01
correct
Dave Longley
48:02
we've changed those assumptions here -- (i believe) -- with the solutions being presented
Dmitri
48:03
+1 to what manu says. we have 3 different conversations: 1) What do document identifiers (and URLs look like), 2) what sort of content integrity protection can be provided (over the whole document, not just the jwe). and 3) How will replication work
DIF
48:21
q+
Dmitri
49:31
we also have conflicting trust requirements. it's /either/ zero trust in the storage server (in which case, you can't trust it to enforce authorizations). OR we can trust the server to enforce authorizations
tobiaslooker
50:00
q+
DIF
50:02
Authorization is against the logical whole of your Hubs
Dave Longley
50:32
remember we're talking about EDVs at this point, not Hubs... which may be a very important difference.
Orie Steele (Transmute)
50:39
Please don’t bring in authorization
Dmitri
50:40
+1
Adrian Gropper
50:48
q+
Manu Sporny
50:57
ah, that's the disconnect!
Manu Sporny
51:07
"I don't want to trust the EDV with anything" <-- disconnect.
Dave Longley
51:08
this is the disconnect :) ... we need to say what the trust model is.
Orie Steele (Transmute)
51:10
This is a proposal to change EDVs
Manu Sporny
51:12
There are things we need to trust it to do.
Dmitri
51:20
q: tobias, adrian
Manu Sporny
51:22
(like enforce authorizations, as Dmitri said)
tobiaslooker
51:25
Q-
Dave Longley
51:37
q+
DIF
51:53
Why trust these EDVs when we don't have to?
Dave Longley
51:56
you MUST trust the EDV storage server not to share your data.
DIF
51:56
basically that
DIF
52:03
yes
Dave Longley
52:03
encryption has a shelf life -- this is one of the core assumptions.
DIF
52:04
true
DIF
52:12
your encrypted data it doesn't have access to
Manu Sporny
52:23
until a certain date in the future
DIF
52:27
so yes, it can hand out encrypted objects to people who can't decrypt them
Manu Sporny
52:28
and then everyone has access to it.
DIF
52:33
what?
Manu Sporny
52:41
no, encryption will be broken in time.
Dave Longley
52:47
PROPOSAL: Accept that one of the core assumptions is that an EDV storage server is trusted not to share your encrypted data (apply authorizations as you want it to).
DIF
52:51
ok, well that's not a serious reply imo
Manu Sporny
52:54
Things encrypted in 1980s can be brute force decrypted now.
DIF
53:10
sure, I grant that that issue is within the allowed trust model
DIF
53:46
Things I trust the server to do:- Store things- Replicate things- Not share your data
DIF
53:57
Yes, agree with this point Dave is making
Dmitri
54:09
+1
DIF
54:16
But those three things are basically impossible to trust, because you can't make them
Manu Sporny
54:17
ACTION: EDV spec needs a trust model section
Adrian Gropper
54:26
q+
Dmitri
55:08
+1 manu (to adding a trust model section)
Manu Sporny
55:12
hmm, another disconnect -- push vs. pull sync/replication.
Dmitri
55:44
q+
DIF
55:55
Manu: replication should be push
DIF
56:10
because a server can always deny accepting it
Manu Sporny
56:15
problems w/ ZCAPs maybe if we do that... not huge, but need to discuss
Dave Longley
56:24
the EDV storage server must be trusted to apply your authorizations
DIF
56:36
Sure, but not really
Dave Longley
56:47
heh ... what does that mean? :)
DIF
56:49
because you should be able to deterministically validate that it did
Andreas Freund
56:51
question 1: can I trust the data that I synch with? (same question for permissionless blockchains)
Manu Sporny
56:51
33% encryption, 33% authorization, 33% magic.
DIF
56:57
q+
Manu Sporny
57:10
1% Orie's tears.
Dave Longley
57:14
q+ to say you can't validate that it didn't share with someone you don't ever talk to.
Dmitri
57:40
@manu - that's quite a cake recipe!
Kaliya Identity Woman
57:44
I <3 Magic - and was going to ask what the last 1 % was
Andreas Freund
57:46
question 2: is my replication eventually consistent? or strongly consistent? or not consistent?
Manu Sporny
57:47
EDV Cake.
Manu Sporny
58:10
Orie's tears are what make the EDV cake moist.
Dmitri
58:18
+1
Michael Shea
58:30
and a slight touch of salt…
Manu Sporny
58:36
magnifico
DIF
58:40
Agree
Nader Helmy
58:58
For clarity’s sake, when we say we “trust” the EDV to do something, does that mean no recourse for the user?
DIF
59:03
Don't want to trust that
DIF
59:18
I don't think it's too complex to address
Juan Caballero
59:23
for now
Manu Sporny
59:29
@Nader, not necessarily
Manu Sporny
59:35
some of these attacks can be detected.
Manu Sporny
59:45
(but we'd need to speak in detail about the attacks)
Nader Helmy
59:47
Hm that feels important
Manu Sporny
59:53
it is :)
Juan Caballero
59:55
assumptions could get weaker in a future version
Dave Longley
01:00:08
yes, that's also an approach that could be taken, Juan
DIF
01:00:09
Basically, when you grant Bob access to add objects/updates, you capture the terse state when it was granted, then, when you remove his access, you capture the terse state
DIF
01:00:46
then when Bob tries to write a new change after, it clearly does not match the state of his active permission window
Dave Longley
01:00:47
another way to think about this is that -- the stronger the assumptions, the more there is to compete on as an EDV storage provider ... which is a double-edged sword.
John Walker
01:01:28
+1 @Kaliya
Dmitri
01:01:40
+1 to gnap terms, EXCEPT 'resource owner'
Orie Steele (Transmute)
01:01:47
yikes
Dmitri
01:01:48
this community's consensus is 'resource controller'
Dave Longley
01:01:52
we want there to be incentives to run EDV storage servers... and if the assumptions are too weak, the economics may get harder
Orie Steele (Transmute)
01:02:02
PRs / issues welcome
Orie Steele (Transmute)
01:02:23
Owner imples slavery / economic inequality
Nader Helmy
01:02:39
Can we stop using the terminology of “we trust the EDV to do x” and instead talk about to what extent we trust it?
Orie Steele (Transmute)
01:02:46
Ps we are still on the “master” branch
Nader Helmy
01:02:50
And what mitigants are available to the user
Juan Caballero
01:03:18
+1 to naders question going on the topics list for future discussion
Dave Longley
01:03:34
i'm happy to change the terminology we use to talk about trust, just need to understand the boundaries
Nader Helmy
01:04:04
agreed
Juan Caballero
01:04:19
happy vacation everyone