From 76bae02bcd7d6b3ec9eea428e5e95da184a8dbfb Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Tue, 15 Oct 2024 15:35:20 +0200 Subject: Rescue some slides from old private mono repos --- slides/2022-ct-days/src/sigsum.tex | 675 +++++++++++++++++++++++++++++++++++++ 1 file changed, 675 insertions(+) create mode 100644 slides/2022-ct-days/src/sigsum.tex (limited to 'slides/2022-ct-days/src/sigsum.tex') diff --git a/slides/2022-ct-days/src/sigsum.tex b/slides/2022-ct-days/src/sigsum.tex new file mode 100644 index 0000000..02b5bd2 --- /dev/null +++ b/slides/2022-ct-days/src/sigsum.tex @@ -0,0 +1,675 @@ +\begin{frame} + \mktitle{Tweets you can probably relate to} + \pause + \begin{columns} + \begin{column}{0.5\textwidth} + \includegraphics[width=\columnwidth]{img/benlaurie/2017}\\\pause + \includegraphics[width=\columnwidth]{img/benlaurie/2018}\\\pause + \includegraphics[width=\columnwidth]{img/benlaurie/2019}\\\pause + \includegraphics[width=\columnwidth]{img/benlaurie/2020}\\\pause + \end{column} + \begin{column}{0.5\textwidth} + \centering + \alert{2022?}\\ + More initatives than can\\ + be counted on two hands\\ + \pause + + \vspace{.25cm} + \burl{https://binary.transparency.dev}\\ + ... + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \vfill + \mktitle{Common denominator?} + Certificates\\ + Executable binaries\\ + Source code\\ + TPM quotes\\ + Onion address rulesets\\ + Official documents\\ + ...\\ +\end{frame} + +\begin{frame} + \vfill + \mktitle{Where is the low-hanging fruit?} +\end{frame} + +\begin{frame} + \begin{columns} + \begin{column}{.4\textwidth} + \mktitle{Meet the Sigsum project} + \begin{itemize} + \item FOSS + \item Signed checksums + \item Enforcement of logging + \item Minimal building block + \item ``Transparent key-usage'' + \end{itemize} + \end{column} + \begin{column}{.5\textwidth} + \centering + \includegraphics[width=\columnwidth]{img/sigsum/history} + \burl{https://git.sigsum.org/sigsum/tree/doc/history.md} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \mktitle{Use-case - Signature Transparency} + ``Oh, a new signature was created. That's weird. I'm at the gym.'' +\end{frame} + +\begin{frame} + \mktitle{Use-case - Binary Transparency} + + ``Oh, that's the key binaries are signed with''\\ + ``By policy binaries are located at releases.example.com/\$CHECKSUM'' + +\end{frame} + +\begin{frame} + \vfill + \mktitle{s/binary/something else/} +\end{frame} + +\begin{frame} + \mktitle{Many answers and trade-offs} + \vfill + \begin{columns} + \begin{column}{.3\textwidth} + \begin{itemize} + \item Purpose of logging + \item What is (not) logged + \item Auditing, SCTs + \end{itemize} + \end{column} + \begin{column}{.25\textwidth} + \begin{itemize} + \item Gossip + \item Anti-poison + \item Anti-spam + \end{itemize} + \end{column} + \begin{column}{.25\textwidth} + \begin{itemize} + \item Sharding + \item Privacy + \item Simple API + \end{itemize} + \end{column} + \end{columns} + \vfill + \alert{Accept latency, no rich metadata, no complicated protocols and parsers} +\end{frame} + +\begin{frame} + \mktitle{System overview} + \begin{tikzpicture}[ + -latex, + entity/.style = { + draw = gray!30, + thick, + rounded rectangle, + fill = white, + minimum width = 2cm, + font = \fontsize{8}{8}\selectfont, + text = white, + }, + system/.style = { + draw = gray, + thick, + rectangle, + fill = white, + minimum width = 1cm, + font = \fontsize{8}{8}\selectfont, + text = black, + }, + relation/.style = { + draw = none, + font = \fontsize{6}{6}\selectfont, + }, + path/.style = { + draw, + thick, + -latex, + rounded corners, + }, + ] + %%% + % Signing + %%% + \node[entity, fill=darkBlue] (Signer) at (0,0) { Signer }; + \path[path, dashed] ($ (Signer) + (0,1) $) -- + node[relation, right] { + \begin{tabular}{c} + priv\\ + data\\ + \end{tabular} + } + (Signer); + \pause + + %%% + % Distribution + %%% + \node[entity, fill=darkPurple] (End-user) at (2.5,-3) {End-user}; + \path[path, dashed] ($ (End-user) + (0,-1) $) -- + node[relation, right] { + \begin{tabular}{c} + policy\\ + pub + \end{tabular} + } + (End-user); + \path[path] (Signer) -| node[relation,above]{data, signature} (End-user); + \node[system, above=1cm of End-user] (Distribution) {Distribution}; + \pause + + %%% + % Introduce the log + %%% + \node[entity, fill=darkGreen, left=3.25cm of Distribution] (Log) {Log}; + \pause + + %%% + % Setup DNS + %%% + \node[system, below=1cm of Signer] (DNS) {DNS}; + \path[path, dashed] (Signer) -- node[relation,right]{\hash(pub)} (DNS); + \pause + + + %%% + % Add leaf + %%% + \path[path] (Signer) -| node[relation,above]{add leaf} (Log); + \path[path] (DNS) -- node[relation,above]{\hash(pub)} (Log); + \pause + + %%% + % Witnessing + %%% + \node[entity, fill=darkRed, below=1cm of Log] (Witness) {Witness}; + \path[path] (Witness) -- node[relation,left]{cosign} (Log); + \pause + + %%% + % Collect proof + %%% + \path[path] (Log) -- node[relation,above,sloped]{proof} (Signer); + \node[relation,above=0.25cm of Distribution.40]{proof}; + \pause + + %%% + % Setup monitor + %%% + \node[entity, fill=darkOrange, below=.75cm of DNS] (Monitor) {Monitor}; + \path[path, dashed] ($ (Monitor) + (0,-1) $) -- + node[relation, right] { + \begin{tabular}{c} + policy\\ + pub + \end{tabular} + } + (Monitor); + \pause + + %%% + % Inspect the log + %%% + \path[path] (Log) -- node[relation,below,sloped,pos=.40]{leaves, proof} (Monitor); + \pause + + %%% + % Also get the data + %%% + \path[path] (Distribution) -- node[relation,above,sloped]{data} (Monitor); + \end{tikzpicture} +\end{frame} + +\begin{frame} + \vfill + \mktitle{A step-by-step breakdown} +\end{frame} + +\begin{frame} + \mktitle{Signing} + \centering + + \begin{tikzpicture}[ + -latex, + entity/.style = { + draw = gray!30, + thick, + rounded rectangle, + fill = white, + minimum width = 2cm, + font = \fontsize{8}{8}\selectfont, + text = white, + }, + system/.style = { + draw = gray, + thick, + rectangle, + fill = white, + minimum width = 1cm, + font = \fontsize{8}{8}\selectfont, + text = black, + }, + relation/.style = { + draw = none, + font = \fontsize{6}{6}\selectfont, + }, + path/.style = { + draw, + thick, + -latex, + rounded corners, + }, + ] + %%% + % Signing + %%% + \node[entity, fill=darkBlue] (Signer) at (0,0) { Signer }; + \path[path, dashed] ($ (Signer) + (0,1) $) -- + node[relation, right] { + \begin{tabular}{c} + priv\\ + data\\ + \end{tabular} + } + (Signer); + \end{tikzpicture} + \vfill + \pause + + \begin{columns} + \begin{column}{.5\textwidth}\centering + \lstinputlisting[style=CStyle]{img/sigsum/sshsig} + \burl{https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig\#L81} + \end{column} + \pause + \begin{column}{.5\textwidth}\centering + \lstinputlisting[style=CStyle]{img/sigsum/sshvalues} + \burl{https://git.sigsum.org/sigsum/tree/doc/proposals/2021-11-ssh-signature-format.md} + \end{column} + \end{columns} + \vfill + + \pause + \begin{columns} + \begin{column}{.33\textwidth}\centering + \texttt{ssh-keygen -Y} + \end{column} + \begin{column}{.33\textwidth}\centering + \texttt{signify} + \end{column} + \begin{column}{.33\textwidth}\centering + \texttt{minisign} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \vfill + \mktitle{Why not support more signing formats and tools?} +\end{frame} + +\begin{frame} + \mktitle{Submission} + \begin{columns} + \begin{column}{0.4\textwidth} + \alert{HTTP POST ASCII} + \begin{itemize} + \item Shard hint + \begin{itemize} + \item $\in [\mathsf{shard\_start}, \mathsf{now}()]$ + \end{itemize} + \item Message + \item Signature + \item Public key + \item Domain hint + \begin{itemize} + \item \texttt{\_sigsum\_v0.*} $\rightarrow\hash(\mathsf{pub})$ + \end{itemize} + \end{itemize} + \end{column} + \uncover<2>{% + \begin{column}{.27\textwidth} + \alert{Stored leaf (136 bytes)} + \begin{itemize} + \item Shard hint + \item Checksum + \item Signature + \item Key hash + \end{itemize} + \vspace{1.4cm} + \end{column} + } + \begin{column}{.33\textwidth}\centering + \vspace{-3cm} + \hspace{-1cm} + \begin{tikzpicture}[ + -latex, + entity/.style = { + draw = gray!30, + thick, + rounded rectangle, + fill = white, + minimum width = 2cm, + font = \fontsize{8}{8}\selectfont, + text = white, + }, + system/.style = { + draw = gray, + thick, + rectangle, + fill = white, + minimum width = 1cm, + font = \fontsize{8}{8}\selectfont, + text = black, + }, + relation/.style = { + draw = none, + font = \fontsize{6}{6}\selectfont, + }, + path/.style = { + draw, + thick, + -latex, + rounded corners, + }, + ] + %%% + % Signing + %%% + \node[entity, fill=darkBlue] (Signer) at (0,0) { Signer }; + \path[path, dashed] ($ (Signer) + (0,1) $) -- + node[relation, right] { + \begin{tabular}{c} + priv\\ + data\\ + \end{tabular} + } + (Signer); + + %%% + % Setup DNS + %%% + \node[system, below=1cm of Signer] (DNS) {DNS}; + \path[path, dashed] (Signer) -- node[relation,right]{\hash(pub)} (DNS); + + %%% + % Introduce the log + %%% + \node[entity, fill=darkGreen, left=1cm of DNS] (Log) {Log}; + + %%% + % Add leaf + %%% + \path[path] (Signer) -| node[relation,above]{add leaf} (Log); + \path[path] (DNS) -- node[relation,above]{\hash(pub)} (Log); + \end{tikzpicture} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \mktitle{Bundling \uncover<2->{and Distribution}} + \begin{columns} + \begin{column}{0.5\textwidth} + \begin{itemize} + \item Signer must \textbf{wait} for witnessing\footnotemark[1] + \begin{itemize} + \item Append-only + \item Freshness + \item Some simplifications + \end{itemize} + \item Proof of logging + \begin{itemize} + \item Cosigned tree head + \item Inclusion proof + \end{itemize} + \end{itemize} + \end{column} + \begin{column}{.5\textwidth}\centering + \begin{tikzpicture}[ + -latex, + entity/.style = { + draw = gray!30, + thick, + rounded rectangle, + fill = white, + minimum width = 2cm, + font = \fontsize{8}{8}\selectfont, + text = white, + }, + system/.style = { + draw = gray, + thick, + rectangle, + fill = white, + minimum width = 1cm, + font = \fontsize{8}{8}\selectfont, + text = black, + }, + relation/.style = { + draw = none, + font = \fontsize{6}{6}\selectfont, + }, + path/.style = { + draw, + thick, + -latex, + rounded corners, + }, + ] + %%% + % Setup entities + %%% + \node[entity, fill=darkBlue] (Signer) at (0,0) { Signer }; + \node[draw=none, below=1cm of Signer] (DNS) {}; + \node[entity, fill=darkGreen, left=1cm of DNS] (Log) {Log}; + + %%% + % Witnessing + %%% + \node[entity, fill=darkRed, below=1cm of Log] (Witness) {Witness}; + \path[path] (Witness) -- node[relation,left]{cosign} (Log); + + %%% + % Get proof + %%% + \path[path] (Log) -- node[relation,above,sloped]{proof} (Signer); + + \uncover<2->{ + %%% + % Distribution + %%% + \node[entity, fill=darkPurple] (End-user) at (2.5,-3) {End-user}; + \path[path] (Signer) -| node[relation,above]{data, signature} (End-user); + \node[system, above=1cm of End-user] (Distribution) {Distribution}; + \node[relation,above=0.25cm of Distribution.40]{proof}; + } + \end{tikzpicture} + \end{column} + \end{columns} + \footnotetext[1]{\tiny{Originally proposed by Syta et al.: \burl{https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7546521}}} + + \vfill +\end{frame} + +\begin{frame} + \vfill + \centering + \begin{columns} + \begin{column}{.33\textwidth} + Example policy + \begin{itemize} + \item Known logs + \item Known witnesses + \item M-of-N (co)signatures + \end{itemize} + \end{column} + \begin{column}{.67\textwidth} + \mktitle{Verification} + \vspace{.5cm} + \begin{tikzpicture}[ + -latex, + entity/.style = { + draw = gray!30, + thick, + rounded rectangle, + fill = white, + minimum width = 2cm, + font = \fontsize{8}{8}\selectfont, + text = white, + }, + system/.style = { + draw = gray, + thick, + rectangle, + fill = white, + minimum width = 1cm, + font = \fontsize{8}{8}\selectfont, + text = black, + }, + relation/.style = { + draw = none, + font = \fontsize{6}{6}\selectfont, + }, + path/.style = { + draw, + thick, + -latex, + rounded corners, + }, + ] + %%% + % Distribution + %%% + \node[entity, fill=darkPurple] (End-user) at (2.5,-3) {End-user}; + \path[path, dashed] ($ (End-user) + (0,-1) $) -- + node[relation, right] { + \begin{tabular}{c} + policy\\ + pub + \end{tabular} + } + (End-user); + \path[path] (Distribution) -- node[relation,right]{ + \begin{tabular}{c} + data\\ + signature\\ + proof\\ + \end{tabular}} + (End-user); + \node[system, above=1cm of End-user] (Distribution) {Distribution}; + + %%% + % Introduce the log + %%% + \node[entity, fill=darkGreen, left=3.25cm of Distribution] (Log) {Log}; + + %%% + % Setup DNS + %%% + \node[draw=none] (DNS) at ($ (Log) !.5! (Distribution) $) {}; + + %%% + % Witnessing + %%% + \node[entity, fill=darkRed, below=1cm of Log] (Witness) {Witness}; + \path[path] (Witness) -- node[relation,left]{cosign} (Log); + + %%% + % Setup monitor + %%% + \node[entity, fill=darkOrange, below=.75cm of DNS] (Monitor) {Monitor}; + \path[path, dashed] ($ (Monitor) + (0,-1) $) -- + node[relation, right] { + \begin{tabular}{c} + policy\\ + pub + \end{tabular} + } + (Monitor); + + %%% + % Inspect the log + %%% + \path[path] (Log) -- node[relation,above,sloped,pos=.60]{leaves, proof} (Monitor); + + %%% + % Also get the data + %%% + \path[path] (Distribution) -- node[relation,above,sloped]{data} (Monitor); + \end{tikzpicture} + \end{column} + \end{columns} + + \vfill + \alert{No reactive gossip/audit, offline verification by end-users (!)} +\end{frame} + +\begin{frame} + \vfill + \begin{columns} + \begin{column}{.5\textwidth} + \mktitle{Current status} + \begin{itemize} + \item Solid foundation, hopefully(!) + \item V0 design\footnotemark[1] and API\footnotemark[2] is pretty stable + \item Public prototypes, log and witness + \item Tooling? Kind of ``pipe into \texttt{curl}'' + \item \url{https://git.sigsum.org} + \end{itemize} + \end{column} + \begin{column}{.5\textwidth} + \centering + \includegraphics[width=\columnwidth]{img/sigsum/foundation} + \burl{https://bygg.se/valj-ratt-husgrund-till-din-villa/} + \end{column} + \end{columns} + \footnotetext[1]{\burl{https://git.sigsum.org/sigsum/tree/doc/design.md}} + \footnotetext[2]{\burl{https://git.sigsum.org/sigsum/tree/doc/api.md}} + + \pause + \vfill + \centering + \alert{Next steps: more feedback, tooling, mature code, SLA for a v0 log, eventually v1 spec} +\end{frame} + +\begin{frame} + \vfill + \begin{columns} + \begin{column}{.1\textwidth} + \end{column} + \begin{column}{.4\textwidth} + \mktitle{Take away} + \begin{itemize} + \item Minimal building block + \item Log a signed checksum + \item Offline end-user verification + \item Many potential use-cases + \item Reach out to get involved\footnotemark[1] + \end{itemize} + \end{column} + \begin{column}{.4\textwidth} + \includegraphics[width=\columnwidth]{img/thanks} + \end{column} + \begin{column}{.1\textwidth} + \end{column} + \end{columns} + \footnotetext[1]{\tiny{irc, matrix, email list, etc., are linked from \burl{https://www.sigsum.org}}} +\end{frame} + +\begin{frame} + \vfill + \mktitle{Q/A} +\end{frame} -- cgit v1.2.3