HackerTrans
TopNewTrendsCommentsPastAskShowJobs

sandij

no profile record

Submissions

Credentials Evidence or Simulate

preludes.eu
4 points·by sandij·hace 8 meses·0 comments

Portable documents host new file formats

preludes.eu
2 points·by sandij·hace 8 meses·0 comments

Using WebAuthn for Non-Repudiation

sanderdijkhuis.nl
2 points·by sandij·hace 3 años·1 comments

comments

sandij
·hace 2 años·discuss
Another issue with non-repudiation of presentation is that it encourages relying parties to log full transcripts of presentation interactions. It could also encourage supervisory bodies to request such over-complete logging. Instead, relying parties should log the minimum necessary, to avoid developing a honeypot of personal data.
sandij
·hace 2 años·discuss
Non-repudiation of commitments to a transaction can be good when both parties want to avoid later disputes about the authenticity of these commitments. It requires careful design of the data to be signed, the public key certificates, the policies governing the signature creation and validation processes, and the signature formats to enable validation as long as needed.

Attribute presentation is not designed for this feature. When attribute presentation becomes non-repudiable, it creates legal uncertainty:

1. In court, the verifier may now present the proof of possession as evidence. But this is, at least in the EU, not recognised by default as an e-signature. It is yet unknown if it would be interpreted as such by a court. So the verifier keeps a risk that will be difficult for them to assess.

2. Even if it would be recognised as evidence, the holder may argue that it is a replay of a presentation made in another transaction. Presentation protocols are not designed for timestamp assurance towards third parties, and generally do not include verifiable transaction information.

3. The verifier may protect itself by audit-logging attribute presentation input and output along with publicly verifiable timestamps and verifiable transaction information, and by editing its terms and conditions to claim a priori non-repudiation of any presentation. Typically such a solution would not create the same evidence files at the holder’s side. So the holder would not be able to present as strong evidence in court as the verifier. (This asymmetry aspect needs some more elaboration.)

Non-repudiation is well arranged in EU law for e-signatures. If anyone would want the same for attribute presentation, this should involve changes in law. As far as I can see, non-repudiation is now opportunistically being considered in mDL/EUDI just from an isolated technical perspective.
sandij
·hace 2 años·discuss
I’m not sure what the German eID uses today, but the German architecture team has explored KEM+MAC for the EU Digital Identity Wallet. Maybe its eID is similar. You can apply KEM+MAC at either or both of two points:

1. plausible deniability of the document’s issuer seal

2. plausible deniability of having presented the document

The second is great for legal certainty for the user. The first has problems. It would be incompatible with qualified e-sealing; stakeholders have no evidence if issuer integrity was compromised.

Also, it would mean that issuance happens under user control, during presentation to a relying party. In a fully decentralised wallet architecture, this means including the trusted issuer KEM key pair on the user’s phone. Compromising the issuance process, for example by extracting the trusted issuer KEM key pair, could enable the attacker to impersonate all German natural persons online.

The advantage would have been that authenticity the content of stolen documents could be denied. This potentially makes it less interesting to steal a pile of issued documents and sell it illegally. But how would illegal buyers really value qualified authenticity e-seals on leaked personal data?
sandij
·hace 2 años·discuss
To prove that the car rental company has seen the driver licence, they just need to show the judge a copy of the licence which is e-sealed by its issuing authority. No need to include a non-repudiable proof-of-possession signature of the holder. Having that in addition would just introduce legal ambiguity and information asymmetry to the disadvantage of the holder.

The opponent may still claim that the car rental place is showing a copy that was obtained illegally, and not in holder presentation. To avoid such a claim, the car rental company should ask for a qualified e-signature before providing the car key. The signed data can include any relevant claims that both parties confirm as part of the transaction. To provide similar assurance to the customer, the company should counter-sign that document, or provide it pre-sealed if it is an automated process.

Note that with the EU Digital Identity, creating qualified e-signatures is just as easy as presenting digital credentials.
sandij
·hace 2 años·discuss
This article is very relevant in the context of the EU Digital Identity Wallet, and digital credentials in general, such as ISO/IEC 18013-5 mobile driver licenses and other mdocs.

We may accidentially end up with non-repudiation of attribute presentation, thinking that this increases assurance for the parties involved in a transaction. The legal framework is not designed for this and insufficiently protects the credential subject for example.

Instead, the high assurance use cases should complement digital credentials (with plausible deniability of past presentations) with qualified e-signatures and e-seals. For these, the EU for example does provide a legal framework that protects both the relying party and the signer.
sandij
·hace 3 años·discuss
I was curious what would be needed to apply Web Authentication for message/document signatures that third parties can verify. This is an article/demo I wrote about what my findings. Note that the standard was deliberately not designed for this and I can’t recommend applying this hack for real.
sandij
·hace 3 años·discuss
Cleverbase, Vidua | https://cleverbase.com | The Hague, the Netherlands, hybrid options | iOS / Android native mobile app engineer

We deliver identity wallets and trust services. Users can sign documents on mobile with the same legal value as paper signatures, but higher security. Users can identify online in cases where physical presence or showing a passport would otherwise be needed. And the wallet is a strong multi-factor customer authenticator.

We founded Cleverbase in 2016, aiming to enable everyone to do easy and secure business online. Since 2018 we operate under Dutch government supervision within the eIDAS trust framework. We are part of the development of a European Digital Identity Wallet. We are currently hiring for two of our teams:

- enrollment of European citizens with a high level of assurance, issuing reusable credentials - wallet cryptography to enable users to fully control their own digital identity, managing and using credentials

https://cleverbase.com/en/job/mobile-app-developer-ios-and-o...
sandij
·hace 3 años·discuss
And video here: https://docs.datomic.com/cloud/other-tools/REBL.html
sandij
·hace 4 años·discuss
Go has an excellent standard library for cryptography primitives with well-established best practices. It was designed and is maintained in a principled way that likely appeals to more cryptography engineers. Also see this answer by one of its maintainers:

https://www.reddit.com/r/crypto/comments/zukgfq/comment/j1l2...

Some additional reasoning why having a strong standard library is important:

https://www.cryptologie.net/article/505/why-not-rust-for-sec...