3A/ DKMS = Decentralized Key Management System
DKMS
Wednesday 3A
Convener: Drummond Reed
Notes-taker(s): Jin Wen
Tags for the session - technology discussed/ideas considered:
DID, DDOS, DKMS, Decentralized Key Management System
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Note: this is an effort of DHS contract
Source: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2017
Checklist for the DKMS, please use NIST 800-130 -- a spec on how to write the spec.
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-130.pdf
Distributed Ledger is used here
Different types of keys:
· ?
· ?
· Revoke Rotate Replace, Recovery
Delegation:
Promise:
- the ability for individual to control the key, including recover the key -- the key
Recovery methods:
- Smart Contract for social recovery
- Recursive Recovery w/ smart contracts
- Biometric recovery
- Key escrow services
- Key recovery networks
- Hybrid / Multiple approach
HD Key
Master key and
Potential implementation:
Smart Contracts in BlockChain
- allow Access Control
- does not require master key and secrets
Additional notes from Colin Jaccino:
DIDs - a community-produced spec sponsored by DHS.
Neal John is program manager
Distributed Key Management System
How are we going to manage the keys for the distributed identifiers?
How do we do this in a privacy-respecting manner.
Sovran anticipates managing thousands of DIDs for an individual.
Defining DID is the tip of the iceberg. Management of these will be a tougher challenge.
Additional notes by Drummond Reed
Did decentralized identifiers sponsored by home land security (stir grant)
Rebooting web of trust may
Did family of specification
New identifier for web
1 did:method name(e.i div: 22 char identifier (method specific identifier)
2 ledger
method -identifier
-crud operation
3
Individuals could have thousands of key pairs
Master secret not a credential
DKMS decentralized key management ( develop
NIST 800-130 spec to for writing key management spec
-Generate keys
- Key distribution :trust establishment ( mainly asymmetric keys
-Types of Keys
- revoke/ rotate/ replace keys (change)
- recovery
-Delegation
Promise is in individuals controlling their keys
Master key can generate pki
Using seed with master key
New key pair for each transaction in bitcoin
How does IOT an owner would be a Guardian for IOT
Ethereum -smart contract representing an identity allows using the contract to do key management
Recovery Methods
- Smart Contract for Social Recovery (Uport recovery)
- Recursive recovery w smart contracts
- - TCS is implementing
- Biometric recovery
- Key escrow services
- Key recovery networks
- Hybrid/multiple
- Hardware recovery token
Resilience w/key recovery
Compromise & Monitoring
Fraud detection