3A/ DKMS = Decentralized Key Management System

From IIW

DKMS


Wednesday 3A

Convener: Drummond Reed

Notes-taker(s): Jin Wen


Tags for the session - technology discussed/ideas considered:

DID, DDOS, DKMS, Decentralized Key Management System

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Note: this is an effort of DHS contract


Source: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2017


Checklist for the DKMS, please use NIST 800-130 -- a spec on how to write the spec.


http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-130.pdf


Distributed Ledger is used here


Different types of keys:

·         ?

·         ?

·             Revoke Rotate Replace, Recovery


Delegation:


Promise: 

  • the ability for individual to control the key, including recover the key -- the key 

Recovery methods:

  • Smart Contract for social recovery
  • Recursive Recovery w/ smart contracts
  • Biometric recovery
  • Key escrow services
  • Key recovery networks
  • Hybrid / Multiple approach


HD Key

Master key and 


Potential implementation:

Smart Contracts in BlockChain 

  • allow Access Control
  • does not require master key and secrets

 

Additional notes from Colin Jaccino:

DIDs - a community-produced spec sponsored by DHS.

Neal John is program manager


Distributed Key Management System

How are we going to manage the keys for the distributed identifiers?  

How do we do this in a privacy-respecting manner.


Sovran anticipates managing thousands of DIDs for an individual.


Defining DID is the tip of the iceberg.  Management of these will be a tougher challenge.



Additional notes by Drummond Reed


Did decentralized identifiers sponsored by home land security (stir grant)


Rebooting web of trust may


Did family of specification


New identifier for web

1 did:method name(e.i div: 22 char identifier (method specific identifier)

2 ledger

method -identifier

-crud operation

3


Individuals could have thousands of key pairs


Master secret not a credential

DKMS decentralized key management ( develop


NIST 800-130 spec to for writing key management spec

-Generate keys

- Key distribution :trust establishment ( mainly asymmetric keys

-Types of Keys

- revoke/ rotate/ replace keys (change)

- recovery

-Delegation


Promise is in individuals controlling their keys


Master key can generate pki

Using seed with master key


New key pair for each transaction in bitcoin


How does IOT an owner would be a Guardian for IOT


Ethereum -smart contract representing an identity allows using the contract to do key management


Recovery Methods

- Smart Contract for Social Recovery (Uport recovery)

- Recursive recovery w smart contracts

- - TCS is implementing

- Biometric recovery

- Key escrow services

- Key recovery networks

- Hybrid/multiple

- Hardware recovery token

Resilience w/key recovery


Compromise & Monitoring

Fraud detection