11
TLS Notary is in alpha
(tlsnotary.org)
This is amazing. Cryptography is truly the sorcery of our age.
FYI its in rust, and its very much in alpha, but if you like diving in and are comfortable with rust, come play ๐
Having to have a trustworthy notary interactively as part of the protocol during the TLS request seems like it shuts out a lot of applications.
I wonder if it could be done with zk-STARKs, with the session transcript and ephemeral keys as secret inputs, and a CA certificate as a public input, to produce a proof of the property without the need for the notary. That would then mean the only roles are TLS server, prover, and verifier, with no interactive dependency between the prover and verifier (i.e. the prover could generate the proof first, that can non-interactively verified at any time later by any number of verifiers).
Considering data is secured from the notary, it might be that large companies (Google, Microsoft, Apple, other foundations) might run free notaries.
Like how LetsEncrypt does free TLS certs for websites, or how Google (and many others) provide free STUN servers for webrtc.
I imagine it's fairly low traffic, and fairly light encryption (being TLS, it's pretty optimised and hardware accelerated).
If it picks up as a "widely useful thing" like STUN signalling did, there might be things like browsers being able to configure a Notary server (so you can self host if you want, or use one provided by your email provider or your ISP or whatever)
Wait, is this sort of like an SSH tunnel?
Its a bit more complicated than that. There is a fair bit of cryptography that happens where you basically cooperate with another party to communicate with the server in a way where you cant cheat.
Yeah, I'm not being reductive, just trying to understand the mechanics. The notary is making requests on behalf of the other, right?
I will quote the devs directly: "This Verifier is not "a man in the middle". Instead, the Verifier participates in a secure multi-party computation (MPC) to jointly operate the TLS connection without seeing the data in plain text."
https://docs.tlsnotary.org/#%E2%91%A0-multi-party-tls-request
Yeah, I don't think SSH tunnel can snoop either, but maybe I misunderstand them.
this post was submitted on 24 Sep 2023
11 points (86.7% liked)
Programming
16700 readers
279 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 1 year ago
MODERATORS