Skip to content

Commit

Permalink
Fixup intro
Browse files Browse the repository at this point in the history
  • Loading branch information
@expede
expede committed Jul 12, 2023
1 parent 874047b commit d69414c
Showing 1 changed file with 12 additions and 21 deletions.
33 changes: 12 additions & 21 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,23 +30,11 @@ Applications in the client/server model typically use a certificate authorty to

Authorization on its own is no longer sufficient for this situation: it is entirely possible validate _who_ a responder, but the more relevant information is _what they have access to._ For instance, are they a member of a group message, can read from a particular database, or send email from a certain address.

## 1.2 Generality





[UCAN] allows for the representation of authority both with and without delegation.





## 1.3 Approach

Off the shelf components
## 1.2 Approach

Rather than building multiple tools for specialized use cases, the appraoch is to take high quality components that solve for the general case and add the minimal number of additions to fit the AWAKE context. To the largest degree possible, AWAKE composes existing protocols and tools.

[MLS] is currently the best vetted secure channel that includes P2P group management. [UCAN] allows for the representation of authority both with and without delegation, and is well suited for P2P and local-first use cases. By combining standards these with a thin layer of standard cryptographic patterns, AWAKE attempts to take the advanatges of both while introducing the minimum of additional specification and implementation overhead.

# 2 Encryption

Expand Down Expand Up @@ -384,28 +372,31 @@ flowchart LR
UCAN["UCAN
iss: RequestorActualDid,
aud: ProviderActualDid, 
fct: nextReqECDH,        
att: [],                         
prf: ...                         
"]
end
```

# 6. Acknowledgements
# 6. MLS Session

Proceed with MLS as normal.

# 7. Acknowledgements

Thanks to [Quinn Wilton] and [Daniel Holmgren] for their many contributions to previous version of this spec. While the spec has evolved significantly since then, their thinking drove much of the philosophy underlying the current version.

Many thanks to [Brian Ginsburg] for his exploration of AWAKE and suggestion to recommend backoff on requestor authorization attempts.

# 7 FAQ
# 8 FAQ

## 7.1 Why not a variant without MLS for short sessions?
## 8.1 Why not a variant without MLS for short sessions?

This is absolutely an option! However, it would require implementing a special case. Such a system could arguably be more efficient when the number of messages is extremely small, but having one well tested library that could handle more use cases was more strongly indicated in this revision of the spec.

## 7.2 Why not use more established cryptography, such as P-256 or RSA?
## 8.2 Why not use more established cryptography, such as P-256 or RSA?

## 7.3 Why HKDF instead of the BLAKE3 key derivation function?
## 8.3 Why HKDF instead of the BLAKE3 key derivation function?

<!-- External Links -->

Expand Down

0 comments on commit d69414c

Please sign in to comment.