On 19 November 2014 04:51, Mike Hearn <[email protected]> wrote: > However, the mathematics is not the hard part of this (assuming the code I > have works). The hard part is designing the contracts between the different > auditing companies to be watertight, so the developers of an app that is > being threshold signed feel safe that they aren't going to lose control over > their own product except in the very specific area of security guarantees. > For example would those contracts govern UI changes that the auditors feel > might make the security harder to understand? Very tricky area and never > been done before so there are no templates to copy. Whoever goes first will > be cutting a path through the jungle for everyone else.
Don't make it auditing companies, make it escrow companies. Software Escrow is apparently a pretty big business. (My parent company NCC does a lot of it.) I'm not super knowledgeable about it, but the idea, AFAICT, is BigCorp wants to buy a product from LittleCo but worries about them disappearing. LittleCo escrows the code with EscrowLtd and everyone signs contracts saying EscrowLtd delivers the code to BigCorp if certain conditions are met (LittleCo disappears, 75% development turnover, I have no idea). Alter the contract so EscrowLtd produces a (reproducible) build of the software you provide them and threshold signs it. This should be relatively easy if you're willing to provide them the software, instructions on how to do it, and lots of money. Then, and here's the trickiest part because we've (NCC) never done it as far as I know, but I'm not opposed to it. Have us, AuditCo, get the software from EscrowLtd, and produce... something: a public statement (we call the Independent Security Reports (ISRs), and there are a few public ones) maybe even a full public report (we have a few of those as well). There's no dancing back and forth over whether we should or should not make the threshold RSA signature. I would _not_ be comfortable signing any contract about that. We get uncomfortable enough around ISRs, and that contract very explicitly states we will write whatever we damn well please. But the audit company produces a document it's satisfied with and the escrow company asserts that the thing built is what you gave them and what the auditor audited. So everyone's silo is satisfied. It's a complex system of third party trust... but so's yours. And mine has the advantage that we'd actually negotiate it with you and sign paperwork. :) -tom _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
