-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, Mar 18, 2018 at 04:00:22PM -0700, Innovative Inventor wrote: > On Sunday, March 18, 2018 at 12:31:13 AM UTC-4, Andrew David Wong wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > On 2018-03-17 16:34, Innovative Inventor wrote: > > > On Friday, March 9, 2018 at 3:19:47 PM UTC-5, Innovative Inventor wrote: > > >> I was looking at the canaries, and I liked the idea of a proof of > > >> freshness with the latest news headlines. While people can't create > > >> canaries ahead of time, it is possible to conspire to modify or backdate > > >> one of them after they have been published. To prevent this, we could > > >> use a blockchain-based timestamp, where the hashes of each canary are > > >> placed within the blockchain of a powerful cryptocurrency. Something > > >> similar to these services: > > >> > > >> https://opentimestamps.org/ > > >> http://originstamp.org/home > > >> > > >> This way, if there ever is a interruption of canaries, followed by a > > >> court order or something forcing you guys to backdate a falsified canary > > >> or modify old ones, we will all be able to check. > > > > > > Something that I think can also be added to improve the canaries is to > > > add NIST's Randomness Beacon to the proof of freshness by adding the > > > output of https://beacon.nist.gov/rest/record/last.xml. I realize that in > > > most hypothetical scenarios, a government, is the attacker, but it can't > > > hurt to add a government to the list of organizations an attacker would > > > have to attack just to coerce a canary ahead of time. What do you guys > > > think? > > > > > > > I wasn't aware of the NIST Randomness Beacon. Very interesting. Thanks > > for bringing it to my attention. As far as I can tell, this looks like a > > very good source for the Proof of Freshness. Would you like to submit a > > PR that adds it to the script? > > > > https://github.com/QubesOS/qubes-secpack/blob/master/utils/proof_of_freshness_generator.sh > > > > Sure! I've just submitted a pull request. Another thing I was thinking about > is adding the nasdaq/some other stock index (preferably worldwide) to the > proof of freshness, as being able to predict them is impossible ahead of time > and it is hard for a government to control stock prices. While organizations > can be infiltrated/hacked, something that combines data from so many > companies' performance will be very hard.
To be honest, I don't think we need more proofs of freshness there. We already have various news headlines (chosen from different countries), bitcoin blockchain and now NIST Randomness Beacon. What we might need, is timestamps - proof that canaries (or other files there) were created at the time included there, not later. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlqoeXIACgkQ24/THMrX 1yz4Wwf+KNAs3X8e/nuKZIuXBPej8dGz8mIx8x2Id+She6tbObmeUAIAYvES0MoV ZGGVdLDvsYdwwMhCLUgPYd8C8NpMPqlAIQPsjBwvGfWko8RXmlBHVnn6IYIFQKkQ 3sOsxdMBIWYczcRKXVsw9KecdsfvGTcVjzkeq9mivzZ+X9QDPpHWa6qGFjRvNTlQ entMh9WPo1BVk8TzhhjGE0BueOi11EJjIYQzlKfuvysdk9EF07hOi4K12HY+UR+W x2wkhBHovkdWCpMldIUyLXId9FphuPXoPfUsYnca/nKaZPGEXAroriS6vBAnZcnn hIxFgp+n1OPHFa7P79CQuXMRTyFQ5A== =gke0 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20180318231213.GZ7364%40mail-itl. For more options, visit https://groups.google.com/d/optout.
