Email, Messaging, and SSI/DID (再放送)

Transcript

1. Email, Messaging, and SSI/DID Ryo Kajiwara / sylph01 @ #idcon,

   2020/11/19, ೔ຊޠ࠶์ૹ

2. ஫ҙࣄ߲ • ͜Ε͸ͲͪΒ͔ͱ͍͏ͱҙݟද໌ͷΑ͏ͳੑ࣭ͷൃදͰ͢ • Ұ࣌ظͷQiitaͰ͍͏ͱ͜ΖͷʮϙΤϜʯ • ٞ࿦ͷͨΊͷΞΠσΞग़͠Λ͢Δੑ࣭ͷ΋ͷͰ͢ • ΑͬͯɺϓϩμΫτ΍։ൃ੒ՌͷσϞͰ͸͋Γ·ͤΜ •

   ·ͨɺٞ࿦΍લఏʹൈ͚΍݀͸༨༟Ͱଘࡏ͢Δ͸ͣͰ͢
3. None

4. TL;DR

5. SMTPΛ ΍ΊΖ

6. Ͳ͏΍ͬͯ ΍ΊΔʁ

7. None

8. ϝοηʔδϯάʹٻΊΔੑ࣭ • End-to-End҉߸Խ • ࠷֤ۙࠃ͕ban͠Α͏ͱ͍ͯ͠Δͬͯʁ • ҉߸Խ͞Εͨάϧʔϓϝοηʔδϯά • σʔλͷ੍ޚ •

   identityදݱͷ੍ޚ

9. Q: ͳΜͰLINE / Facebook Messenger / WhatsApp etc.͕͋Δͷ ʹϝʔϧͳΜ͔࢖ͬͯ Δͷʁ

10. Q: ͳΜͰLINE / Facebook Messenger / WhatsApp etc.͕͋Δͷ ʹϝʔϧͳΜ͔࢖ͬͯΔͷʁ •

    SMTP͸े෼ͳ҉߸Խ΍ೝূΛ͍࣋ͬͯͳ͍ • Eϝʔϧ͸௨ৗEnd-to-End҉߸ԽΛ͍࣋ͬͯͳ͍ • PGP΍S/MIMEΛ࢖ͬͨͱ͜ΖͰάϧʔϓʹର͢Δ҉߸Խί ϛϡχέʔγϣϯ͸Ͱ͖ͳ͍ • Eϝʔϧʹ͸spam͕͋Δ

11. Q: ͳΜͰLINE / Facebook Messenger / WhatsApp etc.͕͋Δͷ ʹϝʔϧͳΜ͔࢖ͬͯΔͷʁ A:

    ࣄલͷ৴པؔ܎ͷͳ͍ਓ͔Β΋ ϝοηʔδΛड͚औΔ͜ͱ͕Ͱ͖Δ

12. Eϝʔϧʹ͸spam͋Δ ͡ΌΜʂ

13. Eϝʔϧʹspam͕͋Δ ͷ͸ϓϩτίϧʹ૊Έ ࠐ·Εͨಗ໊ੑ͕ݪҼ

14. Eϝʔϧͷಗ໊ੑ ʮࣄલͷ৴པؔ܎ͷͳ͍ਓ͔ΒϝοηʔδΛड͚औΕΔʯͱ͍͏ ੑ࣭͸ి࿩ʹ΋͋ͯ͸·Δ͕ɺEϝʔϧʹ͸ి࿩໢ʹ͋ΔΑ͏ͳ anti-abuse mechanismΛ͍࣋ͬͯͳ͍ɻ͜Ε͸Eϝʔϧͷಗ໊ੑʹ ΑΔ΋ͷͰ͋Δɻ • ి࿩໢Λabuseͨ͠৔߹ٯ୳஌͕Մೳ • Eϝʔϧʹ͓͍ͯ͸identityͷspoofing͕༰қͰɺั·͑Δ͜ͱ͕

    ࠔ೉ • ͱ͍͏͔Eϝʔϧʹ͸·ͱ΋ͳidentity layer͕ͳ͍

15. spammer͸Eϝʔϧͷ ಗ໊ੑΛ࢖ͬͯѱࣄΛ ಇ͘

16. ͦ΋ͦ΋ಗ໊ͷEϝʔϧɺཉ ͍͠ʁ ಗ໊ͷEϝʔϧ͸ߴ֬཰Ͱspamɻ ৽ͨʹ৴པؔ܎݁ͼ͍ͨ৔߹ಗ໊Ͱ͋Δ͜ͱʹ͍͍͜ͱ͸ͦΜͳ ʹͳ͍ɻ

17. ͡Ό͋S/MIMEΛશҬత ʹ࢖͑͹͍͍ͷͰ͸ʁ

18. S/MIMEͷ໰୊ • ߴ͍ • ൃߦ͞Εͨ༻్ʹറΒΕΔ • ͋Δূ໌ॻ͸ಛఆͷorganizationʹ͓͚ΔॴଐΛূ໌ͯ͘͠Ε Δ͔΋͠Εͳ͍͕ • ΠϯλʔωοτͰৗʹͦͷಛఆͷ๧ࢠΛͣͬͱ͔Ϳ͍ͬͯͨ

    ͍͔ͱ͍͏ͱͦ͏Ͱ͸ͳ͍ • ෳ਺ͷূ໌ॻ࢖͑͹͍͍͡ΌΜʁ1ߦ໨ʹ໭Δ

19. ΋ͬͱυϥεςΟοΫͳղ๏: ϚΠφϯόʔΧʔυͷ ূ໌ॻͰsign͞Εͨ ϝʔϧͳΒࣗಈతʹड ͚ೖΕΔ

20. ୭΋ϚΠφϯόʔʹඥ ෇͍ͨΞΧ΢ϯτͰ spamͳΜ͔͠ͳ͍Ͱ ͠ΐʁ

21. ·͋Θ͟Θ͟SSI/DIDͷ ࿩ฉ͖ʹདྷΔํͳΒ͜ ΕͷԿ͕ා͍͔͸Θ͔ Δͱࢥ͍·͕͢

22. None

23. Eϝʔϧͷself-sovereignੑ SMTP/POP/IMAP͸΋ͱ΋ͱself-sovereignੑΛຬͨ͢ϓϩτίϧͰ ͋ͬͨɻࣗ෼ͰαʔόʔཱͯΔݶΓ͸ɻ • ࣗ෼ͰIDΛൃߦͰ͖Δ • ༻్ʹԠͯ͡IDΛ࢖͍෼͚Δ͜ͱ͕Ͱ͖Δ • ࣗ෼ͷσʔλͷίϯτϩʔϧ͸ࣗ෼Ͱ࣋ͭ͜ͱ͕Ͱ͖Δ

24. Eϝʔϧͷself-sovereignੑ ࠷ۙ͸୭΋ͦΜͳ͜ͱ͠ͳ͍ɻ • SMTP: ద੾ʹೝূ͢Δͷ͕೉͍͠ɻઃఆ1ݸͰ΋ؒҧ͑Δͱ spamͷ౿Έ୆ɻ • IMAP: ϚϧνσόΠεΞΫηεͳΒඞਢɻ͚ͩͲετϨʔδ؅ཧ ஍ࠈʹؕΔ

    ݁Ռɺຊདྷself-sovereignͰ͋Δ͸ͣͷϓϩτίϧͳͷ͕ͩɺதԝ ूݖԽΛڐͯ͠͠·ͬͨ

25. Eϝʔϧͷself-sovereignੑ EϝʔϧͷதԝूݖԽ͸spamͷ໰୊ΛΑΓѱԽ͍ͤͯ͞Δɻதԝ ूݖతEϝʔϧϓϩόΠμͷspamϑΟϧλͷಈ࡞ʹे෼ͳಁ໌ੑ͕ ͳ͘ɺѱҙͷͳ͍ϝʔϧͰ͢ΒspamϑΟϧλʹҿ·ΕΔɻதԝू ݖతEϝʔϧϓϩόΠμΛར༻͍ͯ͠ͳ͍ϝʔϧ͸spamϑΟϧλΛ ৴༻ͤ͞Δ͜ͱ͕೉͘͠ͳΓɺΑΓதԝूݖԽ͕ਐΉ ʢಁ໌ੑ͕͋ͬͨΒ͋ͬͨͰspamۀऀ͕ͦΕΛᷖճͯ͘͠ΔͷͰ Ϛζ͍ͱ͍͑͹ͦͷͱ͓Γ͕ͩ…ʣ

26. "Principles of User Sovereignty / Fundamental Problems of Distributed Systems"

    @ IIW30 ʮ෼ࢄγεςϜͷ๊͑Δࠜຊతͳ໰୊ΛղܾͰ͖ͳ͍ͱ͖ɺͦΕ ͸اۀʹΑΔதԝूݖԽ(corporate capture)ΛࣗΒڐͯ͠͠·͏ʯ Eϝʔϧ͸·͞ʹ͜ͷ࠷ͨΔྫͰ͋Δɻ෼ࢄγεςϜ๊͕͑Δຊ࣭ తͳ໰୊ʹରͯ͠े෼ͳղܾ͕ͳ͞Εͳ͔ͬͨͨΊɺاۀ͸ͦ͜ ʹϚωλΠζͷػձΛݟग़͠ɺதԝूݖԽͯ͠͠·ͬͨɻ

27. "Fundamental Problems of Distributed Systems" ྫ: • ϊʔυͷσΟεΧόϦʔ(Eϝʔϧͷ৔߹ૹ৴ઌͷ֬ఆʹඞཁ) • ϊʔυ͕ωοτϫʔΫʹࢀՃ͢Δࡍͷηογϣϯͷཱ֬

    (introduction) • ϓϥΠόγʔ(௕ظతͳؔ࿈෇͚ͷ๧ࢠ) • τϥετ

28. Eϝʔϧ͕digital identityͷ֩ͱͳΔ ͜ͱͷා͍఺ ύεϫʔυ๨Εͨͱ͖ͷϦηοτ͸͍͍ͩͨEϝʔϧΛ௨ͯ͠ߦΘ Ε·͢Ͷʁ →Eϝʔϧ͕৐ͬऔΒΕΔͱ͋ͳͨͷΠϯλʔωοτ্ͷidentity ͸શͯ৐ͬऔΕ·͢ɻ secure messaging͕୅ସͰ͖Δ͔Ͳ͏͔͸͓͖ͯ͞ɺे෼ʹηΩϡ ΞͰͳ͍ϓϩτίϧ/ΤίγεςϜΛdigital

    identityͷ֩ͱ͢Δͷ͸ ةݥͰ͋Γɺ୅ସΛߟ͑Δඞཁ͕͋Δɻ
29. None

30. Ͳ͏ͨ͠ΒղܾͰ͖ Δʁ

31. ༧๷ઢ: ͜Εͬͯཁ͢ΔʹBetter PGPͷ࿩ͩΑͶʁ →஌ͬͯΔɻ

32. Verifiable CredentialΛ༻͍ͨEϝʔϧ ֤τϥϯβΫγϣϯʢ͜͜Ͱ͸Eϝʔϧͷ΍ΓͱΓʹ૬౰͢Δʣ͝ ͱʹҟͳΔidentityͷදݱΛ੾Γग़ͯ͠࢖͏ʹ͸Ͳ͏͢Ε͹Α͍ ͔ʁˠಛఆͷidentityͷදݱʹରԠ͢Δverifiable credentialΛ࢖͑͹ Α͍ spamϑΟϧλ͸Eϝʔϧʹؔ࿈͍ͮͨVCͷਖ਼౰ੑɾ৴པ౓Λ൑ఆ ͢Δ

33. Verifiable CredentialΛ༻͍ͨEϝʔϧ Կ͕خ͍͠ʁ • ૹ৴ऀ: ʢϝʔϧ͕ਖ਼౰ͳ༻్Ͱ͋ΔݶΓʣspamϑΟϧλʹ ͻ͔͔ͬΔ͜ͱ͕ݮΔ • ͍ͭͰʹɺৗʹެࣜͳ๧ࢠ͔Ϳͬͯͳͯ͘΋Α͍ •

    ड৴ऀ: spam͕ݮΔɺ·ͱ΋ͳϝʔϧ͕ड৴ശʹೖͬͯ͘Δ • ͪΌΜͱͨ͠ϓϩτίϧ֦ுΛ͢Ε͹ݱࡏͷSMTPͷΤίγες ϜͱڞଘͰ͖Δ

34. Messaging Layer Security https://messaginglayersecurity.rocks/ ηΩϡΞͰinteroperableͳάϧʔϓϝοηʔδϯάͷͨΊͷϓϩτ ίϧΛఆٛ͠Α͏ͱ͍ͯ͠ΔIETFͷWGɻ End-to-End҉߸ԽΛ࣋ͭʢͦΕ͸ͦ͏ʣɺ҉߸Խάϧʔϓϝο ηʔδϯά͕Մೳ ಛఆͷϓϥοτϑΥʔϜʹ͓͚ΔID͕ඞཁ

35. DIDComm Aries RFC 0005: DID Communication Ͱઆ໌͞Ε͍ͯΔDID Agentಉ࢜ ͷίϛϡχέʔγϣϯϝΧχζϜɻ DIDCommͱ͍͏ϓϩτίϧ͕͋Δɺͱ͍͏ΑΓ΋DIDCommͷ্ʹ

    ֤ΞϓϦέʔγϣϯ͝ͱͷϓϩτίϧΛ࣮૷͢Δɺͱ͍͏΄͏͕ ౰ͯ͸·ΔɻExplainerͰ͸˓×ήʔϜ༻ͷϓϩτίϧΛDIDCommͷ ্Ͱ࣮૷͍ͯ͠Δɻ

36. DIDComm ओͳಛ௃ͱͯ͠ɺʮඇಉظɺ୯ํ޲(simplex)ͷϝοηʔδϯάͰ͋ ΔʯʮτϥϯεϙʔτґଘੑΛ࣋ͨͳ͍(transport-agnostic)ʯ ʮEnd-to-end҉߸Խ͞Ε͍ͯΔʯͱ͍͏ੑ࣭͕͋Δɻ ૹΓઌͷൃݟ(discovery)͸DID RelationshipͷߏஙʹΑͬͯߦΘΕ Δɻ

37. None

38. ·ͱΊ • Eϝʔϧͷ໰୊ͱͯ͠ʮ҉߸Խ͕े෼Ͱͳ͍ʯ͜ͱʹՃ͑ͯʮ· ͱ΋ͳidentity layer͕ͳ͍ʯͱ͍͏໰୊͕͋Δ • identity layerͷߏஙΛதԝूݖԽ͞ΕͨEϝʔϧϓϩόΠμʹ· ͔ͤͯ͠·͏ͱEϝʔϧͷ಺ࡏతͳself-sovereignੑΛࣦͬͯ͠ ·͏

    • DID΍VCٕज़ͰEϝʔϧͷidentity layerΛ࡞Δ͔ɺͦ΋ͦ΋DIDʹ ΑΔidentity layerΛ࣋ͭϓϩτίϧͰ͋ΔDIDCommʹ৐͔ͬͬ ͯ͠·͏ͷ͕Α͍ͷͰ͸ʁ