The Seif Project Rhymes with safe Douglas Crockford

The Problem • Web programming is slow and unreliable. • The Web is a

RFC 1738 December 1994 // user : password @ host : port / url-path

What’s wrong with the Web? Insecure Complex

HTTP Key : value pairs Negotiation Request/response protocol

Many Have Tried • Microsoft, Apple, Adobe, Oracle, many more. • In most cases,

Upgrade the Web. Keep the things it does well.

The Seif Project • A radical, minimal, secure, open solution. • Architecturally very different

The Seif Project • Part 1: seifnode • Part 2: Seif Protocol • Part

seifnode • A module adding cryptographic services to Node JS • ECC 521 •

Entropy Collection • Operating System • Microphone • Camera

ECC 521 public keys as unique identifiers

Zooko’s Triangle Human Meaningful Securely Unique Global: Decentralized

Seif Protocol Secure JSON Over TCP Efficient sessions

Symmetric S(plaintext) => ciphertext S(ciphertext) => plaintext Asymmetric P(plaintext) => ciphertext R(ciphertext) => plaintext

Alice • PA • RA • PB • H • S Seif Handshake Alice's

Seif Message Send • Normal send • Automatic persistent retry • Status send •

Seif Resource Management Resources accessed by hash

Seif Apps HTML-free Java. Script-based application delivery system built on Node JS and Qt.

Seif App QT Node JS Display Presence Logic Presence

Cooperation under mutual suspicion QT Node JS Another Display Another Logic Display Presence Logic

Transition Plan • Convince one progressive browser maker to integrate. • Convince one secure

Difficulty of software security • Does what it should • Doesn’t do what it

The Seif Project • Part 1: seifnode Oct '14 OSCON • Part 2: Seif

The goal of the Seif Project is to provide safe and effective relationship management

The Seif Project http: //www. seif. place/

And Beyond • Cloud connectivity • Seifmail • Seif. OS

Slides: 49

Download presentation

The Seif Project Rhymes with safe Douglas Crockford

The Web

The Problem • Web programming is slow and unreliable. • The Web is a document retrieval system, not a secure application delivery system. • Passwords are easily guessed, stolen, forgotten.

RFC 1738 December 1994 // user : password @ host : port / url-path The use of URLs containing passwords that should be secret is clearly unwise.

What’s wrong with the Web?

What’s wrong with the Web? Insecure Complex

HTTP Key : value pairs Negotiation Request/response protocol

DNS

SSL

Certi cate Authorities

HTML

Templating

DOM

CSS

Java. Script

Many Have Tried • Microsoft, Apple, Adobe, Oracle, many more. • In most cases, the technology was much better. • In most cases, the solution was not open. • There was no transition.

Upgrade the Web. Keep the things it does well.

The Seif Project • A radical, minimal, secure, open solution. • Architecturally very different from the old web, but deliverable through web browsers. • Customers are not given passwords. • Public key cryptography is used for authentication. • Certificate Authorities are not trustworthy and are not used.

The Seif Project • Part 1: seifnode • Part 2: Seif Protocol • Part 3: Seif Resource Management • Part 4: Seif Apps • Part 5: Seif Helper App

seifnode • A module adding cryptographic services to Node JS • ECC 521 • AES 256 • SHA 3 -256 • Random

Entropy Collection • Operating System • Microphone • Camera

ECC 521 public keys as unique identifiers

Zooko’s Triangle Human Meaningful Securely Unique Global: Decentralized

Seif Protocol Secure JSON Over TCP Efficient sessions

Symmetric S(plaintext) => ciphertext S(ciphertext) => plaintext Asymmetric P(plaintext) => ciphertext R(ciphertext) => plaintext

Alice • PA • RA • PB • H • S Seif Handshake Alice's public key Alice's private key Bob's public key Handshake key Session key • PB • RB • PA • H • S Bob's Public Key Bob's Private Key Alice's public key Handshake key Session key → {"seif": 1, PB(H), H(PA )}

Full duplex

Seif Message Send • Normal send • Automatic persistent retry • Status send • For telemetry and gaming • Messages may be discarded

Seif Resource Management Resources accessed by hash

Seif Apps HTML-free Java. Script-based application delivery system built on Node JS and Qt.

Seif App QT Node JS Display Presence Logic Presence

Cooperation under mutual suspicion QT Node JS Another Display Another Logic Display Presence Logic Presence

Trust Management Petnames

Seif Helper App The browser made Seif.

Transition Plan • Convince one progressive browser maker to integrate. • Convince one secure site to require its customers to use that browser. • Risk mitigation will compel the other secure sites. • Competitive pressure will move the other browser makers. • The world will follow for improved security and faster application development. • Nothing breaks!

Difficulty of software security • Does what it should • Doesn’t do what it shouldn’t • No software is initially secure • Only a minimal approach can produce software that is eventually secure

There is nothing new here.

The Seif Project • Part 1: seifnode Oct '14 OSCON • Part 2: Seif Protocol May'15 OSCON • Part 3: Seif Resource Management • Part 4: Seif Apps • Part 5: Seif Helper App http: //www. seif. place/

The goal of the Seif Project is to provide safe and effective relationship management on the web.

The Seif Project http: //www. seif. place/

seif: publickey @ ipaddress / referral

And Beyond • Cloud connectivity • Seifmail • Seif. OS