waxwing



Offline



Activity: 469

Merit: 250







Sr. MemberActivity: 469Merit: 250 Re: SSL logs as proof of money transfer for p2p exchanges June 05, 2014, 09:26:06 AM

Last edit: July 04, 2014, 04:43:36 PM by waxwing #201



A few points about the current state:

We have been able to build binaries for MacOS, and indeed run tlsnotary, but there are some technical problems. We'll keep you updated on that. (Edit: Mac OS is now available - ignore the 'Tor Browser' branding; it is not a Tor Browser; we just reused parts of their build process).



The binaries are built using gitian and should therefore be reproducible. See the folder data/gitian for details.



For those running typical Ubuntu installs (and possibly other Linux distros), you may find that there are problems if your version of tshark is 1.6.7 (as it is by default in some cases, even if you do sudo apt-get install tshark). You should upgrade to tshark 1.10. Ask here if that proves difficult.



To test the basic functionality, run in 'self-test mode'. This will start both an auditor and an auditee running on your machine. Pay attention to the instructions in the status bar. Press 'Record' to audit a single page (Edit: button is now 'Audit this page'). You can do this multiple times to get multiple pages audited. At the end, press 'Stop', which will complete the audit by sending the evidence to the 'auditor' (in this case, yourself).



For real time support, you will usually find us hanging out on #bitsquare.io (temporary change of name) on freenode.

Or ask here if you prefer.





The latest alpha release of the tlsnotary software has just been updated by dansmith and can be found at https://github.com/themighty1/tlsnotary/releases A few points about the current state:We have been able to build binaries for MacOS, and indeed run tlsnotary, but there are some technical problems. We'll keep you updated on that. (Edit: Mac OS is now available - ignore the 'Tor Browser' branding; it is not a Tor Browser; we just reused parts of their build process).The binaries are built using gitian and should therefore be reproducible. See the folder data/gitian for details.For those running typical Ubuntu installs (and possibly other Linux distros), you may find that there are problems if your version of tshark is 1.6.7 (as it is by default in some cases, even if you do sudo apt-get install tshark). You should upgrade to tshark 1.10. Ask here if that proves difficult.To test the basic functionality, run in 'self-test mode'. This will start both an auditor and an auditee running on your machine. Pay attention to the instructions in the status bar. Press 'Record' to audit a single page (Edit: button is now 'Audit this page'). You can do this multiple times to get multiple pages audited. At the end, press 'Stop', which will complete the audit by sending the evidence to the 'auditor' (in this case, yourself).For real time support, you will usually find us hanging out on #bitsquare.io (temporary change of name) on freenode.Or ask here if you prefer. PGP fingerprint 2B6FC204D9BF332D062B 461A141001A1AF77F20B (use email to contact)

kolinko



Offline



Activity: 518

Merit: 101









Full MemberActivity: 518Merit: 101 Re: tlsnotary - cryptographic proof of fiat transfer for p2p exchanges June 09, 2014, 10:47:02 PM #204



We just published this whitepaper a few hours ago

http://github.com/orisi/wiki/wiki/Orisi-White-Paper

and we'll have an implementation ready of it tomorrow.



The idea behind Orisi is that there can be a set of independent oracles locking the funds until some external condition occurs. So it's something similar to what you guys need to have done.



Perhaps you can get some cool things out of our whitepaper, or even fork our solution and just attach your verdict module?

Feel free to ask me any questions, although I'll be going to bed any moment now (Europe, midnight, long day) hi everyone, oakpacific told me to drop by and talk about distributed oracles.We just published this whitepaper a few hours agoand we'll have an implementation ready of it tomorrow.The idea behind Orisi is that there can be a set of independent oracles locking the funds until some external condition occurs. So it's something similar to what you guys need to have done.Perhaps you can get some cool things out of our whitepaper, or even fork our solution and just attach your verdict module?Feel free to ask me any questions, although I'll be going to bed any moment now (Europe, midnight, long day)

waxwing



Offline



Activity: 469

Merit: 250







Sr. MemberActivity: 469Merit: 250 Re: tlsnotary - cryptographic proof of fiat transfer for p2p exchanges July 04, 2014, 05:00:13 PM

Last edit: September 21, 2014, 07:01:01 PM by waxwing #206



So the last few weeks have been focused on patching what was, although practically very implausible, a theoretically important weakness in the design that we had been working on. That's why I killed the earlier doc and video links.



You can see a reference to it in the discussion on the thread back in February - does the fact that the client doesn't check the server mac during the (very brief) audit connection matter? Basically, yes it does - TLS provides authentication, and that mac check is the cornerstone of the authentication. It might be crazily difficult, but in principle someone might be able to alter the traffic in a malicious way.



So this hole has been patched (credit to dansmith for the main idea to solve it), and as described in the abstract of the document in the previous post, we have now fully reinstated the TLS security model , modulo a reduction in the entropy of the secret.



How is it done? The client (the auditee) makes a request to the server using the tlsnotary special sauce negotiated premaster secret, but at that point doesn't know the server mac secret/key. When the server sends the response back, the client effectively hits 'pause' and doesn't decrypt this traffic. The client/auditee sends a hash of the traffic (i.e. a commitment) to the auditor, who only then sends to the client/auditee the required secret data to reconstruct the server mac secret. At this point the client has the entire master secret for the session and can safely decrypt. They could even render it in the browser safely, although for other reasons we set it up so the client only looks at the raw html of what's being audited (just that one page).



All this shenanigans does not impact the user experience really (or at least, not more than it did before) - the user just sees a page reload taking a few seconds extra (and there are info messages in the status bar telling them what's going on in the mean time).



Some extra modifications have been done, importantly RSA encryption of the peer to peer messaging has been implemented.



As it stands, everything is badly in need of more eyes on it. I am much happier (see underlined above) and I have tested all this stuff to death, but the usefulness of that is limited beyond a certain point.



If anyone has questions about where to find stuff, please ask me. Commentary/update (refer to (EDIT: paper is now at https://github.com/tlsnotary/tlsnotary/blob/master/data/documentation/TLSNotary.pdf?raw=true ) for technical details):So the last few weeks have been focused on patching what was, although practically very implausible, a theoretically important weakness in the design that we had been working on. That's why I killed the earlier doc and video links.You can see a reference to it in the discussion on the thread back in February - does the fact that the client doesn't check the server mac during the (very brief) audit connection matter? Basically, yes it does - TLS provides authentication, and that mac check is the cornerstone of the authentication. It might be crazily difficult, but in principle someone might be able to alter the traffic in a malicious way.So this hole has been patched (credit to dansmith for the main idea to solve it), and as described in the abstract of the document in the previous post,, modulo a reduction in the entropy of the secret.How is it done? The client (the auditee) makes a request to the server using the tlsnotary special sauce negotiated premaster secret, but at that point doesn't know the server mac secret/key. When the server sends the response back, the client effectively hits 'pause' and doesn't decrypt this traffic. The client/auditee sends a hash of the traffic (i.e. a commitment) to the auditor, who only then sends to the client/auditee the required secret data to reconstruct the server mac secret. At this point the client has the entire master secret for the session and can safely decrypt. They could even render it in the browser safely, although for other reasons we set it up so the client only looks at the raw html of what's being audited (just that one page).All this shenanigans does not impact the user experience really (or at least, not more than it did before) - the user just sees a page reload taking a few seconds extra (and there are info messages in the status bar telling them what's going on in the mean time).Some extra modifications have been done, importantly RSA encryption of the peer to peer messaging has been implemented.As it stands, everything is badly in need of more eyes on it. I am much happier (see underlined above) and I have tested all this stuff to death, but the usefulness of that is limited beyond a certain point.If anyone has questions about where to find stuff, please ask me. PGP fingerprint 2B6FC204D9BF332D062B 461A141001A1AF77F20B (use email to contact)

waxwing



Offline



Activity: 469

Merit: 250







Sr. MemberActivity: 469Merit: 250 Re: tlsnotary - cryptographic proof of fiat transfer for p2p exchanges September 21, 2014, 06:57:52 PM #210

Yeah, it's still going



We'd like people to try it out, as it's basically a finished product now (famous last words )



Ideally if we could get a good group of people (we don't need hundreds or thousands, just 'some' is fine) that could give it a try, then we could iron out any bugs and also get good feedback on what proportion of websites it works OK with (from extensive automated testing, it works with the vast majority of https pages, but certain dynamic features in some websites might stop it working in the way you want).



Installing it is very easy nowadays compared to what it was. Just have Firefox, have Python, and it should run out of the box.



I've tried to put tons of explanatory information in the README on the main page:



Thanks. Hi yakov,Yeah, it's still goingWe'd like people to try it out, as it's basically a finished product now (famous last wordsIdeally if we could get a good group of people (we don't need hundreds or thousands, just 'some' is fine) that could give it a try, then we could iron out any bugs and also get good feedback on what proportion of websites it works OK with (from extensive automated testing, it works with the vast majority of https pages, but certain dynamic features in some websites might stop it working in the way you want).Installing it is very easy nowadays compared to what it was. Just have Firefox, have Python, and it should run out of the box.I've tried to put tons of explanatory information in the README on the main page: https://github.com/tlsnotary/tlsnotary . So anybody new to the project, start reading there.Thanks. PGP fingerprint 2B6FC204D9BF332D062B 461A141001A1AF77F20B (use email to contact)

hgt



Offline



Activity: 8

Merit: 0







NewbieActivity: 8Merit: 0 Re: tlsnotary - cryptographic proof of fiat transfer for p2p exchanges October 05, 2014, 06:14:07 PM #211 I hope I'll be forgiven if this is a question that has already been answered:



What if the "auditor" is an undercover cop and you're in a jurisdiction where this is illegal (surely everywhere once they find out about it)? Since the auditor can see your bank statement then he can see your account name and number and thus identify you. Is there provision for obfuscating that information?



hgt



Offline



Activity: 8

Merit: 0







NewbieActivity: 8Merit: 0 Re: tlsnotary - cryptographic proof of fiat transfer for p2p exchanges October 05, 2014, 11:29:28 PM #213 Quote from: marcus_of_augustus on October 05, 2014, 10:18:09 PM Quote from: hgt on October 05, 2014, 06:14:07 PM

... and you're in a jurisdiction where this is illegal (surely everywhere once they find out about it)?





Why would this be so?

Why would this be so?

Because they make the rules and they will change them to prohibit whatever they don't like. Witness the fact that we have statutes prohibiting "money laundering" and "structuring" - legal concepts that were invented in the last twenty years.



Even if they didn't act immediately, the banks would amend their TOS to disallow it, until the government caught up (but they're almost the same thing).



It's absolutely certain.



The only way to avoid such an outcome for the individual client is to prevent his real-world identification by the auditor. The client has to remain pseudonymous. If you have to trust the auditor then what have you accomplished with all the rest of the trustless technology?



Because they make the rules and they will change them to prohibit whatever they don't like. Witness the fact that we have statutes prohibiting "money laundering" and "structuring" - legal concepts that were invented in the last twenty years.Even if they didn't act immediately, the banks would amend their TOS to disallow it, until the government caught up (but they're almost the same thing).It's absolutely certain.The only way to avoid such an outcome for the individual client is to prevent his real-world identification by the auditor. The client has to remain pseudonymous. If you have to trust the auditor then what have you accomplished with all the rest of the trustless technology?

oakpacific



Offline



Activity: 784

Merit: 1000







Hero MemberActivity: 784Merit: 1000 Re: tlsnotary - cryptographic proof of fiat transfer for p2p exchanges October 06, 2014, 07:55:02 PM #214 Quote from: hgt on October 05, 2014, 11:29:28 PM Quote from: marcus_of_augustus on October 05, 2014, 10:18:09 PM Quote from: hgt on October 05, 2014, 06:14:07 PM

... and you're in a jurisdiction where this is illegal (surely everywhere once they find out about it)?





Why would this be so?

Why would this be so?

Because they make the rules and they will change them to prohibit whatever they don't like. Witness the fact that we have statutes prohibiting "money laundering" and "structuring" - legal concepts that were invented in the last twenty years.



Even if they didn't act immediately, the banks would amend their TOS to disallow it, until the government caught up (but they're almost the same thing).



It's absolutely certain.



The only way to avoid such an outcome for the individual client is to prevent his real-world identification by the auditor. The client has to remain pseudonymous. If you have to trust the auditor then what have you accomplished with all the rest of the trustless technology?





Because they make the rules and they will change them to prohibit whatever they don't like. Witness the fact that we have statutes prohibiting "money laundering" and "structuring" - legal concepts that were invented in the last twenty years.Even if they didn't act immediately, the banks would amend their TOS to disallow it, until the government caught up (but they're almost the same thing).It's absolutely certain.The only way to avoid such an outcome for the individual client is to prevent his real-world identification by the auditor. The client has to remain pseudonymous. If you have to trust the auditor then what have you accomplished with all the rest of the trustless technology?

Hello hgt, at this moment, what you have to rely on, is the good-old rep/rating system, much like, you know, how they did in online black markets to counter Sybil attack.



We do expand serious effort to come up with something that can allow an auditee to have only the part of his statement that is strictly necessary (i.e., the amount and the destination account) to be verified by the auditor to be authenticated(which we call the "dark mode" in a tongue-in-cheek way), in the end we prove it's somehow theoretically not impossible, but is rather tricky would require quite a lot of developmental effort. Also note that the 'dark mode' still can't protect the identity of the seller, which is inevitable as the auditor has to make sure the money goes to the right account.



The good news is that I believe we are definitely not on the radar of the agencies, if we ever become so popular to draw their attention , we will certainly invest much more effort into the anonymity protection.



Thank you for your question! Hello hgt, at this moment, what you have to rely on, is the good-old rep/rating system, much like, you know, how they did in online black markets to counter Sybil attack.We do expand serious effort to come up with something that can allow an auditee to have only the part of his statement that is strictly necessary (i.e., the amount and the destination account) to be verified by the auditor to be authenticated(which we call the "dark mode" in a tongue-in-cheek way), in the end we prove it's somehow theoretically not impossible, but is rather tricky would require quite a lot of developmental effort. Also note that the 'dark mode' still can't protect the identity of the seller, which is inevitable as the auditor has to make sure the money goes to the right account.The good news is that I believe we are definitely not on the radar of the agencies, if we ever become so popular to draw their attention, we will certainly invest much more effort into the anonymity protection.Thank you for your question! https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.

hgt



Offline



Activity: 8

Merit: 0







NewbieActivity: 8Merit: 0 Re: tlsnotary - cryptographic proof of fiat transfer for p2p exchanges October 06, 2014, 08:20:00 PM #215 Hi Oakpacific! Thanks very much for your thoughtul response.



Ratings will mitigate the problem of bad actors in the same way that ratings mitigate centralized monetary exchanges and markets.



Consider the late Sheep market as a perfect example of the latter.



An evil operator will patiently build reputation while fulfilling his role faithfully, all the while getting bigger and bigger, and then one day take everything and wipe his clients out.



In the case of an evil auditor (whether private or state) and auditees that are de-anonymized to him, he will patiently collect real-life identities until a huge database is amassed. Then one day there are sudden and co-ordinated mass arrests.



"Under the radar" is a silly idea. You think LE isn't already monitoring a big site such as this?





waxwing



Offline



Activity: 469

Merit: 250







Sr. MemberActivity: 469Merit: 250 Re: tlsnotary - cryptographic proof of fiat transfer for p2p exchanges October 06, 2014, 08:25:15 PM #216 Quote from: hgt on October 05, 2014, 06:14:07 PM I hope I'll be forgiven if this is a question that has already been answered:



What if the "auditor" is an undercover cop and you're in a jurisdiction where this is illegal (surely everywhere once they find out about it)? Since the auditor can see your bank statement then he can see your account name and number and thus identify you. Is there provision for obfuscating that information?





Another thing to reflect on: I (like millions of people around the world) have had occasion in the past to *print* my bank statement - including the account name and number and the balance, and monthly transactions, and present it to a local bureaucratic office to "prove" my savings/income. This was done without my bank's permission.



Is tlsnotary really so different to that, in terms of privacy and permission? It *is* different in one very important sense - it's *actual* proof, not pretend proof!

Another thing to reflect on: I (like millions of people around the world) have had occasion in the past to *print* my bank statement - including the account name and number and the balance, and monthly transactions, and present it to a local bureaucratic office to "prove" my savings/income. This was done without my bank's permission.Is tlsnotary really so different to that, in terms of privacy and permission? It *is* different in one very important sense - it's *actual* proof, not pretend proof! PGP fingerprint 2B6FC204D9BF332D062B 461A141001A1AF77F20B (use email to contact)

hgt



Offline



Activity: 8

Merit: 0







NewbieActivity: 8Merit: 0 Re: tlsnotary - cryptographic proof of fiat transfer for p2p exchanges October 07, 2014, 02:07:08 AM #217 Hi Waxwing! Yes, your comparison is very reasonable.



But we're not discussing a reasonable adversary, but one who uses armed force to gain economic advantage and who adjusts the rules to suit its goals.



tlsnotary will be construed as something like wire-tapping and conspiracy to commit fraud (after all, the bank, who is one party to the communication, has not consented to the use of tlsnotary). I'm not calling it that; I'm saying that they'll apply some such label. And if the statutes as they stand are not sufficient then they'll change them to make their case stick.



But if they can't identify the participants because they remain pseudonymous then the statutes are moot.