You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by John McCane-Whitney <jo...@qredo.com> on 2019/09/17 16:02:01 UTC
[VOTE] Release Apache Milagro (incubating) Decentralized Trust
Authority v0.1.0 (alpha release)
Hi,
This is a call to vote to release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release).
The Apache Milagro (incubating) community has voted to approve this release with 6 +1 votes. The vote result thread can be found here:
https://lists.apache.org/thread.html/d4b0d5c1c1a2ed991104f0804d6faaaf70f32a865316d5aaf91e18bf@%3Cdev.milagro.apache.org%3E
RELEASE TAG:
Milagro Decentralized Trust Authority v0.1.0 (alpha release) release tag:
https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0
Please see the release notes at the above link for a full description and release rationale.
DESCRIPTION SUMMARY:
The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is a collaborative key management server. It has two primary functions:
-Issue shares of identity-based Type-3 pairing secrets for initializing zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of clients and authentication servers.
-Safeguards shares of generic secrets, acting independently but in conjunction with other D-TA nodes, for the benefit of other D-TA nodes.
In the use case where it issues shares, the D-TA holds nothing except for its Master Secret and acts as a distributed private key generation server. In the use case where it is safeguarding shares of secrets, it is up to the application developer to implement back-end application logic to hold those shares securely. Examples include using Hardware Security Modules (HSMs) via an on-board PKCS#11 implementation to create a realm of key encryption keys, or multi-party computation through BLS signature aggregation.
RELEASE RATIONALE SUMMARY:
By default, the D-TA allows requests from a Principal's D-TA for an secp256k1 public key from a Fiduciary D-TA and then to subsequently allow the Principal to request its corresponding private key. Whilst this may have utility on its own, the Milagro community's intention is to extend the capability of the server over time to meet many key generation, storage and distribution use cases. This will be achieved using the D-TA's plugin architecture, and to this end, the initial release includes two plugins to demonstrate the D-TA's extensibility.
Subsequent releases will enable the D-TA to issue Type-3 pairing/identity based secrets for "M-Pin" clients and servers ("M-Pin" is a zero-knowledge authentication protocol in the milagro-crypto-c library that also facilitates multi-factor authentication). In parallel with this will be a rewritten release of the Milagro MFA Authentication server (the original authentication server was conflated with the D-TA function limiting its security efficacy).
The Milagro community is publishing this first release of the D-TA now to elicit feedback from a wider community that may have interest in an open source, decentralized key generation, storage and distribution solution. Our intention is to then to release a series of enhanced versions culminating with a production-ready GA version.
Please see the README for build/test instructions and https://milagro.apache.org/docs/d-ta-overview for a full overview and usage guide.
RELEASE FILES:
The repo has the required DISCLAIMER, NOTICE and LICENSE files in its root directory. All source files have the appropriate license header. No binaries are included in this release. I have successfully built and ran the tests as per the instructions in the readme file on Ubuntu 18, Ubuntu 19, Debian 10 and MacOS 10.14 Mojave.
Release links:
Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz
SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.sha512
PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.asc
Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS
Please note that the project's website (https://milagro.apache.org) will be updated with download links as soon as the release's approval has been completed and the archives are available for public download.
We now kindly request that the Incubator PMC members review and vote on this incubator release as follows:
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove with the reason
Checklist for reference:
[ ] Download links are valid
[ ] Checksums and PGP signatures are valid
[ ] DISCLAIMER, LICENCE & NOTICE files are included
[ ] Source code archives have correct names matching the current release.
[ ] All source code files have licence headers
[ ] No compiled binaries are included
[ ] Library builds correctly and all tests pass (as per the instructions in the readme file)
The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release.
Many thanks,
John
John McCane-Whitney
Director of Product at Qredo Ltd
T: +44 7966 490687
Kemp House
152 - 160 City Road
London
EC1V 2NX
https://qredo.com
Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system.
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Milagro (incubating) Decentralized Trust
Authority v0.1.0 (alpha release)
Posted by Brian Spector <br...@qredo.com>.
+1 from me.
On 30/09/2019, 16:59, "John McCane-Whitney" <jo...@qredo.com> wrote:
Hi everyone,
I just wanted to give everyone an update on how I think we should proceed following the comments/votes from Julian Feinauer and Dave Fisher (below).
I've been in touch with Julian to try to troubleshoot the issue he's having building the D-TA Docker (and also his crypto-js issue, although that's not relevant to the D-TA release).
Once his D-TA issue has been resolved, I propose:
1. Scrap the D-TA v0.1.0 release
2. Update the missing licence headers (done)
3. Replace the standard Apache DISCLAIMER with their WIP-DISCLAIMER (as suggested by Dave Fisher)
4. Create a new v0.1.1 release of the D-TA and send around for voting
I believe using the WIP-DISCLAIMER is appropriate whilst the build scripts, docker files and project documentation refer to building directly from GitHub and not from the signed source archives. Unfortunately the D-TA has a dependency on some additions to the crypto-c library that were made since its own official release. Therefore I propose to then proceed as follows:
1. Make a new release of the crypto-c library (v1.1.0) that includes the updates required by the D-TA
2. Wait for this to be approved and officially released
3. Update the D-TA's build scripts, dockerfile & documentation to build from its own signed source archive and the crypto-c library's officially released signed source archive
4. Swap the standard DISCLAIMER back in for the WIP-DISCLAIMER
5. Make v0.2.0(beta) of the D-TA and send out for voting
Please let me know if you have any objections, otherwise I'll start actioning the above.
Regards,
John
-----Original Message-----
From: Julian Feinauer <j....@pragmaticminds.de>
Sent: 19 September 2019 22:01
To: general@incubator.apache.org
Cc: dev@milagro.apache.org
Subject: Re: [VOTE] Release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release)
Hi,
let me initially say, that the release locks pretty good and well prepared. But, unfortunately I found two issues I would consider major, thus I vote
-1 (binding)
Remember, this is no VETO so this does not necessarily stop the release. But from my experience its easier to fix things while you still are in release mode than after one. The two major issues I see are the Headers and the failing build of dta.
I checked:
- Keys present in KEYS file
- Signatures and Hash match for all 3 artifacts
- DISCLAIMER is present, see findings below
- LICENSE and NOTICE
- Building of sources
- works for crypto C (`make`)
- works for crypt js (`npm install`) but `npm test` fails, see below
- fails for dta, see below
(Minor) Findings:
- Why is the DISCLAIMER different(ly formatted) for dta than for crypto c/js ?
(Less Minor) Findings:
- Several Files do not have apache headers. But at least "code" files like Dockerfile's and bash scripts should for sure have some (also CMake).
In dta these are, e.g.
/.dockerignore
25 ./.gitignore
26 ./.travis.yml
27 ./Dockerfile
28 ./Dockerfile-alpine
29 ./build-static.sh
30 ./build.sh
31 ./go.mod
32 ./go.sum
33 ./lint.sh
34 ./report
35 ./test.sh
36 ./cmd/servicetester/e2e_test.sh
37 ./cmd/servicetester/fulltest.sh
38 ./cmd/servicetester/id_test.sh
39 ./libs/crypto/libpqnist/CMakeLists.txt
40 ./libs/crypto/libpqnist/CPackConfig.cmake
41 ./libs/crypto/libpqnist/VERSION
42 ./libs/crypto/libpqnist/cmake_uninstall.cmake.in
43 ./libs/crypto/libpqnist/examples/CMakeLists.txt
44 ./libs/crypto/libpqnist/include/CMakeLists.txt
45 ./libs/crypto/libpqnist/src/CMakeLists.txt
46 ./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
47 ./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
48 ./libs/documents/docs.pb.go
49 ./libs/documents/docs.proto
50 ./libs/documents/docs.validator.pb.go
51 ./pkg/safeguardsecret/README.md
52 ./pkg/safeguardsecret/open-api.yaml
- When trying to build dta on MacOs via Docker I Get
Digest: sha256:b88f8848e9a1a4e4558ba7cfc4acc5879e1d0e7ac06401409062ad2627e6fb58
Status: Downloaded newer image for ubuntu:latest ---> 2ca708c1c9cc
Step 2/29 : RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates cmake g++ gcc git make libtool automake libssl-dev
---> Running in f8a17dc7ab42
Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:3 http://security.ubuntu.com/ubuntu bionic-security InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
403 Forbidden [IP: 91.189.88.31 80]
Reading package lists...
E: The repository 'http://archive.ubuntu.com/ubuntu bionic InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-updates InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-backports InRelease' is not signed.
The command '/bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates cmake g++ gcc git make libtool automake libssl-dev' returned a non-zero code: 100
`npm test` fails for me with the following:
1 failing
1)
TEST MPIN BLS461
test MPin Kangaroo:
AssertionError: expected 0 to equal 1111
at Context.<anonymous> (test/test_MPIN.js:310:31)
at processImmediate (internal/timers.js:443:21)
npm ERR! Test failed. See above for more details.
Best and feel free to ask if something is unclear or needs discussion!
Julian
Am 19.09.19, 13:58 schrieb "Dave Fisher" <wa...@apache.org>:
Hi -
+1 (binding)
Keys present
DISCLAIMER checked - See (3)
LICENSE and NOTICE checked
Signature and Hash checked
Rat Check run - See (2) below.
Did NOT build, I’m on a macOS - See (1) below.
(1) In subsequent releases please make sure that the instructions are to build from the source releases and NOT the GitHub tags as these are not immutable. Also the Docker files and build shell scripts refer to GitHub and not the source release. I understand that these distinctions may be difficult considering CI/CD vs. Release Policy.
I also think that the Milagro Crypto dependency should be picked from a release and not a Github tag.
(2) I believe License headers should be added to:
./Dockerfile
./Dockerfile-alpine
./build-static.sh
./build.sh
./go.mod
./go.sum
./lint.sh
./test.sh
./cmd/servicetester/e2e_test.sh
./cmd/servicetester/fulltest.sh
./cmd/servicetester/id_test.sh
./libs/crypto/libpqnist/CMakeLists.txt
./libs/crypto/libpqnist/CPackConfig.cmake
./libs/crypto/libpqnist/cmake_uninstall.cmake.in
./libs/crypto/libpqnist/examples/CMakeLists.txt
./libs/crypto/libpqnist/include/CMakeLists.txt
./libs/crypto/libpqnist/src/CMakeLists.txt
./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
./libs/documents/docs.proto
./pkg/safeguardsecret/README.md
(3) Consider use of the DISCLAIMER-WIP.
Good to see progress here.
Regards,
Dave
> On Sep 17, 2019, at 9:02 AM, John McCane-Whitney <jo...@qredo.com> wrote:
>
> Hi,
>
> This is a call to vote to release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release).
>
> The Apache Milagro (incubating) community has voted to approve this release with 6 +1 votes. The vote result thread can be found here:
>
> https://lists.apache.org/thread.html/d4b0d5c1c1a2ed991104f0804d6faaaf70f32a865316d5aaf91e18bf@%3Cdev.milagro.apache.org%3E
>
> RELEASE TAG:
> Milagro Decentralized Trust Authority v0.1.0 (alpha release) release tag:
> https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0
> Please see the release notes at the above link for a full description and release rationale.
>
> DESCRIPTION SUMMARY:
> The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is a collaborative key management server. It has two primary functions:
>
> -Issue shares of identity-based Type-3 pairing secrets for initializing zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of clients and authentication servers.
> -Safeguards shares of generic secrets, acting independently but in conjunction with other D-TA nodes, for the benefit of other D-TA nodes.
>
> In the use case where it issues shares, the D-TA holds nothing except for its Master Secret and acts as a distributed private key generation server. In the use case where it is safeguarding shares of secrets, it is up to the application developer to implement back-end application logic to hold those shares securely. Examples include using Hardware Security Modules (HSMs) via an on-board PKCS#11 implementation to create a realm of key encryption keys, or multi-party computation through BLS signature aggregation.
>
> RELEASE RATIONALE SUMMARY:
> By default, the D-TA allows requests from a Principal's D-TA for an secp256k1 public key from a Fiduciary D-TA and then to subsequently allow the Principal to request its corresponding private key. Whilst this may have utility on its own, the Milagro community's intention is to extend the capability of the server over time to meet many key generation, storage and distribution use cases. This will be achieved using the D-TA's plugin architecture, and to this end, the initial release includes two plugins to demonstrate the D-TA's extensibility.
>
> Subsequent releases will enable the D-TA to issue Type-3 pairing/identity based secrets for "M-Pin" clients and servers ("M-Pin" is a zero-knowledge authentication protocol in the milagro-crypto-c library that also facilitates multi-factor authentication). In parallel with this will be a rewritten release of the Milagro MFA Authentication server (the original authentication server was conflated with the D-TA function limiting its security efficacy).
>
> The Milagro community is publishing this first release of the D-TA now to elicit feedback from a wider community that may have interest in an open source, decentralized key generation, storage and distribution solution. Our intention is to then to release a series of enhanced versions culminating with a production-ready GA version.
>
> Please see the README for build/test instructions and https://milagro.apache.org/docs/d-ta-overview for a full overview and usage guide.
>
> RELEASE FILES:
> The repo has the required DISCLAIMER, NOTICE and LICENSE files in its root directory. All source files have the appropriate license header. No binaries are included in this release. I have successfully built and ran the tests as per the instructions in the readme file on Ubuntu 18, Ubuntu 19, Debian 10 and MacOS 10.14 Mojave.
>
> Release links:
> Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz
> SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.sha512
> PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.asc
> Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS
>
> Please note that the project's website (https://milagro.apache.org) will be updated with download links as soon as the release's approval has been completed and the archives are available for public download.
>
> We now kindly request that the Incubator PMC members review and vote on this incubator release as follows:
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove with the reason
>
> Checklist for reference:
>
> [ ] Download links are valid
> [ ] Checksums and PGP signatures are valid
> [ ] DISCLAIMER, LICENCE & NOTICE files are included
> [ ] Source code archives have correct names matching the current release.
> [ ] All source code files have licence headers
> [ ] No compiled binaries are included
> [ ] Library builds correctly and all tests pass (as per the instructions in the readme file)
>
> The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release.
>
> Many thanks,
>
> John
>
> John McCane-Whitney
> Director of Product at Qredo Ltd
> T: +44 7966 490687
> Kemp House
> 152 - 160 City Road
> London
> EC1V 2NX
> https://qredo.com
> Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
FW: [VOTE] Release Apache Milagro (incubating) Decentralized Trust
Authority v0.1.0 (alpha release)
Posted by John McCane-Whitney <jo...@qredo.com>.
Hi everyone,
I just wanted to give everyone an update on how I think we should proceed following the comments/votes from Julian Feinauer and Dave Fisher (below).
I've been in touch with Julian to try to troubleshoot the issue he's having building the D-TA Docker (and also his crypto-js issue, although that's not relevant to the D-TA release).
Once his D-TA issue has been resolved, I propose:
1. Scrap the D-TA v0.1.0 release
2. Update the missing licence headers (done)
3. Replace the standard Apache DISCLAIMER with their WIP-DISCLAIMER (as suggested by Dave Fisher)
4. Create a new v0.1.1 release of the D-TA and send around for voting
I believe using the WIP-DISCLAIMER is appropriate whilst the build scripts, docker files and project documentation refer to building directly from GitHub and not from the signed source archives. Unfortunately the D-TA has a dependency on some additions to the crypto-c library that were made since its own official release. Therefore I propose to then proceed as follows:
1. Make a new release of the crypto-c library (v1.1.0) that includes the updates required by the D-TA
2. Wait for this to be approved and officially released
3. Update the D-TA's build scripts, dockerfile & documentation to build from its own signed source archive and the crypto-c library's officially released signed source archive
4. Swap the standard DISCLAIMER back in for the WIP-DISCLAIMER
5. Make v0.2.0(beta) of the D-TA and send out for voting
Please let me know if you have any objections, otherwise I'll start actioning the above.
Regards,
John
-----Original Message-----
From: Julian Feinauer <j....@pragmaticminds.de>
Sent: 19 September 2019 22:01
To: general@incubator.apache.org
Cc: dev@milagro.apache.org
Subject: Re: [VOTE] Release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release)
Hi,
let me initially say, that the release locks pretty good and well prepared. But, unfortunately I found two issues I would consider major, thus I vote
-1 (binding)
Remember, this is no VETO so this does not necessarily stop the release. But from my experience its easier to fix things while you still are in release mode than after one. The two major issues I see are the Headers and the failing build of dta.
I checked:
- Keys present in KEYS file
- Signatures and Hash match for all 3 artifacts
- DISCLAIMER is present, see findings below
- LICENSE and NOTICE
- Building of sources
- works for crypto C (`make`)
- works for crypt js (`npm install`) but `npm test` fails, see below
- fails for dta, see below
(Minor) Findings:
- Why is the DISCLAIMER different(ly formatted) for dta than for crypto c/js ?
(Less Minor) Findings:
- Several Files do not have apache headers. But at least "code" files like Dockerfile's and bash scripts should for sure have some (also CMake).
In dta these are, e.g.
/.dockerignore
25 ./.gitignore
26 ./.travis.yml
27 ./Dockerfile
28 ./Dockerfile-alpine
29 ./build-static.sh
30 ./build.sh
31 ./go.mod
32 ./go.sum
33 ./lint.sh
34 ./report
35 ./test.sh
36 ./cmd/servicetester/e2e_test.sh
37 ./cmd/servicetester/fulltest.sh
38 ./cmd/servicetester/id_test.sh
39 ./libs/crypto/libpqnist/CMakeLists.txt
40 ./libs/crypto/libpqnist/CPackConfig.cmake
41 ./libs/crypto/libpqnist/VERSION
42 ./libs/crypto/libpqnist/cmake_uninstall.cmake.in
43 ./libs/crypto/libpqnist/examples/CMakeLists.txt
44 ./libs/crypto/libpqnist/include/CMakeLists.txt
45 ./libs/crypto/libpqnist/src/CMakeLists.txt
46 ./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
47 ./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
48 ./libs/documents/docs.pb.go
49 ./libs/documents/docs.proto
50 ./libs/documents/docs.validator.pb.go
51 ./pkg/safeguardsecret/README.md
52 ./pkg/safeguardsecret/open-api.yaml
- When trying to build dta on MacOs via Docker I Get
Digest: sha256:b88f8848e9a1a4e4558ba7cfc4acc5879e1d0e7ac06401409062ad2627e6fb58
Status: Downloaded newer image for ubuntu:latest ---> 2ca708c1c9cc
Step 2/29 : RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates cmake g++ gcc git make libtool automake libssl-dev
---> Running in f8a17dc7ab42
Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:3 http://security.ubuntu.com/ubuntu bionic-security InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
403 Forbidden [IP: 91.189.88.31 80]
Reading package lists...
E: The repository 'http://archive.ubuntu.com/ubuntu bionic InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-updates InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-backports InRelease' is not signed.
The command '/bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates cmake g++ gcc git make libtool automake libssl-dev' returned a non-zero code: 100
`npm test` fails for me with the following:
1 failing
1)
TEST MPIN BLS461
test MPin Kangaroo:
AssertionError: expected 0 to equal 1111
at Context.<anonymous> (test/test_MPIN.js:310:31)
at processImmediate (internal/timers.js:443:21)
npm ERR! Test failed. See above for more details.
Best and feel free to ask if something is unclear or needs discussion!
Julian
Am 19.09.19, 13:58 schrieb "Dave Fisher" <wa...@apache.org>:
Hi -
+1 (binding)
Keys present
DISCLAIMER checked - See (3)
LICENSE and NOTICE checked
Signature and Hash checked
Rat Check run - See (2) below.
Did NOT build, I’m on a macOS - See (1) below.
(1) In subsequent releases please make sure that the instructions are to build from the source releases and NOT the GitHub tags as these are not immutable. Also the Docker files and build shell scripts refer to GitHub and not the source release. I understand that these distinctions may be difficult considering CI/CD vs. Release Policy.
I also think that the Milagro Crypto dependency should be picked from a release and not a Github tag.
(2) I believe License headers should be added to:
./Dockerfile
./Dockerfile-alpine
./build-static.sh
./build.sh
./go.mod
./go.sum
./lint.sh
./test.sh
./cmd/servicetester/e2e_test.sh
./cmd/servicetester/fulltest.sh
./cmd/servicetester/id_test.sh
./libs/crypto/libpqnist/CMakeLists.txt
./libs/crypto/libpqnist/CPackConfig.cmake
./libs/crypto/libpqnist/cmake_uninstall.cmake.in
./libs/crypto/libpqnist/examples/CMakeLists.txt
./libs/crypto/libpqnist/include/CMakeLists.txt
./libs/crypto/libpqnist/src/CMakeLists.txt
./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
./libs/documents/docs.proto
./pkg/safeguardsecret/README.md
(3) Consider use of the DISCLAIMER-WIP.
Good to see progress here.
Regards,
Dave
> On Sep 17, 2019, at 9:02 AM, John McCane-Whitney <jo...@qredo.com> wrote:
>
> Hi,
>
> This is a call to vote to release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release).
>
> The Apache Milagro (incubating) community has voted to approve this release with 6 +1 votes. The vote result thread can be found here:
>
> https://lists.apache.org/thread.html/d4b0d5c1c1a2ed991104f0804d6faaaf70f32a865316d5aaf91e18bf@%3Cdev.milagro.apache.org%3E
>
> RELEASE TAG:
> Milagro Decentralized Trust Authority v0.1.0 (alpha release) release tag:
> https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0
> Please see the release notes at the above link for a full description and release rationale.
>
> DESCRIPTION SUMMARY:
> The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is a collaborative key management server. It has two primary functions:
>
> -Issue shares of identity-based Type-3 pairing secrets for initializing zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of clients and authentication servers.
> -Safeguards shares of generic secrets, acting independently but in conjunction with other D-TA nodes, for the benefit of other D-TA nodes.
>
> In the use case where it issues shares, the D-TA holds nothing except for its Master Secret and acts as a distributed private key generation server. In the use case where it is safeguarding shares of secrets, it is up to the application developer to implement back-end application logic to hold those shares securely. Examples include using Hardware Security Modules (HSMs) via an on-board PKCS#11 implementation to create a realm of key encryption keys, or multi-party computation through BLS signature aggregation.
>
> RELEASE RATIONALE SUMMARY:
> By default, the D-TA allows requests from a Principal's D-TA for an secp256k1 public key from a Fiduciary D-TA and then to subsequently allow the Principal to request its corresponding private key. Whilst this may have utility on its own, the Milagro community's intention is to extend the capability of the server over time to meet many key generation, storage and distribution use cases. This will be achieved using the D-TA's plugin architecture, and to this end, the initial release includes two plugins to demonstrate the D-TA's extensibility.
>
> Subsequent releases will enable the D-TA to issue Type-3 pairing/identity based secrets for "M-Pin" clients and servers ("M-Pin" is a zero-knowledge authentication protocol in the milagro-crypto-c library that also facilitates multi-factor authentication). In parallel with this will be a rewritten release of the Milagro MFA Authentication server (the original authentication server was conflated with the D-TA function limiting its security efficacy).
>
> The Milagro community is publishing this first release of the D-TA now to elicit feedback from a wider community that may have interest in an open source, decentralized key generation, storage and distribution solution. Our intention is to then to release a series of enhanced versions culminating with a production-ready GA version.
>
> Please see the README for build/test instructions and https://milagro.apache.org/docs/d-ta-overview for a full overview and usage guide.
>
> RELEASE FILES:
> The repo has the required DISCLAIMER, NOTICE and LICENSE files in its root directory. All source files have the appropriate license header. No binaries are included in this release. I have successfully built and ran the tests as per the instructions in the readme file on Ubuntu 18, Ubuntu 19, Debian 10 and MacOS 10.14 Mojave.
>
> Release links:
> Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz
> SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.sha512
> PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.asc
> Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS
>
> Please note that the project's website (https://milagro.apache.org) will be updated with download links as soon as the release's approval has been completed and the archives are available for public download.
>
> We now kindly request that the Incubator PMC members review and vote on this incubator release as follows:
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove with the reason
>
> Checklist for reference:
>
> [ ] Download links are valid
> [ ] Checksums and PGP signatures are valid
> [ ] DISCLAIMER, LICENCE & NOTICE files are included
> [ ] Source code archives have correct names matching the current release.
> [ ] All source code files have licence headers
> [ ] No compiled binaries are included
> [ ] Library builds correctly and all tests pass (as per the instructions in the readme file)
>
> The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release.
>
> Many thanks,
>
> John
>
> John McCane-Whitney
> Director of Product at Qredo Ltd
> T: +44 7966 490687
> Kemp House
> 152 - 160 City Road
> London
> EC1V 2NX
> https://qredo.com
> Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
RE: [VOTE] Release Apache Milagro (incubating) Decentralized Trust
Authority v0.1.0 (alpha release)
Posted by John McCane-Whitney <jo...@qredo.com>.
Hi Julian,
Many thanks for your updated vote.
In the next release, we'll make the following changes:
- Add missing licence headers to all source code files
- Ensure that all build scripts, docker files and documentation build from official signed source archives (as per Dave Fisher's observations)
Regards,
John
-----Original Message-----
From: Julian Feinauer <j....@pragmaticminds.de>
Sent: 02 October 2019 11:54
To: general@incubator.apache.org
Subject: Re: [VOTE] Release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release)
Hi all,
I change my vote to
+1 (binding)
It seems like I had some issues on my machine and on another PC the builds work.
So my "major" concerns are no longer true and I change my vote.
So, from below my checks:
- Keys present in KEYS file
- Signatures and Hash match for all 3 artifacts
- DISCLAIMER is present, see findings below
- LICENSE and NOTICE
- Building of sources
- works for crypto C (`make`)
- works for crypt js (`npm install` and `npm test`)
- works for dta
The other "minor" findings should be corrected for the next release (see below).
Thanks to John for his support and work helping me with the release.
Best
Julian
Am 19.09.19, 23:01 schrieb "Julian Feinauer" <j....@pragmaticminds.de>:
Hi,
let me initially say, that the release locks pretty good and well prepared. But, unfortunately I found two issues I would consider major, thus I vote
-1 (binding)
Remember, this is no VETO so this does not necessarily stop the release. But from my experience its easier to fix things while you still are in release mode than after one. The two major issues I see are the Headers and the failing build of dta.
I checked:
- Keys present in KEYS file
- Signatures and Hash match for all 3 artifacts
- DISCLAIMER is present, see findings below
- LICENSE and NOTICE
- Building of sources
- works for crypto C (`make`)
- works for crypt js (`npm install`) but `npm test` fails, see below
- fails for dta, see below
(Minor) Findings:
- Why is the DISCLAIMER different(ly formatted) for dta than for crypto c/js ?
(Less Minor) Findings:
- Several Files do not have apache headers. But at least "code" files like Dockerfile's and bash scripts should for sure have some (also CMake).
In dta these are, e.g.
/.dockerignore
25 ./.gitignore
26 ./.travis.yml
27 ./Dockerfile
28 ./Dockerfile-alpine
29 ./build-static.sh
30 ./build.sh
31 ./go.mod
32 ./go.sum
33 ./lint.sh
34 ./report
35 ./test.sh
36 ./cmd/servicetester/e2e_test.sh
37 ./cmd/servicetester/fulltest.sh
38 ./cmd/servicetester/id_test.sh
39 ./libs/crypto/libpqnist/CMakeLists.txt
40 ./libs/crypto/libpqnist/CPackConfig.cmake
41 ./libs/crypto/libpqnist/VERSION
42 ./libs/crypto/libpqnist/cmake_uninstall.cmake.in
43 ./libs/crypto/libpqnist/examples/CMakeLists.txt
44 ./libs/crypto/libpqnist/include/CMakeLists.txt
45 ./libs/crypto/libpqnist/src/CMakeLists.txt
46 ./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
47 ./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
48 ./libs/documents/docs.pb.go
49 ./libs/documents/docs.proto
50 ./libs/documents/docs.validator.pb.go
51 ./pkg/safeguardsecret/README.md
52 ./pkg/safeguardsecret/open-api.yaml
- When trying to build dta on MacOs via Docker I Get
Digest: sha256:b88f8848e9a1a4e4558ba7cfc4acc5879e1d0e7ac06401409062ad2627e6fb58
Status: Downloaded newer image for ubuntu:latest
---> 2ca708c1c9cc
Step 2/29 : RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates cmake g++ gcc git make libtool automake libssl-dev
---> Running in f8a17dc7ab42
Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:3 http://security.ubuntu.com/ubuntu bionic-security InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
403 Forbidden [IP: 91.189.88.31 80]
Reading package lists...
E: The repository 'http://archive.ubuntu.com/ubuntu bionic InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-updates InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-backports InRelease' is not signed.
The command '/bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates cmake g++ gcc git make libtool automake libssl-dev' returned a non-zero code: 100
`npm test` fails for me with the following:
1 failing
1)
TEST MPIN BLS461
test MPin Kangaroo:
AssertionError: expected 0 to equal 1111
at Context.<anonymous> (test/test_MPIN.js:310:31)
at processImmediate (internal/timers.js:443:21)
npm ERR! Test failed. See above for more details.
Best and feel free to ask if something is unclear or needs discussion!
Julian
Am 19.09.19, 13:58 schrieb "Dave Fisher" <wa...@apache.org>:
Hi -
+1 (binding)
Keys present
DISCLAIMER checked - See (3)
LICENSE and NOTICE checked
Signature and Hash checked
Rat Check run - See (2) below.
Did NOT build, I’m on a macOS - See (1) below.
(1) In subsequent releases please make sure that the instructions are to build from the source releases and NOT the GitHub tags as these are not immutable. Also the Docker files and build shell scripts refer to GitHub and not the source release. I understand that these distinctions may be difficult considering CI/CD vs. Release Policy.
I also think that the Milagro Crypto dependency should be picked from a release and not a Github tag.
(2) I believe License headers should be added to:
./Dockerfile
./Dockerfile-alpine
./build-static.sh
./build.sh
./go.mod
./go.sum
./lint.sh
./test.sh
./cmd/servicetester/e2e_test.sh
./cmd/servicetester/fulltest.sh
./cmd/servicetester/id_test.sh
./libs/crypto/libpqnist/CMakeLists.txt
./libs/crypto/libpqnist/CPackConfig.cmake
./libs/crypto/libpqnist/cmake_uninstall.cmake.in
./libs/crypto/libpqnist/examples/CMakeLists.txt
./libs/crypto/libpqnist/include/CMakeLists.txt
./libs/crypto/libpqnist/src/CMakeLists.txt
./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
./libs/documents/docs.proto
./pkg/safeguardsecret/README.md
(3) Consider use of the DISCLAIMER-WIP.
Good to see progress here.
Regards,
Dave
> On Sep 17, 2019, at 9:02 AM, John McCane-Whitney <jo...@qredo.com> wrote:
>
> Hi,
>
> This is a call to vote to release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release).
>
> The Apache Milagro (incubating) community has voted to approve this release with 6 +1 votes. The vote result thread can be found here:
>
> https://lists.apache.org/thread.html/d4b0d5c1c1a2ed991104f0804d6faaaf70f32a865316d5aaf91e18bf@%3Cdev.milagro.apache.org%3E
>
> RELEASE TAG:
> Milagro Decentralized Trust Authority v0.1.0 (alpha release) release tag:
> https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0
> Please see the release notes at the above link for a full description and release rationale.
>
> DESCRIPTION SUMMARY:
> The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is a collaborative key management server. It has two primary functions:
>
> -Issue shares of identity-based Type-3 pairing secrets for initializing zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of clients and authentication servers.
> -Safeguards shares of generic secrets, acting independently but in conjunction with other D-TA nodes, for the benefit of other D-TA nodes.
>
> In the use case where it issues shares, the D-TA holds nothing except for its Master Secret and acts as a distributed private key generation server. In the use case where it is safeguarding shares of secrets, it is up to the application developer to implement back-end application logic to hold those shares securely. Examples include using Hardware Security Modules (HSMs) via an on-board PKCS#11 implementation to create a realm of key encryption keys, or multi-party computation through BLS signature aggregation.
>
> RELEASE RATIONALE SUMMARY:
> By default, the D-TA allows requests from a Principal's D-TA for an secp256k1 public key from a Fiduciary D-TA and then to subsequently allow the Principal to request its corresponding private key. Whilst this may have utility on its own, the Milagro community's intention is to extend the capability of the server over time to meet many key generation, storage and distribution use cases. This will be achieved using the D-TA's plugin architecture, and to this end, the initial release includes two plugins to demonstrate the D-TA's extensibility.
>
> Subsequent releases will enable the D-TA to issue Type-3 pairing/identity based secrets for "M-Pin" clients and servers ("M-Pin" is a zero-knowledge authentication protocol in the milagro-crypto-c library that also facilitates multi-factor authentication). In parallel with this will be a rewritten release of the Milagro MFA Authentication server (the original authentication server was conflated with the D-TA function limiting its security efficacy).
>
> The Milagro community is publishing this first release of the D-TA now to elicit feedback from a wider community that may have interest in an open source, decentralized key generation, storage and distribution solution. Our intention is to then to release a series of enhanced versions culminating with a production-ready GA version.
>
> Please see the README for build/test instructions and https://milagro.apache.org/docs/d-ta-overview for a full overview and usage guide.
>
> RELEASE FILES:
> The repo has the required DISCLAIMER, NOTICE and LICENSE files in its root directory. All source files have the appropriate license header. No binaries are included in this release. I have successfully built and ran the tests as per the instructions in the readme file on Ubuntu 18, Ubuntu 19, Debian 10 and MacOS 10.14 Mojave.
>
> Release links:
> Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz
> SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.sha512
> PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.asc
> Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS
>
> Please note that the project's website (https://milagro.apache.org) will be updated with download links as soon as the release's approval has been completed and the archives are available for public download.
>
> We now kindly request that the Incubator PMC members review and vote on this incubator release as follows:
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove with the reason
>
> Checklist for reference:
>
> [ ] Download links are valid
> [ ] Checksums and PGP signatures are valid
> [ ] DISCLAIMER, LICENCE & NOTICE files are included
> [ ] Source code archives have correct names matching the current release.
> [ ] All source code files have licence headers
> [ ] No compiled binaries are included
> [ ] Library builds correctly and all tests pass (as per the instructions in the readme file)
>
> The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release.
>
> Many thanks,
>
> John
>
> John McCane-Whitney
> Director of Product at Qredo Ltd
> T: +44 7966 490687
> Kemp House
> 152 - 160 City Road
> London
> EC1V 2NX
> https://qredo.com
> Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
�B�KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB����[��X��ܚX�K��K[XZ[
���[�\�[
][��X��ܚX�P�[��X�]�܋�\�X��K�ܙ�B��܈�Y��]�[ۘ[����[X[�����K[XZ[
���[�\�[
Z�[���[��X�]�܋�\�X��K�ܙ�B
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Milagro (incubating) Decentralized Trust
Authority v0.1.0 (alpha release)
Posted by Julian Feinauer <j....@pragmaticminds.de>.
Hi all,
I change my vote to
+1 (binding)
It seems like I had some issues on my machine and on another PC the builds work.
So my "major" concerns are no longer true and I change my vote.
So, from below my checks:
- Keys present in KEYS file
- Signatures and Hash match for all 3 artifacts
- DISCLAIMER is present, see findings below
- LICENSE and NOTICE
- Building of sources
- works for crypto C (`make`)
- works for crypt js (`npm install` and `npm test`)
- works for dta
The other "minor" findings should be corrected for the next release (see below).
Thanks to John for his support and work helping me with the release.
Best
Julian
Am 19.09.19, 23:01 schrieb "Julian Feinauer" <j....@pragmaticminds.de>:
Hi,
let me initially say, that the release locks pretty good and well prepared. But, unfortunately I found two issues I would consider major, thus I vote
-1 (binding)
Remember, this is no VETO so this does not necessarily stop the release. But from my experience its easier to fix things while you still are in release mode than after one. The two major issues I see are the Headers and the failing build of dta.
I checked:
- Keys present in KEYS file
- Signatures and Hash match for all 3 artifacts
- DISCLAIMER is present, see findings below
- LICENSE and NOTICE
- Building of sources
- works for crypto C (`make`)
- works for crypt js (`npm install`) but `npm test` fails, see below
- fails for dta, see below
(Minor) Findings:
- Why is the DISCLAIMER different(ly formatted) for dta than for crypto c/js ?
(Less Minor) Findings:
- Several Files do not have apache headers. But at least "code" files like Dockerfile's and bash scripts should for sure have some (also CMake).
In dta these are, e.g.
/.dockerignore
25 ./.gitignore
26 ./.travis.yml
27 ./Dockerfile
28 ./Dockerfile-alpine
29 ./build-static.sh
30 ./build.sh
31 ./go.mod
32 ./go.sum
33 ./lint.sh
34 ./report
35 ./test.sh
36 ./cmd/servicetester/e2e_test.sh
37 ./cmd/servicetester/fulltest.sh
38 ./cmd/servicetester/id_test.sh
39 ./libs/crypto/libpqnist/CMakeLists.txt
40 ./libs/crypto/libpqnist/CPackConfig.cmake
41 ./libs/crypto/libpqnist/VERSION
42 ./libs/crypto/libpqnist/cmake_uninstall.cmake.in
43 ./libs/crypto/libpqnist/examples/CMakeLists.txt
44 ./libs/crypto/libpqnist/include/CMakeLists.txt
45 ./libs/crypto/libpqnist/src/CMakeLists.txt
46 ./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
47 ./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
48 ./libs/documents/docs.pb.go
49 ./libs/documents/docs.proto
50 ./libs/documents/docs.validator.pb.go
51 ./pkg/safeguardsecret/README.md
52 ./pkg/safeguardsecret/open-api.yaml
- When trying to build dta on MacOs via Docker I Get
Digest: sha256:b88f8848e9a1a4e4558ba7cfc4acc5879e1d0e7ac06401409062ad2627e6fb58
Status: Downloaded newer image for ubuntu:latest
---> 2ca708c1c9cc
Step 2/29 : RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates cmake g++ gcc git make libtool automake libssl-dev
---> Running in f8a17dc7ab42
Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:3 http://security.ubuntu.com/ubuntu bionic-security InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
403 Forbidden [IP: 91.189.88.31 80]
Reading package lists...
E: The repository 'http://archive.ubuntu.com/ubuntu bionic InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-updates InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-backports InRelease' is not signed.
The command '/bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates cmake g++ gcc git make libtool automake libssl-dev' returned a non-zero code: 100
`npm test` fails for me with the following:
1 failing
1)
TEST MPIN BLS461
test MPin Kangaroo:
AssertionError: expected 0 to equal 1111
at Context.<anonymous> (test/test_MPIN.js:310:31)
at processImmediate (internal/timers.js:443:21)
npm ERR! Test failed. See above for more details.
Best and feel free to ask if something is unclear or needs discussion!
Julian
Am 19.09.19, 13:58 schrieb "Dave Fisher" <wa...@apache.org>:
Hi -
+1 (binding)
Keys present
DISCLAIMER checked - See (3)
LICENSE and NOTICE checked
Signature and Hash checked
Rat Check run - See (2) below.
Did NOT build, I’m on a macOS - See (1) below.
(1) In subsequent releases please make sure that the instructions are to build from the source releases and NOT the GitHub tags as these are not immutable. Also the Docker files and build shell scripts refer to GitHub and not the source release. I understand that these distinctions may be difficult considering CI/CD vs. Release Policy.
I also think that the Milagro Crypto dependency should be picked from a release and not a Github tag.
(2) I believe License headers should be added to:
./Dockerfile
./Dockerfile-alpine
./build-static.sh
./build.sh
./go.mod
./go.sum
./lint.sh
./test.sh
./cmd/servicetester/e2e_test.sh
./cmd/servicetester/fulltest.sh
./cmd/servicetester/id_test.sh
./libs/crypto/libpqnist/CMakeLists.txt
./libs/crypto/libpqnist/CPackConfig.cmake
./libs/crypto/libpqnist/cmake_uninstall.cmake.in
./libs/crypto/libpqnist/examples/CMakeLists.txt
./libs/crypto/libpqnist/include/CMakeLists.txt
./libs/crypto/libpqnist/src/CMakeLists.txt
./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
./libs/documents/docs.proto
./pkg/safeguardsecret/README.md
(3) Consider use of the DISCLAIMER-WIP.
Good to see progress here.
Regards,
Dave
> On Sep 17, 2019, at 9:02 AM, John McCane-Whitney <jo...@qredo.com> wrote:
>
> Hi,
>
> This is a call to vote to release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release).
>
> The Apache Milagro (incubating) community has voted to approve this release with 6 +1 votes. The vote result thread can be found here:
>
> https://lists.apache.org/thread.html/d4b0d5c1c1a2ed991104f0804d6faaaf70f32a865316d5aaf91e18bf@%3Cdev.milagro.apache.org%3E
>
> RELEASE TAG:
> Milagro Decentralized Trust Authority v0.1.0 (alpha release) release tag:
> https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0
> Please see the release notes at the above link for a full description and release rationale.
>
> DESCRIPTION SUMMARY:
> The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is a collaborative key management server. It has two primary functions:
>
> -Issue shares of identity-based Type-3 pairing secrets for initializing zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of clients and authentication servers.
> -Safeguards shares of generic secrets, acting independently but in conjunction with other D-TA nodes, for the benefit of other D-TA nodes.
>
> In the use case where it issues shares, the D-TA holds nothing except for its Master Secret and acts as a distributed private key generation server. In the use case where it is safeguarding shares of secrets, it is up to the application developer to implement back-end application logic to hold those shares securely. Examples include using Hardware Security Modules (HSMs) via an on-board PKCS#11 implementation to create a realm of key encryption keys, or multi-party computation through BLS signature aggregation.
>
> RELEASE RATIONALE SUMMARY:
> By default, the D-TA allows requests from a Principal's D-TA for an secp256k1 public key from a Fiduciary D-TA and then to subsequently allow the Principal to request its corresponding private key. Whilst this may have utility on its own, the Milagro community's intention is to extend the capability of the server over time to meet many key generation, storage and distribution use cases. This will be achieved using the D-TA's plugin architecture, and to this end, the initial release includes two plugins to demonstrate the D-TA's extensibility.
>
> Subsequent releases will enable the D-TA to issue Type-3 pairing/identity based secrets for "M-Pin" clients and servers ("M-Pin" is a zero-knowledge authentication protocol in the milagro-crypto-c library that also facilitates multi-factor authentication). In parallel with this will be a rewritten release of the Milagro MFA Authentication server (the original authentication server was conflated with the D-TA function limiting its security efficacy).
>
> The Milagro community is publishing this first release of the D-TA now to elicit feedback from a wider community that may have interest in an open source, decentralized key generation, storage and distribution solution. Our intention is to then to release a series of enhanced versions culminating with a production-ready GA version.
>
> Please see the README for build/test instructions and https://milagro.apache.org/docs/d-ta-overview for a full overview and usage guide.
>
> RELEASE FILES:
> The repo has the required DISCLAIMER, NOTICE and LICENSE files in its root directory. All source files have the appropriate license header. No binaries are included in this release. I have successfully built and ran the tests as per the instructions in the readme file on Ubuntu 18, Ubuntu 19, Debian 10 and MacOS 10.14 Mojave.
>
> Release links:
> Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz
> SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.sha512
> PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.asc
> Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS
>
> Please note that the project's website (https://milagro.apache.org) will be updated with download links as soon as the release's approval has been completed and the archives are available for public download.
>
> We now kindly request that the Incubator PMC members review and vote on this incubator release as follows:
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove with the reason
>
> Checklist for reference:
>
> [ ] Download links are valid
> [ ] Checksums and PGP signatures are valid
> [ ] DISCLAIMER, LICENCE & NOTICE files are included
> [ ] Source code archives have correct names matching the current release.
> [ ] All source code files have licence headers
> [ ] No compiled binaries are included
> [ ] Library builds correctly and all tests pass (as per the instructions in the readme file)
>
> The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release.
>
> Many thanks,
>
> John
>
> John McCane-Whitney
> Director of Product at Qredo Ltd
> T: +44 7966 490687
> Kemp House
> 152 - 160 City Road
> London
> EC1V 2NX
> https://qredo.com
> Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Milagro (incubating) Decentralized Trust
Authority v0.1.0 (alpha release)
Posted by Julian Feinauer <j....@pragmaticminds.de>.
Hi,
let me initially say, that the release locks pretty good and well prepared. But, unfortunately I found two issues I would consider major, thus I vote
-1 (binding)
Remember, this is no VETO so this does not necessarily stop the release. But from my experience its easier to fix things while you still are in release mode than after one. The two major issues I see are the Headers and the failing build of dta.
I checked:
- Keys present in KEYS file
- Signatures and Hash match for all 3 artifacts
- DISCLAIMER is present, see findings below
- LICENSE and NOTICE
- Building of sources
- works for crypto C (`make`)
- works for crypt js (`npm install`) but `npm test` fails, see below
- fails for dta, see below
(Minor) Findings:
- Why is the DISCLAIMER different(ly formatted) for dta than for crypto c/js ?
(Less Minor) Findings:
- Several Files do not have apache headers. But at least "code" files like Dockerfile's and bash scripts should for sure have some (also CMake).
In dta these are, e.g.
/.dockerignore
25 ./.gitignore
26 ./.travis.yml
27 ./Dockerfile
28 ./Dockerfile-alpine
29 ./build-static.sh
30 ./build.sh
31 ./go.mod
32 ./go.sum
33 ./lint.sh
34 ./report
35 ./test.sh
36 ./cmd/servicetester/e2e_test.sh
37 ./cmd/servicetester/fulltest.sh
38 ./cmd/servicetester/id_test.sh
39 ./libs/crypto/libpqnist/CMakeLists.txt
40 ./libs/crypto/libpqnist/CPackConfig.cmake
41 ./libs/crypto/libpqnist/VERSION
42 ./libs/crypto/libpqnist/cmake_uninstall.cmake.in
43 ./libs/crypto/libpqnist/examples/CMakeLists.txt
44 ./libs/crypto/libpqnist/include/CMakeLists.txt
45 ./libs/crypto/libpqnist/src/CMakeLists.txt
46 ./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
47 ./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
48 ./libs/documents/docs.pb.go
49 ./libs/documents/docs.proto
50 ./libs/documents/docs.validator.pb.go
51 ./pkg/safeguardsecret/README.md
52 ./pkg/safeguardsecret/open-api.yaml
- When trying to build dta on MacOs via Docker I Get
Digest: sha256:b88f8848e9a1a4e4558ba7cfc4acc5879e1d0e7ac06401409062ad2627e6fb58
Status: Downloaded newer image for ubuntu:latest
---> 2ca708c1c9cc
Step 2/29 : RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates cmake g++ gcc git make libtool automake libssl-dev
---> Running in f8a17dc7ab42
Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:3 http://security.ubuntu.com/ubuntu bionic-security InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
403 Forbidden [IP: 91.189.88.31 80]
Reading package lists...
E: The repository 'http://archive.ubuntu.com/ubuntu bionic InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-updates InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-backports InRelease' is not signed.
The command '/bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates cmake g++ gcc git make libtool automake libssl-dev' returned a non-zero code: 100
`npm test` fails for me with the following:
1 failing
1)
TEST MPIN BLS461
test MPin Kangaroo:
AssertionError: expected 0 to equal 1111
at Context.<anonymous> (test/test_MPIN.js:310:31)
at processImmediate (internal/timers.js:443:21)
npm ERR! Test failed. See above for more details.
Best and feel free to ask if something is unclear or needs discussion!
Julian
Am 19.09.19, 13:58 schrieb "Dave Fisher" <wa...@apache.org>:
Hi -
+1 (binding)
Keys present
DISCLAIMER checked - See (3)
LICENSE and NOTICE checked
Signature and Hash checked
Rat Check run - See (2) below.
Did NOT build, I’m on a macOS - See (1) below.
(1) In subsequent releases please make sure that the instructions are to build from the source releases and NOT the GitHub tags as these are not immutable. Also the Docker files and build shell scripts refer to GitHub and not the source release. I understand that these distinctions may be difficult considering CI/CD vs. Release Policy.
I also think that the Milagro Crypto dependency should be picked from a release and not a Github tag.
(2) I believe License headers should be added to:
./Dockerfile
./Dockerfile-alpine
./build-static.sh
./build.sh
./go.mod
./go.sum
./lint.sh
./test.sh
./cmd/servicetester/e2e_test.sh
./cmd/servicetester/fulltest.sh
./cmd/servicetester/id_test.sh
./libs/crypto/libpqnist/CMakeLists.txt
./libs/crypto/libpqnist/CPackConfig.cmake
./libs/crypto/libpqnist/cmake_uninstall.cmake.in
./libs/crypto/libpqnist/examples/CMakeLists.txt
./libs/crypto/libpqnist/include/CMakeLists.txt
./libs/crypto/libpqnist/src/CMakeLists.txt
./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
./libs/documents/docs.proto
./pkg/safeguardsecret/README.md
(3) Consider use of the DISCLAIMER-WIP.
Good to see progress here.
Regards,
Dave
> On Sep 17, 2019, at 9:02 AM, John McCane-Whitney <jo...@qredo.com> wrote:
>
> Hi,
>
> This is a call to vote to release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release).
>
> The Apache Milagro (incubating) community has voted to approve this release with 6 +1 votes. The vote result thread can be found here:
>
> https://lists.apache.org/thread.html/d4b0d5c1c1a2ed991104f0804d6faaaf70f32a865316d5aaf91e18bf@%3Cdev.milagro.apache.org%3E
>
> RELEASE TAG:
> Milagro Decentralized Trust Authority v0.1.0 (alpha release) release tag:
> https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0
> Please see the release notes at the above link for a full description and release rationale.
>
> DESCRIPTION SUMMARY:
> The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is a collaborative key management server. It has two primary functions:
>
> -Issue shares of identity-based Type-3 pairing secrets for initializing zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of clients and authentication servers.
> -Safeguards shares of generic secrets, acting independently but in conjunction with other D-TA nodes, for the benefit of other D-TA nodes.
>
> In the use case where it issues shares, the D-TA holds nothing except for its Master Secret and acts as a distributed private key generation server. In the use case where it is safeguarding shares of secrets, it is up to the application developer to implement back-end application logic to hold those shares securely. Examples include using Hardware Security Modules (HSMs) via an on-board PKCS#11 implementation to create a realm of key encryption keys, or multi-party computation through BLS signature aggregation.
>
> RELEASE RATIONALE SUMMARY:
> By default, the D-TA allows requests from a Principal's D-TA for an secp256k1 public key from a Fiduciary D-TA and then to subsequently allow the Principal to request its corresponding private key. Whilst this may have utility on its own, the Milagro community's intention is to extend the capability of the server over time to meet many key generation, storage and distribution use cases. This will be achieved using the D-TA's plugin architecture, and to this end, the initial release includes two plugins to demonstrate the D-TA's extensibility.
>
> Subsequent releases will enable the D-TA to issue Type-3 pairing/identity based secrets for "M-Pin" clients and servers ("M-Pin" is a zero-knowledge authentication protocol in the milagro-crypto-c library that also facilitates multi-factor authentication). In parallel with this will be a rewritten release of the Milagro MFA Authentication server (the original authentication server was conflated with the D-TA function limiting its security efficacy).
>
> The Milagro community is publishing this first release of the D-TA now to elicit feedback from a wider community that may have interest in an open source, decentralized key generation, storage and distribution solution. Our intention is to then to release a series of enhanced versions culminating with a production-ready GA version.
>
> Please see the README for build/test instructions and https://milagro.apache.org/docs/d-ta-overview for a full overview and usage guide.
>
> RELEASE FILES:
> The repo has the required DISCLAIMER, NOTICE and LICENSE files in its root directory. All source files have the appropriate license header. No binaries are included in this release. I have successfully built and ran the tests as per the instructions in the readme file on Ubuntu 18, Ubuntu 19, Debian 10 and MacOS 10.14 Mojave.
>
> Release links:
> Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz
> SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.sha512
> PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.asc
> Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS
>
> Please note that the project's website (https://milagro.apache.org) will be updated with download links as soon as the release's approval has been completed and the archives are available for public download.
>
> We now kindly request that the Incubator PMC members review and vote on this incubator release as follows:
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove with the reason
>
> Checklist for reference:
>
> [ ] Download links are valid
> [ ] Checksums and PGP signatures are valid
> [ ] DISCLAIMER, LICENCE & NOTICE files are included
> [ ] Source code archives have correct names matching the current release.
> [ ] All source code files have licence headers
> [ ] No compiled binaries are included
> [ ] Library builds correctly and all tests pass (as per the instructions in the readme file)
>
> The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release.
>
> Many thanks,
>
> John
>
> John McCane-Whitney
> Director of Product at Qredo Ltd
> T: +44 7966 490687
> Kemp House
> 152 - 160 City Road
> London
> EC1V 2NX
> https://qredo.com
> Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Milagro (incubating) Decentralized Trust
Authority v0.1.0 (alpha release)
Posted by Julian Feinauer <j....@pragmaticminds.de>.
Hi,
let me initially say, that the release locks pretty good and well prepared. But, unfortunately I found two issues I would consider major, thus I vote
-1 (binding)
Remember, this is no VETO so this does not necessarily stop the release. But from my experience its easier to fix things while you still are in release mode than after one. The two major issues I see are the Headers and the failing build of dta.
I checked:
- Keys present in KEYS file
- Signatures and Hash match for all 3 artifacts
- DISCLAIMER is present, see findings below
- LICENSE and NOTICE
- Building of sources
- works for crypto C (`make`)
- works for crypt js (`npm install`) but `npm test` fails, see below
- fails for dta, see below
(Minor) Findings:
- Why is the DISCLAIMER different(ly formatted) for dta than for crypto c/js ?
(Less Minor) Findings:
- Several Files do not have apache headers. But at least "code" files like Dockerfile's and bash scripts should for sure have some (also CMake).
In dta these are, e.g.
/.dockerignore
25 ./.gitignore
26 ./.travis.yml
27 ./Dockerfile
28 ./Dockerfile-alpine
29 ./build-static.sh
30 ./build.sh
31 ./go.mod
32 ./go.sum
33 ./lint.sh
34 ./report
35 ./test.sh
36 ./cmd/servicetester/e2e_test.sh
37 ./cmd/servicetester/fulltest.sh
38 ./cmd/servicetester/id_test.sh
39 ./libs/crypto/libpqnist/CMakeLists.txt
40 ./libs/crypto/libpqnist/CPackConfig.cmake
41 ./libs/crypto/libpqnist/VERSION
42 ./libs/crypto/libpqnist/cmake_uninstall.cmake.in
43 ./libs/crypto/libpqnist/examples/CMakeLists.txt
44 ./libs/crypto/libpqnist/include/CMakeLists.txt
45 ./libs/crypto/libpqnist/src/CMakeLists.txt
46 ./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
47 ./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
48 ./libs/documents/docs.pb.go
49 ./libs/documents/docs.proto
50 ./libs/documents/docs.validator.pb.go
51 ./pkg/safeguardsecret/README.md
52 ./pkg/safeguardsecret/open-api.yaml
- When trying to build dta on MacOs via Docker I Get
Digest: sha256:b88f8848e9a1a4e4558ba7cfc4acc5879e1d0e7ac06401409062ad2627e6fb58
Status: Downloaded newer image for ubuntu:latest
---> 2ca708c1c9cc
Step 2/29 : RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates cmake g++ gcc git make libtool automake libssl-dev
---> Running in f8a17dc7ab42
Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:3 http://security.ubuntu.com/ubuntu bionic-security InRelease
403 Forbidden [IP: 91.189.88.31 80]
Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
403 Forbidden [IP: 91.189.88.31 80]
Reading package lists...
E: The repository 'http://archive.ubuntu.com/ubuntu bionic InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-updates InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' is not signed.
E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease 403 Forbidden [IP: 91.189.88.31 80]
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-backports InRelease' is not signed.
The command '/bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates cmake g++ gcc git make libtool automake libssl-dev' returned a non-zero code: 100
`npm test` fails for me with the following:
1 failing
1)
TEST MPIN BLS461
test MPin Kangaroo:
AssertionError: expected 0 to equal 1111
at Context.<anonymous> (test/test_MPIN.js:310:31)
at processImmediate (internal/timers.js:443:21)
npm ERR! Test failed. See above for more details.
Best and feel free to ask if something is unclear or needs discussion!
Julian
Am 19.09.19, 13:58 schrieb "Dave Fisher" <wa...@apache.org>:
Hi -
+1 (binding)
Keys present
DISCLAIMER checked - See (3)
LICENSE and NOTICE checked
Signature and Hash checked
Rat Check run - See (2) below.
Did NOT build, I’m on a macOS - See (1) below.
(1) In subsequent releases please make sure that the instructions are to build from the source releases and NOT the GitHub tags as these are not immutable. Also the Docker files and build shell scripts refer to GitHub and not the source release. I understand that these distinctions may be difficult considering CI/CD vs. Release Policy.
I also think that the Milagro Crypto dependency should be picked from a release and not a Github tag.
(2) I believe License headers should be added to:
./Dockerfile
./Dockerfile-alpine
./build-static.sh
./build.sh
./go.mod
./go.sum
./lint.sh
./test.sh
./cmd/servicetester/e2e_test.sh
./cmd/servicetester/fulltest.sh
./cmd/servicetester/id_test.sh
./libs/crypto/libpqnist/CMakeLists.txt
./libs/crypto/libpqnist/CPackConfig.cmake
./libs/crypto/libpqnist/cmake_uninstall.cmake.in
./libs/crypto/libpqnist/examples/CMakeLists.txt
./libs/crypto/libpqnist/include/CMakeLists.txt
./libs/crypto/libpqnist/src/CMakeLists.txt
./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
./libs/documents/docs.proto
./pkg/safeguardsecret/README.md
(3) Consider use of the DISCLAIMER-WIP.
Good to see progress here.
Regards,
Dave
> On Sep 17, 2019, at 9:02 AM, John McCane-Whitney <jo...@qredo.com> wrote:
>
> Hi,
>
> This is a call to vote to release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release).
>
> The Apache Milagro (incubating) community has voted to approve this release with 6 +1 votes. The vote result thread can be found here:
>
> https://lists.apache.org/thread.html/d4b0d5c1c1a2ed991104f0804d6faaaf70f32a865316d5aaf91e18bf@%3Cdev.milagro.apache.org%3E
>
> RELEASE TAG:
> Milagro Decentralized Trust Authority v0.1.0 (alpha release) release tag:
> https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0
> Please see the release notes at the above link for a full description and release rationale.
>
> DESCRIPTION SUMMARY:
> The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is a collaborative key management server. It has two primary functions:
>
> -Issue shares of identity-based Type-3 pairing secrets for initializing zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of clients and authentication servers.
> -Safeguards shares of generic secrets, acting independently but in conjunction with other D-TA nodes, for the benefit of other D-TA nodes.
>
> In the use case where it issues shares, the D-TA holds nothing except for its Master Secret and acts as a distributed private key generation server. In the use case where it is safeguarding shares of secrets, it is up to the application developer to implement back-end application logic to hold those shares securely. Examples include using Hardware Security Modules (HSMs) via an on-board PKCS#11 implementation to create a realm of key encryption keys, or multi-party computation through BLS signature aggregation.
>
> RELEASE RATIONALE SUMMARY:
> By default, the D-TA allows requests from a Principal's D-TA for an secp256k1 public key from a Fiduciary D-TA and then to subsequently allow the Principal to request its corresponding private key. Whilst this may have utility on its own, the Milagro community's intention is to extend the capability of the server over time to meet many key generation, storage and distribution use cases. This will be achieved using the D-TA's plugin architecture, and to this end, the initial release includes two plugins to demonstrate the D-TA's extensibility.
>
> Subsequent releases will enable the D-TA to issue Type-3 pairing/identity based secrets for "M-Pin" clients and servers ("M-Pin" is a zero-knowledge authentication protocol in the milagro-crypto-c library that also facilitates multi-factor authentication). In parallel with this will be a rewritten release of the Milagro MFA Authentication server (the original authentication server was conflated with the D-TA function limiting its security efficacy).
>
> The Milagro community is publishing this first release of the D-TA now to elicit feedback from a wider community that may have interest in an open source, decentralized key generation, storage and distribution solution. Our intention is to then to release a series of enhanced versions culminating with a production-ready GA version.
>
> Please see the README for build/test instructions and https://milagro.apache.org/docs/d-ta-overview for a full overview and usage guide.
>
> RELEASE FILES:
> The repo has the required DISCLAIMER, NOTICE and LICENSE files in its root directory. All source files have the appropriate license header. No binaries are included in this release. I have successfully built and ran the tests as per the instructions in the readme file on Ubuntu 18, Ubuntu 19, Debian 10 and MacOS 10.14 Mojave.
>
> Release links:
> Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz
> SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.sha512
> PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.asc
> Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS
>
> Please note that the project's website (https://milagro.apache.org) will be updated with download links as soon as the release's approval has been completed and the archives are available for public download.
>
> We now kindly request that the Incubator PMC members review and vote on this incubator release as follows:
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove with the reason
>
> Checklist for reference:
>
> [ ] Download links are valid
> [ ] Checksums and PGP signatures are valid
> [ ] DISCLAIMER, LICENCE & NOTICE files are included
> [ ] Source code archives have correct names matching the current release.
> [ ] All source code files have licence headers
> [ ] No compiled binaries are included
> [ ] Library builds correctly and all tests pass (as per the instructions in the readme file)
>
> The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release.
>
> Many thanks,
>
> John
>
> John McCane-Whitney
> Director of Product at Qredo Ltd
> T: +44 7966 490687
> Kemp House
> 152 - 160 City Road
> London
> EC1V 2NX
> https://qredo.com
> Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Milagro (incubating) Decentralized Trust
Authority v0.1.0 (alpha release)
Posted by Dave Fisher <wa...@apache.org>.
Hi -
+1 (binding)
Keys present
DISCLAIMER checked - See (3)
LICENSE and NOTICE checked
Signature and Hash checked
Rat Check run - See (2) below.
Did NOT build, I’m on a macOS - See (1) below.
(1) In subsequent releases please make sure that the instructions are to build from the source releases and NOT the GitHub tags as these are not immutable. Also the Docker files and build shell scripts refer to GitHub and not the source release. I understand that these distinctions may be difficult considering CI/CD vs. Release Policy.
I also think that the Milagro Crypto dependency should be picked from a release and not a Github tag.
(2) I believe License headers should be added to:
./Dockerfile
./Dockerfile-alpine
./build-static.sh
./build.sh
./go.mod
./go.sum
./lint.sh
./test.sh
./cmd/servicetester/e2e_test.sh
./cmd/servicetester/fulltest.sh
./cmd/servicetester/id_test.sh
./libs/crypto/libpqnist/CMakeLists.txt
./libs/crypto/libpqnist/CPackConfig.cmake
./libs/crypto/libpqnist/cmake_uninstall.cmake.in
./libs/crypto/libpqnist/examples/CMakeLists.txt
./libs/crypto/libpqnist/include/CMakeLists.txt
./libs/crypto/libpqnist/src/CMakeLists.txt
./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
./libs/documents/docs.proto
./pkg/safeguardsecret/README.md
(3) Consider use of the DISCLAIMER-WIP.
Good to see progress here.
Regards,
Dave
> On Sep 17, 2019, at 9:02 AM, John McCane-Whitney <jo...@qredo.com> wrote:
>
> Hi,
>
> This is a call to vote to release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release).
>
> The Apache Milagro (incubating) community has voted to approve this release with 6 +1 votes. The vote result thread can be found here:
>
> https://lists.apache.org/thread.html/d4b0d5c1c1a2ed991104f0804d6faaaf70f32a865316d5aaf91e18bf@%3Cdev.milagro.apache.org%3E
>
> RELEASE TAG:
> Milagro Decentralized Trust Authority v0.1.0 (alpha release) release tag:
> https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0
> Please see the release notes at the above link for a full description and release rationale.
>
> DESCRIPTION SUMMARY:
> The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is a collaborative key management server. It has two primary functions:
>
> -Issue shares of identity-based Type-3 pairing secrets for initializing zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of clients and authentication servers.
> -Safeguards shares of generic secrets, acting independently but in conjunction with other D-TA nodes, for the benefit of other D-TA nodes.
>
> In the use case where it issues shares, the D-TA holds nothing except for its Master Secret and acts as a distributed private key generation server. In the use case where it is safeguarding shares of secrets, it is up to the application developer to implement back-end application logic to hold those shares securely. Examples include using Hardware Security Modules (HSMs) via an on-board PKCS#11 implementation to create a realm of key encryption keys, or multi-party computation through BLS signature aggregation.
>
> RELEASE RATIONALE SUMMARY:
> By default, the D-TA allows requests from a Principal's D-TA for an secp256k1 public key from a Fiduciary D-TA and then to subsequently allow the Principal to request its corresponding private key. Whilst this may have utility on its own, the Milagro community's intention is to extend the capability of the server over time to meet many key generation, storage and distribution use cases. This will be achieved using the D-TA's plugin architecture, and to this end, the initial release includes two plugins to demonstrate the D-TA's extensibility.
>
> Subsequent releases will enable the D-TA to issue Type-3 pairing/identity based secrets for "M-Pin" clients and servers ("M-Pin" is a zero-knowledge authentication protocol in the milagro-crypto-c library that also facilitates multi-factor authentication). In parallel with this will be a rewritten release of the Milagro MFA Authentication server (the original authentication server was conflated with the D-TA function limiting its security efficacy).
>
> The Milagro community is publishing this first release of the D-TA now to elicit feedback from a wider community that may have interest in an open source, decentralized key generation, storage and distribution solution. Our intention is to then to release a series of enhanced versions culminating with a production-ready GA version.
>
> Please see the README for build/test instructions and https://milagro.apache.org/docs/d-ta-overview for a full overview and usage guide.
>
> RELEASE FILES:
> The repo has the required DISCLAIMER, NOTICE and LICENSE files in its root directory. All source files have the appropriate license header. No binaries are included in this release. I have successfully built and ran the tests as per the instructions in the readme file on Ubuntu 18, Ubuntu 19, Debian 10 and MacOS 10.14 Mojave.
>
> Release links:
> Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz
> SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.sha512
> PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.asc
> Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS
>
> Please note that the project's website (https://milagro.apache.org) will be updated with download links as soon as the release's approval has been completed and the archives are available for public download.
>
> We now kindly request that the Incubator PMC members review and vote on this incubator release as follows:
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove with the reason
>
> Checklist for reference:
>
> [ ] Download links are valid
> [ ] Checksums and PGP signatures are valid
> [ ] DISCLAIMER, LICENCE & NOTICE files are included
> [ ] Source code archives have correct names matching the current release.
> [ ] All source code files have licence headers
> [ ] No compiled binaries are included
> [ ] Library builds correctly and all tests pass (as per the instructions in the readme file)
>
> The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release.
>
> Many thanks,
>
> John
>
> John McCane-Whitney
> Director of Product at Qredo Ltd
> T: +44 7966 490687
> Kemp House
> 152 - 160 City Road
> London
> EC1V 2NX
> https://qredo.com
> Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Milagro (incubating) Decentralized Trust
Authority v0.1.0 (alpha release)
Posted by Dave Fisher <wa...@apache.org>.
Hi -
+1 (binding)
Keys present
DISCLAIMER checked - See (3)
LICENSE and NOTICE checked
Signature and Hash checked
Rat Check run - See (2) below.
Did NOT build, I’m on a macOS - See (1) below.
(1) In subsequent releases please make sure that the instructions are to build from the source releases and NOT the GitHub tags as these are not immutable. Also the Docker files and build shell scripts refer to GitHub and not the source release. I understand that these distinctions may be difficult considering CI/CD vs. Release Policy.
I also think that the Milagro Crypto dependency should be picked from a release and not a Github tag.
(2) I believe License headers should be added to:
./Dockerfile
./Dockerfile-alpine
./build-static.sh
./build.sh
./go.mod
./go.sum
./lint.sh
./test.sh
./cmd/servicetester/e2e_test.sh
./cmd/servicetester/fulltest.sh
./cmd/servicetester/id_test.sh
./libs/crypto/libpqnist/CMakeLists.txt
./libs/crypto/libpqnist/CPackConfig.cmake
./libs/crypto/libpqnist/cmake_uninstall.cmake.in
./libs/crypto/libpqnist/examples/CMakeLists.txt
./libs/crypto/libpqnist/include/CMakeLists.txt
./libs/crypto/libpqnist/src/CMakeLists.txt
./libs/crypto/libpqnist/test/smoke/CMakeLists.txt
./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp
./libs/documents/docs.proto
./pkg/safeguardsecret/README.md
(3) Consider use of the DISCLAIMER-WIP.
Good to see progress here.
Regards,
Dave
> On Sep 17, 2019, at 9:02 AM, John McCane-Whitney <jo...@qredo.com> wrote:
>
> Hi,
>
> This is a call to vote to release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release).
>
> The Apache Milagro (incubating) community has voted to approve this release with 6 +1 votes. The vote result thread can be found here:
>
> https://lists.apache.org/thread.html/d4b0d5c1c1a2ed991104f0804d6faaaf70f32a865316d5aaf91e18bf@%3Cdev.milagro.apache.org%3E
>
> RELEASE TAG:
> Milagro Decentralized Trust Authority v0.1.0 (alpha release) release tag:
> https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0
> Please see the release notes at the above link for a full description and release rationale.
>
> DESCRIPTION SUMMARY:
> The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is a collaborative key management server. It has two primary functions:
>
> -Issue shares of identity-based Type-3 pairing secrets for initializing zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of clients and authentication servers.
> -Safeguards shares of generic secrets, acting independently but in conjunction with other D-TA nodes, for the benefit of other D-TA nodes.
>
> In the use case where it issues shares, the D-TA holds nothing except for its Master Secret and acts as a distributed private key generation server. In the use case where it is safeguarding shares of secrets, it is up to the application developer to implement back-end application logic to hold those shares securely. Examples include using Hardware Security Modules (HSMs) via an on-board PKCS#11 implementation to create a realm of key encryption keys, or multi-party computation through BLS signature aggregation.
>
> RELEASE RATIONALE SUMMARY:
> By default, the D-TA allows requests from a Principal's D-TA for an secp256k1 public key from a Fiduciary D-TA and then to subsequently allow the Principal to request its corresponding private key. Whilst this may have utility on its own, the Milagro community's intention is to extend the capability of the server over time to meet many key generation, storage and distribution use cases. This will be achieved using the D-TA's plugin architecture, and to this end, the initial release includes two plugins to demonstrate the D-TA's extensibility.
>
> Subsequent releases will enable the D-TA to issue Type-3 pairing/identity based secrets for "M-Pin" clients and servers ("M-Pin" is a zero-knowledge authentication protocol in the milagro-crypto-c library that also facilitates multi-factor authentication). In parallel with this will be a rewritten release of the Milagro MFA Authentication server (the original authentication server was conflated with the D-TA function limiting its security efficacy).
>
> The Milagro community is publishing this first release of the D-TA now to elicit feedback from a wider community that may have interest in an open source, decentralized key generation, storage and distribution solution. Our intention is to then to release a series of enhanced versions culminating with a production-ready GA version.
>
> Please see the README for build/test instructions and https://milagro.apache.org/docs/d-ta-overview for a full overview and usage guide.
>
> RELEASE FILES:
> The repo has the required DISCLAIMER, NOTICE and LICENSE files in its root directory. All source files have the appropriate license header. No binaries are included in this release. I have successfully built and ran the tests as per the instructions in the readme file on Ubuntu 18, Ubuntu 19, Debian 10 and MacOS 10.14 Mojave.
>
> Release links:
> Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz
> SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.sha512
> PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.asc
> Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS
>
> Please note that the project's website (https://milagro.apache.org) will be updated with download links as soon as the release's approval has been completed and the archives are available for public download.
>
> We now kindly request that the Incubator PMC members review and vote on this incubator release as follows:
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove with the reason
>
> Checklist for reference:
>
> [ ] Download links are valid
> [ ] Checksums and PGP signatures are valid
> [ ] DISCLAIMER, LICENCE & NOTICE files are included
> [ ] Source code archives have correct names matching the current release.
> [ ] All source code files have licence headers
> [ ] No compiled binaries are included
> [ ] Library builds correctly and all tests pass (as per the instructions in the readme file)
>
> The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release.
>
> Many thanks,
>
> John
>
> John McCane-Whitney
> Director of Product at Qredo Ltd
> T: +44 7966 490687
> Kemp House
> 152 - 160 City Road
> London
> EC1V 2NX
> https://qredo.com
> Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
Re: [VOTE] Release Apache Milagro (incubating) Decentralized Trust
Authority v0.1.0 (alpha release)
Posted by jean-frederic clere <jf...@gmail.com>.
On 19/09/2019 10:06, Brian Spector wrote:
> Bumping this up. IPMC folks, could you please help us and review.
+1 from me, anyway it is a alpha ;-)
--
Cheers
Jean-Frederic
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release)
Posted by Brian Spector <br...@apache.org>.
Bumping this up. IPMC folks, could you please help us and review.
+1 from me but it is non-binding.
Thanks
Brian
On 2019/09/17 16:02:01, John McCane-Whitney <jo...@qredo.com> wrote:
> Hi,
>
> This is a call to vote to release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release).
>
> The Apache Milagro (incubating) community has voted to approve this release with 6 +1 votes. The vote result thread can be found here:
>
> https://lists.apache.org/thread.html/d4b0d5c1c1a2ed991104f0804d6faaaf70f32a865316d5aaf91e18bf@%3Cdev.milagro.apache.org%3E
>
> RELEASE TAG:
> Milagro Decentralized Trust Authority v0.1.0 (alpha release) release tag:
> https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0
> Please see the release notes at the above link for a full description and release rationale.
>
> DESCRIPTION SUMMARY:
> The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is a collaborative key management server. It has two primary functions:
>
> -Issue shares of identity-based Type-3 pairing secrets for initializing zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of clients and authentication servers.
> -Safeguards shares of generic secrets, acting independently but in conjunction with other D-TA nodes, for the benefit of other D-TA nodes.
>
> In the use case where it issues shares, the D-TA holds nothing except for its Master Secret and acts as a distributed private key generation server. In the use case where it is safeguarding shares of secrets, it is up to the application developer to implement back-end application logic to hold those shares securely. Examples include using Hardware Security Modules (HSMs) via an on-board PKCS#11 implementation to create a realm of key encryption keys, or multi-party computation through BLS signature aggregation.
>
> RELEASE RATIONALE SUMMARY:
> By default, the D-TA allows requests from a Principal's D-TA for an secp256k1 public key from a Fiduciary D-TA and then to subsequently allow the Principal to request its corresponding private key. Whilst this may have utility on its own, the Milagro community's intention is to extend the capability of the server over time to meet many key generation, storage and distribution use cases. This will be achieved using the D-TA's plugin architecture, and to this end, the initial release includes two plugins to demonstrate the D-TA's extensibility.
>
> Subsequent releases will enable the D-TA to issue Type-3 pairing/identity based secrets for "M-Pin" clients and servers ("M-Pin" is a zero-knowledge authentication protocol in the milagro-crypto-c library that also facilitates multi-factor authentication). In parallel with this will be a rewritten release of the Milagro MFA Authentication server (the original authentication server was conflated with the D-TA function limiting its security efficacy).
>
> The Milagro community is publishing this first release of the D-TA now to elicit feedback from a wider community that may have interest in an open source, decentralized key generation, storage and distribution solution. Our intention is to then to release a series of enhanced versions culminating with a production-ready GA version.
>
> Please see the README for build/test instructions and https://milagro.apache.org/docs/d-ta-overview for a full overview and usage guide.
>
> RELEASE FILES:
> The repo has the required DISCLAIMER, NOTICE and LICENSE files in its root directory. All source files have the appropriate license header. No binaries are included in this release. I have successfully built and ran the tests as per the instructions in the readme file on Ubuntu 18, Ubuntu 19, Debian 10 and MacOS 10.14 Mojave.
>
> Release links:
> Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz
> SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.sha512
> PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.asc
> Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS
>
> Please note that the project's website (https://milagro.apache.org) will be updated with download links as soon as the release's approval has been completed and the archives are available for public download.
>
> We now kindly request that the Incubator PMC members review and vote on this incubator release as follows:
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove with the reason
>
> Checklist for reference:
>
> [ ] Download links are valid
> [ ] Checksums and PGP signatures are valid
> [ ] DISCLAIMER, LICENCE & NOTICE files are included
> [ ] Source code archives have correct names matching the current release.
> [ ] All source code files have licence headers
> [ ] No compiled binaries are included
> [ ] Library builds correctly and all tests pass (as per the instructions in the readme file)
>
> The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release.
>
> Many thanks,
>
> John
>
> John McCane-Whitney
> Director of Product at Qredo Ltd
> T: +44 7966 490687
> Kemp House
> 152 - 160 City Road
> London
> EC1V 2NX
> https://qredo.com
> Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Milagro (incubating) Decentralized Trust
Authority v0.1.0 (alpha release)
Posted by Howard Kitto <ho...@qredo.com>.
+1 from me
Howard Kitto
Qredo
Chief Technology Officer
howard@qredo.com
> On 17 Sep 2019, at 17:02, John McCane-Whitney <jo...@qredo.com> wrote:
>
> Hi,
>
> This is a call to vote to release Apache Milagro (incubating) Decentralized Trust Authority v0.1.0 (alpha release).
>
> The Apache Milagro (incubating) community has voted to approve this release with 6 +1 votes. The vote result thread can be found here:
>
> https://lists.apache.org/thread.html/d4b0d5c1c1a2ed991104f0804d6faaaf70f32a865316d5aaf91e18bf@%3Cdev.milagro.apache.org%3E
>
> RELEASE TAG:
> Milagro Decentralized Trust Authority v0.1.0 (alpha release) release tag:
> https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0
> Please see the release notes at the above link for a full description and release rationale.
>
> DESCRIPTION SUMMARY:
> The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is a collaborative key management server. It has two primary functions:
>
> -Issue shares of identity-based Type-3 pairing secrets for initializing zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of clients and authentication servers.
> -Safeguards shares of generic secrets, acting independently but in conjunction with other D-TA nodes, for the benefit of other D-TA nodes.
>
> In the use case where it issues shares, the D-TA holds nothing except for its Master Secret and acts as a distributed private key generation server. In the use case where it is safeguarding shares of secrets, it is up to the application developer to implement back-end application logic to hold those shares securely. Examples include using Hardware Security Modules (HSMs) via an on-board PKCS#11 implementation to create a realm of key encryption keys, or multi-party computation through BLS signature aggregation.
>
> RELEASE RATIONALE SUMMARY:
> By default, the D-TA allows requests from a Principal's D-TA for an secp256k1 public key from a Fiduciary D-TA and then to subsequently allow the Principal to request its corresponding private key. Whilst this may have utility on its own, the Milagro community's intention is to extend the capability of the server over time to meet many key generation, storage and distribution use cases. This will be achieved using the D-TA's plugin architecture, and to this end, the initial release includes two plugins to demonstrate the D-TA's extensibility.
>
> Subsequent releases will enable the D-TA to issue Type-3 pairing/identity based secrets for "M-Pin" clients and servers ("M-Pin" is a zero-knowledge authentication protocol in the milagro-crypto-c library that also facilitates multi-factor authentication). In parallel with this will be a rewritten release of the Milagro MFA Authentication server (the original authentication server was conflated with the D-TA function limiting its security efficacy).
>
> The Milagro community is publishing this first release of the D-TA now to elicit feedback from a wider community that may have interest in an open source, decentralized key generation, storage and distribution solution. Our intention is to then to release a series of enhanced versions culminating with a production-ready GA version.
>
> Please see the README for build/test instructions and https://milagro.apache.org/docs/d-ta-overview for a full overview and usage guide.
>
> RELEASE FILES:
> The repo has the required DISCLAIMER, NOTICE and LICENSE files in its root directory. All source files have the appropriate license header. No binaries are included in this release. I have successfully built and ran the tests as per the instructions in the readme file on Ubuntu 18, Ubuntu 19, Debian 10 and MacOS 10.14 Mojave.
>
> Release links:
> Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz
> SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.sha512
> PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.asc
> Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS
>
> Please note that the project's website (https://milagro.apache.org) will be updated with download links as soon as the release's approval has been completed and the archives are available for public download.
>
> We now kindly request that the Incubator PMC members review and vote on this incubator release as follows:
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove with the reason
>
> Checklist for reference:
>
> [ ] Download links are valid
> [ ] Checksums and PGP signatures are valid
> [ ] DISCLAIMER, LICENCE & NOTICE files are included
> [ ] Source code archives have correct names matching the current release.
> [ ] All source code files have licence headers
> [ ] No compiled binaries are included
> [ ] Library builds correctly and all tests pass (as per the instructions in the readme file)
>
> The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release.
>
> Many thanks,
>
> John
>
> John McCane-Whitney
> Director of Product at Qredo Ltd
> T: +44 7966 490687
> Kemp House
> 152 - 160 City Road
> London
> EC1V 2NX
> https://qredo.com
> Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system.