1 <!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Strict//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <!--[if lt IE 7]> <html class='no-js ie6' lang='en' xmlns='http://www.w3.org/1999/xhtml'> <![endif]-->
4 <!--[if IE 7]> <html class='no-js ie7' lang='en' xmlns='http://www.w3.org/1999/xhtml'> <![endif]-->
5 <!--[if IE 8]> <html class='no-js ie8' lang='en' xmlns='http://www.w3.org/1999/xhtml'> <![endif]-->
6 <!--[if gt IE 8]><!--> <html lang='en' xmlns='http://www.w3.org/1999/xhtml'> <!--<![endif]-->
8 <title>Fixing trust on the Internet
</title>
9 <meta http-equiv='Content-Type' content='text/html; charset=utf-
8'
/>
10 <meta name='generator' content='Org-mode'
/>
11 <meta name='author' content='Tom Marble'
/>
13 <link rel='stylesheet' href='deck.js/core/deck.core.css' type='text/css'
/>
14 <link rel='stylesheet' href='deck.js/extensions/goto/deck.goto.css' type='text/css'
/>
15 <link rel='stylesheet' href='deck.js/extensions/menu/deck.menu.css' type='text/css'
/>
16 <link rel='stylesheet' href='deck.js/extensions/navigation/deck.navigation.css' type='text/css'
/>
17 <link rel='stylesheet' href='deck.js/extensions/onepage/deck.onepage.css' type='text/css'
/>
18 <link rel='stylesheet' href='deck.js/extensions/scale/deck.scale.css' type='text/css'
/>
19 <link rel='stylesheet' href='deck.js/extensions/status/deck.status.css' type='text/css'
/>
20 <link rel='stylesheet' href='deck.js/themes/style/neon.css' type='text/css'
/>
21 <link rel='stylesheet' href='deck.js/themes/transition/fade.css' type='text/css'
/>
22 <script src='deck.js/jquery.min.js' type='text/javascript'
></script>
23 <script src='deck.js/core/deck.core.js' type='text/javascript'
></script>
24 <script src='deck.js/modernizr.custom.js' type='text/javascript'
></script>
25 <script src='deck.js/extensions/goto/deck.goto.js' type='text/javascript'
></script>
26 <script src='deck.js/extensions/menu/deck.menu.js' type='text/javascript'
></script>
27 <script src='deck.js/extensions/navigation/deck.navigation.js' type='text/javascript'
></script>
28 <script src='deck.js/extensions/onepage/deck.onepage.js' type='text/javascript'
></script>
29 <script src='deck.js/extensions/scale/deck.scale.js' type='text/javascript'
></script>
30 <script src='deck.js/extensions/status/deck.status.js' type='text/javascript'
></script>
32 <script type='text/javascript'
>
33 $(document).ready(function () { $.deck('.slide'); });
36 <style type='text/css'
>
37 #table-of-contents a {color: inherit;}
38 #table-of-contents ul {margin-bottom:
0;}
39 #table-of-contents li {padding:
0;}
41 #preamble, #postamble {left:
5px; width:
100%;}
42 #preamble {position: absolute; top:
10px;}
46 position: static; padding:
0;
48 -webkit-transform: none;
80 background-color: #ffffff;
81 border-collapse: collapse;
83 border-color: #ffcc00;
87 table.mytable td, table.mytable th {
89 border-color: #ffcc00;
94 background-color: #ffcc00;
96 table.quiettable, table.quiettable colgroup, table.quiettable tbody, table.quiettable
> th, table.quiettable
> tr {
103 table.quiettable thead {
111 <div id='content' class='deck-container'
>
113 <div id='title-slide' class='slide'
>
114 <h1>Fixing trust on the Internet
</h1>
115 <h2>Tom Marble
<<a href=
"mailto:tmarble@info9.net">tmarble@info9.net
</a>></h2>
119 <div id=
"slide-1" class=
"outline-2 slide">
120 <h2 id=
"sec-1">Meta
</h2>
121 <div class=
"outline-text-2" id=
"text-1">
122 </div><div id=
"slide-1-1" class=
"outline-3">
123 <h3 id=
"sec-1-1">This presentation is
<i>already
</i> online!
</h3>
124 <div class=
"outline-text-3" id=
"text-1-1">
125 </div><div id=
"slide-1-1-1" class=
"outline-4">
126 <h4 id=
"sec-1-1-1"><a href=
"https://info9.net/trust">https://info9.net/trust
</a></h4>
127 <div class=
"outline-text-4" id=
"text-1-1-1">
128 </div><ul class=
"org-ul"><li><a id=
"sec-1-1-1-1" name=
"sec-1-1-1-1"></a>Navigation
<br /><ul class=
"org-ul"><li><a id=
"sec-1-1-1-1-1" name=
"sec-1-1-1-1-1"></a><b>→
</b> = forward (swipe right)
<br /></li>
129 <li><a id=
"sec-1-1-1-1-2" name=
"sec-1-1-1-1-2"></a><b>←
</b> = back (swipe left)
<br /></li>
130 <li><a id=
"sec-1-1-1-1-3" name=
"sec-1-1-1-1-3"></a><b>g
</b> = goto slide
<br /></li>
131 <li><a id=
"sec-1-1-1-1-4" name=
"sec-1-1-1-1-4"></a><b>m
</b> = menu of all slides (tap)
<br /></li>
132 <li><a id=
"sec-1-1-1-1-5" name=
"sec-1-1-1-1-5"></a><b>o
</b> = one page
<br /></li>
133 <li><a id=
"sec-1-1-1-1-6" name=
"sec-1-1-1-1-6"></a><b>s
</b> = scrollbars
<br /></li></ul>
135 <li><a id=
"sec-1-1-1-2" name=
"sec-1-1-1-2"></a>Source (
<a href=
"https://github.com/cybercode/org-slides">org-mode
</a>):
<a href=
"Fixing-trust-on-the-Internet.tar.xz">Fixing-trust-on-the-Internet.tar.xz
</a><br /></li>
136 <li><a id=
"sec-1-1-1-3" name=
"sec-1-1-1-3"></a>Copyright ©
2017 Tom Marble
<br /><div class=
"outline-text-5" id=
"text-1-1-1-3">
138 Licensed under {
<a href=
"https://www.gnu.org/licenses/gpl-3.0.html">GPLv3+
</a> |
<a href=
"http://creativecommons.org/licenses/by-sa/4.0/">CC-by-sa
4.0</a> |
<a href=
"https://github.com/copyleft-next/copyleft-next">copyleft-next
</a> }
140 <table border=
"none" cellspacing=
"0" cellpadding=
"6" rules=
"groups" frame=
"hsides" class=
"quiettable">
152 <td class=
"left"><img src=
"./images/gplv3-127x51.png" alt=
"gplv3-127x51.png" /></td>
153 <td class=
"left"><img src=
"./images/CC-by-sa.png" alt=
"CC-by-sa.png" /></td>
154 <td class=
"left"><img src=
"./images/copyleft-next.png" alt=
"copyleft-next.png" /></td>
164 <div id=
"slide-2" class=
"outline-2 slide">
165 <h2 id=
"sec-2">Software Freedom
& Trust
</h2>
166 <div class=
"outline-text-2" id=
"text-2">
168 Software Freedom is essential to trust the core infrastructure
169 that supports our health, safety, and democracy.
173 <div id=
"slide-2-1" class=
"outline-3">
174 <h3 id=
"sec-2-1">"We need to have confidence in our software, be able to audit it and be able to repair it when we detect vulnerabilities or unwanted functionality like surveillance."</h3>
175 <div class=
"outline-text-3" id=
"text-2-1">
177 – Karen Sandler
<sup><a id=
"fnr.1" name=
"fnr.1" class=
"footref" href=
"#references">1</a></sup>
183 <div id=
"slide-3" class=
"outline-2 slide">
184 <h2 id=
"sec-3">Evolution of using software
</h2>
185 <div class=
"outline-text-2" id=
"text-3">
186 </div><div id=
"slide-3-1" class=
"outline-3">
187 <h3 id=
"sec-3-1">When we gave each computer a name
</h3>
188 <div class=
"outline-text-3" id=
"text-3-1">
190 $ tar zxf code.tar.gz
&& ./configure
&& make install
194 <div id=
"slide-3-2" class=
"outline-3">
195 <h3 id=
"sec-3-2">When we configured computers automatically
</h3>
196 <div class=
"outline-text-3" id=
"text-3-2">
198 PXE boot, puppet, apt-get install my-favorite-package
202 <div id=
"slide-3-3" class=
"outline-3">
203 <h3 id=
"sec-3-3">When we moved to the cloud
</h3>
204 <div class=
"outline-text-3" id=
"text-3-3">
206 Use this prebuilt image
210 <div id=
"slide-3-4" class=
"outline-3">
211 <h3 id=
"sec-3-4">When we started using containers
</h3>
212 <div class=
"outline-text-3" id=
"text-3-4">
214 Make slight modifications to a prebuilt image
218 <div id=
"slide-3-5" class=
"outline-3">
219 <h3 id=
"sec-3-5">Now we are considering lambda functions
</h3>
220 <div class=
"outline-text-3" id=
"text-3-5">
222 There isn't an OS image anymore: just a function
226 <div id=
"slide-3-6" class=
"outline-3">
227 <h3 id=
"sec-3-6">Most software is installed from the app store
</h3>
228 <div class=
"outline-text-3" id=
"text-3-6">
230 Just accept the EULA and device permissions
236 <div id=
"slide-4" class=
"outline-2 slide">
237 <h2 id=
"sec-4">Copyleft isn't enough
</h2>
238 <div class=
"outline-text-2" id=
"text-4">
239 </div><div id=
"slide-4-1" class=
"outline-3">
240 <h3 id=
"sec-4-1">Network services software is not conveyed
</h3>
241 <div class=
"outline-text-3" id=
"text-4-1">
243 Our FLOSS licenses (including copyleft licenses) depend on conveyance.
246 <div id=
"slide-4-1-1" class=
"outline-4">
247 <h4 id=
"sec-4-1-1">AGPL
</h4>
248 <div class=
"outline-text-4" id=
"text-4-1-1">
250 AGPL
"fixes" this network loophole, but hasn't been adopted
251 for wide use in practice other than proprietary relicensing.
256 <div id=
"slide-4-2" class=
"outline-3">
257 <h3 id=
"sec-4-2">What about AI
"algorithms"?
</h3>
258 <div class=
"outline-text-3" id=
"text-4-2">
260 What is the preferred form of modification when software is derived from data (e.g. machine learning)?
264 <div id=
"slide-4-3" class=
"outline-3">
265 <h3 id=
"sec-4-3">No one picks a license anyway
</h3>
266 <div class=
"outline-text-3" id=
"text-4-3">
268 We haven't taught developers to care
<sup><a id=
"fnr.2" name=
"fnr.2" class=
"footref" href=
"#references">2</a></sup>
272 <div id=
"slide-4-4" class=
"outline-3">
273 <h3 id=
"sec-4-4">Most software is installed from the app store
</h3>
274 <div class=
"outline-text-3" id=
"text-4-4">
276 We haven't taught end users to care
282 <div id=
"slide-5" class=
"outline-2 slide">
283 <h2 id=
"sec-5">The fifth freedom
</h2>
284 <div class=
"outline-text-2" id=
"text-5">
286 Freedom
4: The right to deploy your software on someone else's server
290 <div id=
"slide-5-1" class=
"outline-3">
291 <h3 id=
"sec-5-1">"Even if you had the source code today you don't know how to increase other people's freedoms by letting them modify your website at runtime. All you have is a bag of tricks that let's people modify your source code and gives them no way to deploy it on your infrastructure."</h3>
292 <div class=
"outline-text-3" id=
"text-5-1">
294 – r0ml's LCA keynote
<sup><a id=
"fnr.3" name=
"fnr.3" class=
"footref" href=
"#references">3</a></sup>
300 <div id=
"slide-6" class=
"outline-2 slide">
301 <h2 id=
"sec-6">Essential infrastructure requirements
</h2>
302 <div class=
"outline-text-2" id=
"text-6">
303 </div><div id=
"slide-6-1" class=
"outline-3">
304 <h3 id=
"sec-6-1">Energy
</h3>
305 <div class=
"outline-text-3" id=
"text-6-1">
306 </div><ul class=
"org-ul"><li><a id=
"sec-6-1-0-1" name=
"sec-6-1-0-1"></a>We need energy for computing, yet energy is centralized.
<br /></li>
307 <li><a id=
"sec-6-1-0-2" name=
"sec-6-1-0-2"></a>Smart meters have an API for the utility, not for end users
<br /></li></ul>
309 <div id=
"slide-6-2" class=
"outline-3">
310 <h3 id=
"sec-6-2">Communications
</h3>
311 <div class=
"outline-text-3" id=
"text-6-2">
312 </div><ul class=
"org-ul"><li><a id=
"sec-6-2-0-1" name=
"sec-6-2-0-1"></a>Why isn't there a free phone? It's the proprietary baseband processor.
<br /></li>
313 <li><a id=
"sec-6-2-0-2" name=
"sec-6-2-0-2"></a>Potential in unlicensed spectrum, Software Defined Radio, Cognitive Radio
<br /></li></ul>
315 <div id=
"slide-6-3" class=
"outline-3">
316 <h3 id=
"sec-6-3">Money
</h3>
317 <div class=
"outline-text-3" id=
"text-6-3">
318 </div><ul class=
"org-ul"><li><a id=
"sec-6-3-0-1" name=
"sec-6-3-0-1"></a>Digital forms of money (often) have surveillance opportunities
<br /></li>
319 <li><a id=
"sec-6-3-0-2" name=
"sec-6-3-0-2"></a>Anonymous transactions (e.g. cash) are increasingly difficult
<br /><div class=
"outline-text-5" id=
"text-6-3-0-2">
332 <div id=
"slide-7" class=
"outline-2 slide">
333 <h2 id=
"sec-7">Peer to peer energy
<sup><a id=
"fnr.4" name=
"fnr.4" class=
"footref" href=
"#references">4</a></sup></h2>
334 <div class=
"outline-text-2" id=
"text-7">
337 <p><img src=
"./images/nyt-p2p.jpg" alt=
"p2p" align=
"center" />
343 <div id=
"slide-8" class=
"outline-2 slide">
344 <h2 id=
"sec-8">Mobile apps
</h2>
345 <div class=
"outline-text-2" id=
"text-8">
347 <img src=
"./images/Dont-trust-your-apps.jpg" alt=
"Dont-trust-your-apps.jpg" class=
"pad-right" align=
"left" /> <sup><a id=
"fnr.5" name=
"fnr.5" class=
"footref" href=
"#references">5</a></sup>
352 <div id=
"slide-9" class=
"outline-2 slide">
353 <h2 id=
"sec-9">Where is trust now?
</h2>
354 <div class=
"outline-text-2" id=
"text-9">
356 <img src=
"./images/centralized.jpg" alt=
"centralized.jpg" class=
"pad-right" align=
"left" /> <sup><a id=
"fnr.6" name=
"fnr.6" class=
"footref" href=
"#references">6</a></sup>
360 <ul class=
"org-ul"><li><a id=
"sec-9-0-0-1" name=
"sec-9-0-0-1"></a>Credit Bureaus
<br /></li>
361 <li><a id=
"sec-9-0-0-2" name=
"sec-9-0-0-2"></a>eBay (reputation)
<br /></li>
362 <li><a id=
"sec-9-0-0-3" name=
"sec-9-0-0-3"></a>other walled gardens
<br /><div class=
"outline-text-5" id=
"text-9-0-0-3">
368 Closed and centralized
374 <div id=
"slide-10" class=
"outline-2 slide">
375 <h2 id=
"sec-10">Shape of the solution (part
1/
2)
</h2>
376 <div class=
"outline-text-2" id=
"text-10">
378 Network service trust API
382 <div id=
"slide-10-1" class=
"outline-3">
383 <h3 id=
"sec-10-1">☙ Federated corroboration of assertions
</h3>
384 <div class=
"outline-text-3" id=
"text-10-1">
390 <div id=
"slide-10-2" class=
"outline-3">
391 <h3 id=
"sec-10-2">☙ Make and query assertions at the app level
</h3>
392 <div class=
"outline-text-3" id=
"text-10-2">
394 libtrust.so, libtrust.js
398 <div id=
"slide-10-3" class=
"outline-3">
399 <h3 id=
"sec-10-3">☙ Transitive with personal vantage point
</h3>
400 <div class=
"outline-text-3" id=
"text-10-3">
401 </div><ul class=
"org-ul"><li><a id=
"sec-10-3-0-1" name=
"sec-10-3-0-1"></a>Deb asserts the software is Free and reproducible
<br /></li>
402 <li><a id=
"sec-10-3-0-2" name=
"sec-10-3-0-2"></a>Chris trusts Deb to certify software
<br /></li>
403 <li><a id=
"sec-10-3-0-3" name=
"sec-10-3-0-3"></a>I trust Chris' software certification assessments
<br /></li>
404 <li><a id=
"sec-10-3-0-4" name=
"sec-10-3-0-4"></a>⇒ I am comfortable installing this software
<br /></li></ul>
406 <div id=
"slide-10-4" class=
"outline-3">
407 <h3 id=
"sec-10-4">☙ Quick transactions
</h3>
411 <div id=
"slide-11" class=
"outline-2 slide">
412 <h2 id=
"sec-11">You think you know what I'm going to say now
…</h2>
415 <div id=
"slide-12" class=
"outline-2 slide">
416 <h2 id=
"sec-12">13</h2>
417 <div class=
"outline-text-2" id=
"text-12">
420 <p><img src=
"./images/tm13.png" alt=
"tm13.png" class=
"fullscreen" />
425 <div id=
"slide-13" class=
"outline-2 slide">
426 <h2 id=
"sec-13">12</h2>
427 <div class=
"outline-text-2" id=
"text-13">
430 <p><img src=
"./images/tm12.png" alt=
"tm12.png" class=
"fullscreen" />
435 <div id=
"slide-14" class=
"outline-2 slide">
436 <h2 id=
"sec-14">11</h2>
437 <div class=
"outline-text-2" id=
"text-14">
440 <p><img src=
"./images/tm11.png" alt=
"tm11.png" class=
"fullscreen" />
445 <div id=
"slide-15" class=
"outline-2 slide">
446 <h2 id=
"sec-15">10</h2>
447 <div class=
"outline-text-2" id=
"text-15">
450 <p><img src=
"./images/tm10.png" alt=
"tm10.png" class=
"fullscreen" />
455 <div id=
"slide-16" class=
"outline-2 slide">
456 <h2 id=
"sec-16">9</h2>
457 <div class=
"outline-text-2" id=
"text-16">
460 <p><img src=
"./images/tm09.png" alt=
"tm09.png" class=
"fullscreen" />
465 <div id=
"slide-17" class=
"outline-2 slide">
466 <h2 id=
"sec-17">8</h2>
467 <div class=
"outline-text-2" id=
"text-17">
470 <p><img src=
"./images/tm08.png" alt=
"tm08.png" class=
"fullscreen" />
475 <div id=
"slide-18" class=
"outline-2 slide">
476 <h2 id=
"sec-18">7</h2>
477 <div class=
"outline-text-2" id=
"text-18">
480 <p><img src=
"./images/tm07.png" alt=
"tm07.png" class=
"fullscreen" />
485 <div id=
"slide-19" class=
"outline-2 slide">
486 <h2 id=
"sec-19">6</h2>
487 <div class=
"outline-text-2" id=
"text-19">
490 <p><img src=
"./images/tm06.png" alt=
"tm06.png" class=
"fullscreen" />
495 <div id=
"slide-20" class=
"outline-2 slide">
496 <h2 id=
"sec-20">5</h2>
497 <div class=
"outline-text-2" id=
"text-20">
500 <p><img src=
"./images/tm05.png" alt=
"tm05.png" class=
"fullscreen" />
505 <div id=
"slide-21" class=
"outline-2 slide">
506 <h2 id=
"sec-21">4</h2>
507 <div class=
"outline-text-2" id=
"text-21">
510 <p><img src=
"./images/tm04.png" alt=
"tm04.png" class=
"fullscreen" />
515 <div id=
"slide-22" class=
"outline-2 slide">
516 <h2 id=
"sec-22">3</h2>
517 <div class=
"outline-text-2" id=
"text-22">
520 <p><img src=
"./images/tm03.png" alt=
"tm03.png" class=
"fullscreen" />
525 <div id=
"slide-23" class=
"outline-2 slide">
526 <h2 id=
"sec-23">2</h2>
527 <div class=
"outline-text-2" id=
"text-23">
530 <p><img src=
"./images/tm02.png" alt=
"tm02.png" class=
"fullscreen" />
535 <div id=
"slide-24" class=
"outline-2 slide">
536 <h2 id=
"sec-24">1</h2>
537 <div class=
"outline-text-2" id=
"text-24">
540 <p><img src=
"./images/tm01.png" alt=
"tm01.png" class=
"fullscreen" />
545 <div id=
"slide-25" class=
"outline-2 slide">
546 <h2 id=
"sec-25">GPG WoT
</h2>
547 <div class=
"outline-text-2" id=
"text-25">
553 <div id=
"slide-25-1" class=
"outline-3">
554 <h3 id=
"sec-25-1">The GPG Web of Trust asserts identity
</h3>
555 <div class=
"outline-text-3" id=
"text-25-1">
556 </div><ul class=
"org-ul"><li><a id=
"sec-25-1-0-1" name=
"sec-25-1-0-1"></a>The trustdb is private
<br /></li>
557 <li><a id=
"sec-25-1-0-2" name=
"sec-25-1-0-2"></a>Keyservers are not designed for other data
<br /></li></ul>
559 <div id=
"slide-25-2" class=
"outline-3">
560 <h3 id=
"sec-25-2">Using PGP is tricky for us
</h3>
561 <div class=
"outline-text-3" id=
"text-25-2">
562 </div><ul class=
"org-ul"><li><a id=
"sec-25-2-0-1" name=
"sec-25-2-0-1"></a>Choosing algos and signature strengths
<br /></li>
563 <li><a id=
"sec-25-2-0-2" name=
"sec-25-2-0-2"></a>Protecting key material
<br /></li>
564 <li><a id=
"sec-25-2-0-3" name=
"sec-25-2-0-3"></a>Not getting fooled by EVIL-
32 <sup><a id=
"fnr.7" name=
"fnr.7" class=
"footref" href=
"#references">7</a></sup><br /></li></ul>
566 <div id=
"slide-25-3" class=
"outline-3">
567 <h3 id=
"sec-25-3">Impossibly difficult for end users
</h3>
568 <div class=
"outline-text-3" id=
"text-25-3">
569 </div><ul class=
"org-ul"><li><a id=
"sec-25-3-0-1" name=
"sec-25-3-0-1"></a>Sharing public keys
<br /></li>
570 <li><a id=
"sec-25-3-0-2" name=
"sec-25-3-0-2"></a>Configuring applications properly
<br /></li></ul>
574 <div id=
"slide-26" class=
"outline-2 slide">
575 <h2 id=
"sec-26">You think you know what I'm going to say NOW
…</h2>
578 <div id=
"slide-27" class=
"outline-2 slide">
579 <h2 id=
"sec-27">Bitcoin
</h2>
580 <div class=
"outline-text-2" id=
"text-27">
583 <p><img src=
"./images/bitcoin.svg" alt=
"bitcoin.svg" class=
"pad-bottom" height=
"300px" />
588 In Satoshi Nakamoto we trust!
<sup><a id=
"fnr.8" name=
"fnr.8" class=
"footref" href=
"#references">8</a></sup>
593 <div id=
"slide-28" class=
"outline-2 slide">
594 <h2 id=
"sec-28">Hyperledger
</h2>
595 <div class=
"outline-text-2" id=
"text-28">
598 <p><img src=
"./images/logo_hl_new.png" alt=
"logo_hl_new.png" class=
"pad-bottom" />
603 It's hosted by the Linux Foundation. That means it's community friendly
… rite?
<sup><a id=
"fnr.9" name=
"fnr.9" class=
"footref" href=
"#references">9</a></sup>
608 <div id=
"slide-29" class=
"outline-2 slide">
609 <h2 id=
"sec-29">Ethereum
</h2>
610 <div class=
"outline-text-2" id=
"text-29">
613 <p><img src=
"./images/ethereum.png" alt=
"ethereum.png" class=
"pad-bottom" />
618 Companies use it for smart contracts!
<sup><a id=
"fnr.10" name=
"fnr.10" class=
"footref" href=
"#references">10</a></sup>
623 <div id=
"slide-30" class=
"outline-2 slide">
624 <h2 id=
"sec-30">Zcash
</h2>
625 <div class=
"outline-text-2" id=
"text-30">
628 <p><img src=
"./images/zcash-logo-gold.png" alt=
"zcash-logo-gold.png" class=
"pad-bottom" />
633 Zooko and Matthew Green
<sup><a id=
"fnr.11" name=
"fnr.11" class=
"footref" href=
"#references">11</a></sup>
638 <div id=
"slide-31" class=
"outline-2 slide">
639 <h2 id=
"sec-31">DogeCoin
</h2>
640 <div class=
"outline-text-2" id=
"text-31">
643 <p><img src=
"./images/dogecoin.png" alt=
"dogecoin.png" class=
"pad-bottom" />
648 That's the MEME!
<sup><a id=
"fnr.12" name=
"fnr.12" class=
"footref" href=
"#references">12</a></sup>
653 <div id=
"slide-32" class=
"outline-2 slide">
654 <h2 id=
"sec-32">nah :(
</h2>
655 <div class=
"outline-text-2" id=
"text-32">
657 Wait, why NOT blockchain tech?
660 <div id=
"slide-32-1" class=
"outline-3">
661 <h3 id=
"sec-32-1">centralized
– in effect
</h3>
662 <div class=
"outline-text-3" id=
"text-32-1">
664 Domination by huge mining pools
668 <div id=
"slide-32-2" class=
"outline-3">
669 <h3 id=
"sec-32-2">bandwidth limited
</h3>
670 <div class=
"outline-text-3" id=
"text-32-2">
672 Time to process transactions long and variable
676 <div id=
"slide-32-3" class=
"outline-3">
677 <h3 id=
"sec-32-3">transaction fees
</h3>
678 <div class=
"outline-text-3" id=
"text-32-3">
680 Start to look like PayPal fees
684 <div id=
"slide-32-4" class=
"outline-3">
685 <h3 id=
"sec-32-4">a waste of energy
</h3>
686 <div class=
"outline-text-3" id=
"text-32-4">
688 Brute forcing hashes is bad
<sup><a id=
"fnr.13" name=
"fnr.13" class=
"footref" href=
"#references">13</a></sup> for the environment
<sup><a id=
"fnr.14" name=
"fnr.14" class=
"footref" href=
"#references">14</a></sup>
694 <div id=
"slide-33" class=
"outline-2 slide">
695 <h2 id=
"sec-33">Great barrier reef
</h2>
696 <div class=
"outline-text-2" id=
"text-33">
697 <table border=
"none" cellspacing=
"0" cellpadding=
"6" rules=
"groups" frame=
"hsides" class=
"quiettable">
709 <td class=
"left">not fake news
</td>
710 <td class=
"left"><img src=
"./images/reef-death.jpg" alt=
"reef-death.jpg" /></td>
711 <td class=
"left"><sup><a id=
"fnr.15" name=
"fnr.15" class=
"footref" href=
"#references">15</a></sup></td>
718 <div id=
"slide-34" class=
"outline-2 slide">
719 <h2 id=
"sec-34">What we need is..
</h2>
720 <div class=
"outline-text-2" id=
"text-34">
722 What's the essential thing the blockchain solves
726 <div id=
"slide-34-1" class=
"outline-3">
727 <h3 id=
"sec-34-1">non-repudiation
</h3>
731 <div id=
"slide-35" class=
"outline-2 slide">
732 <h2 id=
"sec-35">Learn by example
</h2>
733 <div class=
"outline-text-2" id=
"text-35">
736 <p><img src=
"./images/mall_logo1_medium-300x286.png" alt=
"mall_logo1_medium-300x286.png" class=
"pad-right" align=
"left" />
741 <ul class=
"org-ul"><li><a id=
"sec-35-0-0-1" name=
"sec-35-0-0-1"></a>The tire fire that is X
.509 <sup><a id=
"fnr.16" name=
"fnr.16" class=
"footref" href=
"#references">16</a></sup><br /></li>
742 <li><a id=
"sec-35-0-0-2" name=
"sec-35-0-0-2"></a>MiTM on the internet
<sup><a id=
"fnr.17" name=
"fnr.17" class=
"footref" href=
"#references">17</a></sup><br /><ul class=
"org-ul"><li><a id=
"sec-35-0-0-2-1" name=
"sec-35-0-0-2-1"></a>4.0% of Firefox update connections
<br /></li>
743 <li><a id=
"sec-35-0-0-2-2" name=
"sec-35-0-0-2-2"></a>6.2% of e-commerce connections
<br /></li>
744 <li><a id=
"sec-35-0-0-2-3" name=
"sec-35-0-0-2-3"></a>10.9% of U.S. Cloudflare connections
<br /></li></ul>
748 <div id=
"slide-36" class=
"outline-2 slide">
749 <h2 id=
"sec-36">Certificate Transparency
</h2>
750 <div class=
"outline-text-2" id=
"text-36">
751 </div><div id=
"slide-36-1" class=
"outline-3">
752 <h3 id=
"sec-36-1">Use append-only logs to record certificate signatures
<sup><a id=
"fnr.18" name=
"fnr.18" class=
"footref" href=
"#references">18</a></sup></h3>
753 <div class=
"outline-text-3" id=
"text-36-1">
754 </div><ul class=
"org-ul"><li><a id=
"sec-36-1-0-1" name=
"sec-36-1-0-1"></a>Early detection of misissued certificates, malicious certificates, and rogue CAs.
<br /></li>
755 <li><a id=
"sec-36-1-0-2" name=
"sec-36-1-0-2"></a>Faster mitigation after suspect certificates or CAs are detected.
<br /></li>
756 <li><a id=
"sec-36-1-0-3" name=
"sec-36-1-0-3"></a>Better oversight of the entire TLS/SSL system.
<br /></li></ul>
758 <div id=
"slide-36-2" class=
"outline-3">
759 <h3 id=
"sec-36-2">Browser support
</h3>
760 <div class=
"outline-text-3" id=
"text-36-2">
761 </div><ul class=
"org-ul"><li><a id=
"sec-36-2-0-1" name=
"sec-36-2-0-1"></a>Chrome
<sup><a id=
"fnr.19" name=
"fnr.19" class=
"footref" href=
"#references">19</a></sup><br /></li>
762 <li><a id=
"sec-36-2-0-2" name=
"sec-36-2-0-2"></a>Firefox
<sup><a id=
"fnr.20" name=
"fnr.20" class=
"footref" href=
"#references">20</a></sup><br /></li></ul>
764 <div id=
"slide-36-3" class=
"outline-3">
765 <h3 id=
"sec-36-3">Ongoing concerns and discussion
<sup><a id=
"fnr.21" name=
"fnr.21" class=
"footref" href=
"#references">21</a></sup></h3>
766 <div class=
"outline-text-3" id=
"text-36-3">
767 </div><ul class=
"org-ul"><li><a id=
"sec-36-3-0-1" name=
"sec-36-3-0-1"></a>RFC
6962 <sup><a id=
"fnr.22" name=
"fnr.22" class=
"footref" href=
"#references">22</a></sup><br /></li></ul>
771 <div id=
"slide-37" class=
"outline-2 slide">
772 <h2 id=
"sec-37">Append-only logs
</h2>
773 <div class=
"outline-text-2" id=
"text-37">
774 </div><div id=
"slide-37-1" class=
"outline-3">
775 <h3 id=
"sec-37-1">Merkle Trees
<sup><a id=
"fnr.23" name=
"fnr.23" class=
"footref" href=
"#references">23</a></sup></h3>
776 <div class=
"outline-text-3" id=
"text-37-1">
778 Tree of hashes, provides log(n) performance
782 <div id=
"slide-37-2" class=
"outline-3">
783 <h3 id=
"sec-37-2">eXtended Merkle Signature Scheme (XMSS)
<sup><a id=
"fnr.24" name=
"fnr.24" class=
"footref" href=
"#references">24</a></sup></h3>
784 <div class=
"outline-text-3" id=
"text-37-2">
786 Requires maintaining state (not portable)
790 <div id=
"slide-37-3" class=
"outline-3">
791 <h3 id=
"sec-37-3">SPHINCS
<sup><a id=
"fnr.25" name=
"fnr.25" class=
"footref" href=
"#references">25</a></sup></h3>
792 <div class=
"outline-text-3" id=
"text-37-3">
794 Stateless
<sup><a id=
"fnr.26" name=
"fnr.26" class=
"footref" href=
"#references">26</a></sup>
800 <div id=
"slide-38" class=
"outline-2 slide">
801 <h2 id=
"sec-38">Generic use of append-only logs
</h2>
802 <div class=
"outline-text-2" id=
"text-38">
803 </div><div id=
"slide-38-1" class=
"outline-3">
804 <h3 id=
"sec-38-1">Trillian
<sup><a id=
"fnr.27" name=
"fnr.27" class=
"footref" href=
"#references">27</a></sup></h3>
805 <div class=
"outline-text-3" id=
"text-38-1">
811 <div id=
"slide-38-2" class=
"outline-3">
812 <h3 id=
"sec-38-2">Cothority
<sup><a id=
"fnr.28" name=
"fnr.28" class=
"footref" href=
"#references">28</a></sup></h3>
813 <div class=
"outline-text-3" id=
"text-38-2">
815 Multi-party cryptographic signatures to avoid backdoors
819 <div id=
"slide-38-3" class=
"outline-3">
820 <h3 id=
"sec-38-3">Codehash
<sup><a id=
"fnr.29" name=
"fnr.29" class=
"footref" href=
"#references">29</a></sup></h3>
821 <div class=
"outline-text-3" id=
"text-38-3">
823 A simple oracle that answers a simple question: is this software safe to install and run?
<sup><a id=
"fnr.30" name=
"fnr.30" class=
"footref" href=
"#references">30</a></sup>
829 <div id=
"slide-39" class=
"outline-2 slide">
830 <h2 id=
"sec-39">Challenges
</h2>
831 <div class=
"outline-text-2" id=
"text-39">
832 </div><div id=
"slide-39-1" class=
"outline-3">
833 <h3 id=
"sec-39-1">Toxic Data
</h3>
834 <div class=
"outline-text-3" id=
"text-39-1">
835 </div><ul class=
"org-ul"><li><a id=
"sec-39-1-0-1" name=
"sec-39-1-0-1"></a>Allow deletion? Possible vulnerabilities in allowing log altering
<br /></li>
836 <li><a id=
"sec-39-1-0-2" name=
"sec-39-1-0-2"></a>Prohibit deletion? Permanent toxicity: no way to be forgotten
<br /></li></ul>
838 <div id=
"slide-39-2" class=
"outline-3">
839 <h3 id=
"sec-39-2">Spam
</h3>
840 <div class=
"outline-text-3" id=
"text-39-2">
841 </div><ul class=
"org-ul"><li><a id=
"sec-39-2-0-1" name=
"sec-39-2-0-1"></a>Open log with arbitrary input data?
<br /></li>
842 <li><a id=
"sec-39-2-0-2" name=
"sec-39-2-0-2"></a>vs. CT only allowing root authorities?
<br /></li></ul>
844 <div id=
"slide-39-3" class=
"outline-3">
845 <h3 id=
"sec-39-3">Astroturfing
</h3>
846 <div class=
"outline-text-3" id=
"text-39-3">
847 </div><ul class=
"org-ul"><li><a id=
"sec-39-3-0-1" name=
"sec-39-3-0-1"></a>Can the network be overwhelmed?
<br /></li>
848 <li><a id=
"sec-39-3-0-2" name=
"sec-39-3-0-2"></a>vs. Is the personal vantage point immune?
<br /></li></ul>
850 <div id=
"slide-39-4" class=
"outline-3">
851 <h3 id=
"sec-39-4">Writing crypto safe code is difficult
</h3>
855 <div id=
"slide-40" class=
"outline-2 slide">
856 <h2 id=
"sec-40">Best Practices
</h2>
857 <div class=
"outline-text-2" id=
"text-40">
858 </div><div id=
"slide-40-1" class=
"outline-3">
859 <h3 id=
"sec-40-1">Free Software with Complete and Corresponding Source
</h3>
861 <div id=
"slide-40-2" class=
"outline-3">
862 <h3 id=
"sec-40-2">Code review
</h3>
863 <div class=
"outline-text-3" id=
"text-40-2">
864 </div><ul class=
"org-ul"><li><a id=
"sec-40-2-0-1" name=
"sec-40-2-0-1"></a>Avoid the OpenSSL problem
<br /></li></ul>
866 <div id=
"slide-40-3" class=
"outline-3">
867 <h3 id=
"sec-40-3">Reproducible builds
</h3>
869 <div id=
"slide-40-4" class=
"outline-3">
870 <h3 id=
"sec-40-4">Automated, Continuous integration
</h3>
871 <div class=
"outline-text-3" id=
"text-40-4">
872 </div><ul class=
"org-ul"><li><a id=
"sec-40-4-0-1" name=
"sec-40-4-0-1"></a>static analysis (ASAN)
<br /></li>
873 <li><a id=
"sec-40-4-0-2" name=
"sec-40-4-0-2"></a>coverage
<br /></li>
874 <li><a id=
"sec-40-4-0-3" name=
"sec-40-4-0-3"></a>fuzzing
<br /></li>
875 <li><a id=
"sec-40-4-0-4" name=
"sec-40-4-0-4"></a>tests against threats
<br /></li></ul>
877 <div id=
"slide-40-5" class=
"outline-3">
878 <h3 id=
"sec-40-5">As a developer you do NOT want to be a target
</h3>
879 <div class=
"outline-text-3" id=
"text-40-5">
880 </div><ul class=
"org-ul"><li><a id=
"sec-40-5-0-1" name=
"sec-40-5-0-1"></a>want to do be right by your users
<br /></li>
881 <li><a id=
"sec-40-5-0-2" name=
"sec-40-5-0-2"></a>the checks
& balances keep developers from being vulnerable
<br /></li></ul>
885 <div id=
"slide-41" class=
"outline-2 slide">
886 <h2 id=
"sec-41">Shape of the solution (part
2/
2)
</h2>
887 <div class=
"outline-text-2" id=
"text-41">
888 </div><div id=
"slide-41-1" class=
"outline-3">
889 <h3 id=
"sec-41-1">Research similar work
</h3>
890 <div class=
"outline-text-3" id=
"text-41-1">
891 </div><ul class=
"org-ul"><li><a id=
"sec-41-1-0-1" name=
"sec-41-1-0-1"></a>append-only log alternatives
<br /></li>
892 <li><a id=
"sec-41-1-0-2" name=
"sec-41-1-0-2"></a>Application Transparency
<br /></li>
893 <li><a id=
"sec-41-1-0-3" name=
"sec-41-1-0-3"></a>Binary Transparency
<sup><a id=
"fnr.31" name=
"fnr.31" class=
"footref" href=
"#references">31</a></sup><br /></li></ul>
895 <div id=
"slide-41-2" class=
"outline-3">
896 <h3 id=
"sec-41-2">Address the Challenges
</h3>
898 <div id=
"slide-41-3" class=
"outline-3">
899 <h3 id=
"sec-41-3">Use Best Practices
</h3>
901 <div id=
"slide-41-4" class=
"outline-3">
902 <h3 id=
"sec-41-4">Under the umbrella of a fiscal sponsorship organization
</h3>
903 <div class=
"outline-text-3" id=
"text-41-4">
904 </div><ul class=
"org-ul"><li><a id=
"sec-41-4-0-1" name=
"sec-41-4-0-1"></a>Governance review
<br /></li></ul>
908 <div id=
"slide-42" class=
"outline-2 slide">
909 <h2 id=
"sec-42">Software Freedom Conservancy
</h2>
910 <div class=
"outline-text-2" id=
"text-42">
912 Why you should support Conservancy:
916 <div id=
"slide-42-1" class=
"outline-3">
917 <h3 id=
"sec-42-1">🌲 supports diversity and is home to Outreachy
<sup><a id=
"fnr.32" name=
"fnr.32" class=
"footref" href=
"#references">32</a></sup></h3>
919 <div id=
"slide-42-2" class=
"outline-3">
920 <h3 id=
"sec-42-2">🌲 helps hackers: ContractPatch
<sup><a id=
"fnr.33" name=
"fnr.33" class=
"footref" href=
"#references">33</a></sup></h3>
922 <div id=
"slide-42-3" class=
"outline-3">
923 <h3 id=
"sec-42-3">🌲 is a
501(c)
3 charity supported by individuals
<sup><a id=
"fnr.34" name=
"fnr.34" class=
"footref" href=
"#references">34</a></sup></h3>
924 <div class=
"outline-text-3" id=
"text-42-3">
925 </div><div id=
"slide-42-3-1" class=
"outline-4">
926 <h4 id=
"sec-42-3-1">Please join today!
</h4>
927 <div class=
"outline-text-4" id=
"text-42-3-1">
929 <a href=
"https://sfconservancy.org/">https://sfconservancy.org/
</a>
933 <b>disclaimer: I'm on the Conservancy Evaluation Committee
</b>
940 <div id=
"slide-43" class=
"outline-2 slide">
941 <h2 id=
"sec-43">Possible first use case: Debian
</h2>
942 <div class=
"outline-text-2" id=
"text-43">
944 Protect against compromised repositories
948 <div id=
"slide-43-1" class=
"outline-3">
949 <h3 id=
"sec-43-1">On package publication (by the Debian project)
</h3>
950 <div class=
"outline-text-3" id=
"text-43-1">
951 </div><ul class=
"org-ul"><li><a id=
"sec-43-1-0-1" name=
"sec-43-1-0-1"></a>put package signature into an append-only log
<br /></li></ul>
953 <div id=
"slide-43-2" class=
"outline-3">
954 <h3 id=
"sec-43-2">On package installation (by the user, via apt-get plugin)
</h3>
955 <div class=
"outline-text-3" id=
"text-43-2">
956 </div><ul class=
"org-ul"><li><a id=
"sec-43-2-0-1" name=
"sec-43-2-0-1"></a>verify package signatures with the log
<br /></li>
957 <li><a id=
"sec-43-2-0-2" name=
"sec-43-2-0-2"></a>publish suspicious checksum to an auditor
<br /></li>
958 <li><a id=
"sec-43-2-0-3" name=
"sec-43-2-0-3"></a>option to not install mismatched packages
<br /></li></ul>
962 <div id=
"slide-44" class=
"outline-2 slide">
963 <h2 id=
"sec-44">Why talk trust at LibrePlanet?
</h2>
964 <div class=
"outline-text-2" id=
"text-44">
965 </div><div id=
"slide-44-1" class=
"outline-3">
966 <h3 id=
"sec-44-1">Because of the people in this room!
</h3>
967 <div class=
"outline-text-3" id=
"text-44-1">
968 </div><ul class=
"org-ul"><li><a id=
"sec-44-1-0-1" name=
"sec-44-1-0-1"></a>We understand the tech
<br /></li>
969 <li><a id=
"sec-44-1-0-2" name=
"sec-44-1-0-2"></a>We understand why trust matters to end users
<br /></li>
970 <li><a id=
"sec-44-1-0-3" name=
"sec-44-1-0-3"></a>We are the peer reviewers
<br /></li></ul>
972 <div id=
"slide-44-2" class=
"outline-3">
973 <h3 id=
"sec-44-2">Need to reach more than just developers
…</h3>
974 <div class=
"outline-text-3" id=
"text-44-2">
975 </div><ul class=
"org-ul"><li><a id=
"sec-44-2-0-1" name=
"sec-44-2-0-1"></a>User experience experts
<br /></li>
976 <li><a id=
"sec-44-2-0-2" name=
"sec-44-2-0-2"></a>Lawyers: How to reprise the
"hack on copyright" to protect network services
<br /></li>
977 <li><a id=
"sec-44-2-0-3" name=
"sec-44-2-0-3"></a>Activists: Help end users understand and care!
<br /></li></ul>
981 <div id=
"slide-45" class=
"outline-2 slide">
982 <h2 id=
"sec-45">Q/A
& Where we go from here
</h2>
983 <div class=
"outline-text-2" id=
"text-45">
984 </div><div id=
"slide-45-1" class=
"outline-3">
985 <h3 id=
"sec-45-1">Call to action: Join the [trust-api] mailing list
</h3>
986 <div class=
"outline-text-3" id=
"text-45-1">
988 <a href=
"http://lists.info9.net/mailman/listinfo/trust-api">http://lists.info9.net/mailman/listinfo/trust-api
</a>
992 <div id=
"slide-45-2" class=
"outline-3">
993 <h3 id=
"sec-45-2">Cuddles asks a question???
<sup><a id=
"fnr.35" name=
"fnr.35" class=
"footref" href=
"#references">35</a></sup></h3>
994 <div class=
"outline-text-3" id=
"text-45-2">
997 <p><img src=
"./images/cuddles-qa.jpg" alt=
"Cuddles" align=
"center" />
1004 <div id=
"references" class=
"outline-2 slide">
1005 <h2 id=
"sec-46">References
</h2>
1006 <div class=
"outline-text-2" id=
"text-46">
1008 Footnote references (press 's' for scrollbars)
1010 <input type=
"button" value=
"◁" onclick=
"window.history.back()"/>
1013 <li id=
"fn:1"> <a href=
"https://sfconservancy.org/blog/2016/dec/29/software-freedom-after-trump/">https://sfconservancy.org/blog/
2016/dec/
29/software-freedom-after-trump/
</a>
1015 <li id=
"fn:2"> See
48:
35 in r0ml's talk on how the minority of GitHub projects actually have a license:
1016 <a href=
"https://www.youtube.com/watch?v=i3nJR7PNgI4&feature=youtu.be&t=2915">https://www.youtube.com/watch?v=i3nJR7PNgI4&feature=youtu.be&t=
2915</a>
1018 <li id=
"fn:3"> <a href=
"https://www.youtube.com/watch?v=i3nJR7PNgI4">https://www.youtube.com/watch?v=i3nJR7PNgI4
</a>
1020 <li id=
"fn:4"> <a href=
"https://www.nytimes.com/2017/03/13/business/energy-environment/brooklyn-solar-grid-energy-trading.html">https://www.nytimes.com/
2017/
03/
13/business/energy-environment/brooklyn-solar-grid-energy-trading.html
</a>
1022 <li id=
"fn:5"> <a href=
"http://www.usatoday.com/story/tech/news/2017/03/06/mapping-software-routing-waze-google-traffic-calming-algorithmsi/98588980/">http://www.usatoday.com/story/tech/news/
2017/
03/
06/mapping-software-routing-waze-google-traffic-calming-algorithmsi/
98588980/
</a>
1024 <li id=
"fn:6"> <a href=
"https://archive.fosdem.org/2014/schedule/event/network_freedom/">https://archive.fosdem.org/
2014/schedule/event/network_freedom/
</a>
1026 <li id=
"fn:7"> <a href=
"https://evil32.com/">https://evil32.com/
</a>
1028 <li id=
"fn:8"> <a href=
"https://bitcoin.org/en/">https://bitcoin.org/en/
</a>
1030 <li id=
"fn:9"> <a href=
"https://www.hyperledger.org/">https://www.hyperledger.org/
</a>
1032 <li id=
"fn:10"> <a href=
"https://www.ethereum.org/">https://www.ethereum.org/
</a>
1034 <li id=
"fn:11"> <a href=
"https://z.cash/">https://z.cash/
</a>
1036 <li id=
"fn:12"> <a href=
"http://dogecoin.com/">http://dogecoin.com/
</a>
1038 <li id=
"fn:13"> <a href=
"http://www.abc.net.au/news/2015-10-06/quiggin-bitcoins-are-a-waste-of-energy/6827940">http://www.abc.net.au/news/
2015-
10-
06/quiggin-bitcoins-are-a-waste-of-energy/
6827940</a>
1040 <li id=
"fn:14"> <a href=
"https://www.bitcoinmining.com/is-bitcoin-mining-waste-electricity/">https://www.bitcoinmining.com/is-bitcoin-mining-waste-electricity/
</a>
1042 <li id=
"fn:15"> <a href=
"http://www.news.com.au/technology/environment/natural-wonders/before-and-after-great-barrier-reef-photos-expose-shocking-realities-of-coral-bleaching/news-story/527d7599f160532474b27f1ca26fdbfc">http://www.news.com.au/technology/environment/natural-wonders/before-and-after-great-barrier-reef-photos-expose-shocking-realities-of-coral-bleaching/news-story/
527d7599f160532474b27f1ca26fdbfc
</a>
1044 <li id=
"fn:16"> Security Now, Epsiode #
599
1045 <a href=
"https://www.grc.com/securitynow.htm">https://www.grc.com/securitynow.htm
</a>
1047 <li id=
"fn:17"> <a href=
"https://jhalderm.com/pub/papers/interception-ndss17.pdf">https://jhalderm.com/pub/papers/interception-ndss17.pdf
</a>
1049 <li id=
"fn:18"> <a href=
"https://www.certificate-transparency.org/">https://www.certificate-transparency.org/
</a>
1051 <li id=
"fn:19"> <a href=
"https://www.thesslstore.com/blog/google-chrome-certificate-transparency-2017/">https://www.thesslstore.com/blog/google-chrome-certificate-transparency-
2017/
</a>
1053 <li id=
"fn:20"> <a href=
"https://www.thesslstore.com/blog/firefox-certificate-transparency/">https://www.thesslstore.com/blog/firefox-certificate-transparency/
</a>
1055 <li id=
"fn:21"> <a href=
"https://www.ietf.org/mailman/listinfo/trans">https://www.ietf.org/mailman/listinfo/trans
</a>
1057 <li id=
"fn:22"> <a href=
"https://datatracker.ietf.org/doc/rfc6962/">https://datatracker.ietf.org/doc/rfc6962/
</a>
1059 <li id=
"fn:23"> <a href=
"https://en.wikipedia.org/wiki/Merkle_tree">https://en.wikipedia.org/wiki/Merkle_tree
</a>
1061 <li id=
"fn:24"> <a href=
"https://eprint.iacr.org/2011/484.pdf">https://eprint.iacr.org/
2011/
484.pdf
</a>
1063 <li id=
"fn:25"> <a href=
"https://sphincs.cr.yp.to/">https://sphincs.cr.yp.to/
</a>
1065 <li id=
"fn:26"> <a href=
"https://cryptoservices.github.io/quantum/2015/12/08/XMSS-and-SPHINCS.html">https://cryptoservices.github.io/quantum/
2015/
12/
08/XMSS-and-SPHINCS.html
</a>
1067 <li id=
"fn:27"> <a href=
"https://github.com/google/trillian">https://github.com/google/trillian
</a>
1069 <li id=
"fn:28"> <a href=
"https://boingboing.net/2016/03/10/using-distributed-code-signatu.html">https://boingboing.net/
2016/
03/
10/using-distributed-code-signatu.html
</a>
1071 <li id=
"fn:29"> <a href=
"https://github.com/rootkovska/codehash.db">https://github.com/rootkovska/codehash.db
</a>
1073 <li id=
"fn:30"> <a href=
"https://secure-os.org/pipermail/desktops/2016-November/000143.html">https://secure-os.org/pipermail/desktops/
2016-November/
000143.html
</a>
1075 <li id=
"fn:31"> <a href=
"https://github.com/FreeBSDFoundation/binary-transparency-notes">https://github.com/FreeBSDFoundation/binary-transparency-notes
</a>
1077 <li id=
"fn:32"> <a href=
"https://www.gnome.org/outreachy/">https://www.gnome.org/outreachy/
</a>
1079 <li id=
"fn:33"> <a href=
"https://sfconservancy.org/blog/?tag=ContractPatch">https://sfconservancy.org/blog/?tag=ContractPatch
</a>
1081 <li id=
"fn:34"> <a href=
"https://sfconservancy.org/supporter/">https://sfconservancy.org/supporter/
</a>
1083 <li id=
"fn:35"> cuddles: Copyright ©
2017 Tom Marble, CC-by-sa
4.0</ol>
1088 <!-- Place the following snippet at the bottom of the deck container. -->
1089 <p class=
"deck-status" aria-role=
"status">
1090 <span class=
"deck-status-current"></span>
1092 <span class=
"deck-status-total"></span>
1095 <!-- Place the following snippet at the bottom of the deck container. -->
1096 <div aria-role=
"navigation">
1097 <a href=
"#" class=
"deck-prev-link" title=
"Previous">←</a>
1098 <a href=
"#" class=
"deck-next-link" title=
"Next">→</a>
1101 <!-- Place the following snippet at the bottom of the deck container. -->
1102 <form action=
"." method=
"get" class=
"goto-form">
1103 <label for=
"goto-slide">Go to slide:
</label>
1104 <input type=
"text" name=
"slidenum" id=
"goto-slide" list=
"goto-datalist">
1105 <datalist id=
"goto-datalist"></datalist>
1106 <input type=
"submit" value=
"Go">