Open Trust Alliance

 

A community driven, decentralized and open trust service provider for identity verification without a central authority based on OpenPGP.

 

Table of contents

Motivation

Designing a digital identification, authentication and trust service provider as

Preliminary Remark

We want to build a trust network suitable for many types of users or projects, such as Bitnation, Free Private Cities, Libertarian Societies / Friendly Societies, Homo Socialis, partners of Liberland, Honduras Próspera, and others.
This for signatures, identification, authentication, email and document encryption, all based on Pretty Good Privacy (PGP) - or rather, based on the open standard OpenPGP (RFC 4880), and its open-source implementations, such as GnuPG, and many other existing tools, applications, smartphone apps, etc.

In short, it's the use of OpenPGP with cooperating trust boards as a Root-CA (meta introducer in PGP terms), combined with tamper-proof hardware keys with on-device key generation. This would be possible with existing hard- and software, and would be similar (see survey in German) to so called qualified electronic signatures of the eIDAS in the European Union (No 910/2014) and Switzerland.

In essence, we want to show a solution for online identity verification without a central authority.

This is a proposal and we welcome every discussion!

Abstract

If you have to sign a document or a contract, or you receive such from somebody, you both want to be sure that the authenticity and/or identity of the sender and/or signer - most important the real person behind - is that who claims for it, and that the document or contract has not, and can not, be modified. Sometimes it's also essential that no one else can read the content, other than those for whom it is intended. This, and more, can be achieved with cryptographic methods, techniques that have been used for decades.
The core task, however, is how can a user prove which real person is the owner of its key. This can be provided by a central trust service provider, like a government body.

OpenPGP goes another way, using a decentralized web of trust to establish the authenticity of the binding between the user's key and its owner, as well as its identity if wanted. You certify your friends you know and have some kind of trust with, those certify their friends, and so on. A common tool is key signing parties, where unknown users meet together and mutually verify their identities. The disadvantage is that there can be a very long path of trust, or no existing path between two parties, and for new users it can take some time building enough trust.

OpenPGP also provides a hierarchical trust model where, for example, a company can act as a certificate authority for all its employees. Or, an alliance of notaries and lawyers holds a common root certificate as the root certificate authority (meta introducer), and each notary and lawyer (as trusted introducer) can certify their clients. With this structure each client of any alliance member can then prove their own authenticity and/or identity to others, and is able to verify those of each other if needed. Unfortunately, an "official" - or better "trusted" - alliance of certificate authorities for the PGP network does not exist yet.

The aim of this proposal is to build such an alliance of trusted certificate authorities (trust alliance), so that any group or project will be able to offer fast and strong OpenPGP certificates for its residents or members who are interested in this.

Concept

As an example, some members of a Bitnation (or Free Private Cities, Libertarian Societies / Friendly Societies, Homo Socialis, ...) establish its own trust alliance holding one root certificate as the root certificate authority (meta introducer).

Every member (trust alliance member) who is interested in, and is seen as trustworthy by its community, or instead those that are also checked and approved by its community authority, and has signed a behaviour agreement (with significant legal consequences in disregarding), can act as certificate authority (trusted introducer) and can issue OpenPGP certificates for asking users/residents/business/... Technically, in PGP terms the trust alliance members become a certificate authority (trusted introducer) by getting a trust signature of depth 1 from the root certificate, held by the trust alliance.

Every user/resident/business/... of its community can ask for a certificate, so that it will be able to prove its authenticity and/or identity to others, use digital signatures, etc. Actually, every user inside and outside its community could use this service. The trust alliance members can get rewarded with a little fee for doing this job (let's say $10 for certifying, a work of 10 minutes).

Users can get different certificate levels, depending on the strength of proof of their identity. There will be an exactly defined and published certification policy. For a short summary:

Level 1 Certificate

It was verified that the owner of the key is also the recipient of the email address contained in the specific keys user id, but there was no proof of identity at all. This is useful for a key of a pseudonymous user.

Level 2 Certificate

Some casual verification on the claim of identity was done. This can be one of the following methods:

Level 3 Certificate

Some substantial verification of the claim of identity was carried out. This can be one of the following methods:

 

The trust alliance member has to exactly follow all steps defined in the certification policy as well of the privacy policy (e.g. to delete all received documents in his computer/mailbox, delete the users public key to prevent accidental sending to a public keyserver, ...).

For more security, tamper-proof hardware keys with on-device key generation (e.g. smart cards, dongles like NitroKey, YubiKey) are recommended. For certificates made by trust alliance members they are obligatory, as well as an own level 3 certificate.

Users with an identity verification in person as well an on-device key generation in presence of the trusted alliance member (certifier) with his testimony, will get a certificate notation which then will be similar to a qualified signature in the EU.

Certified public keys will also get a trusted timestamp (e.g. OpenTimestamps, FreeTSA). This ensures that the users certificates can stay valid (or easily rebuild) even in the worst case if the trust alliance root certificate or its members trusted signatures have to be revoked.

One problem is that if a single trust alliance member behaves with malicious intent, then trust will be destroyed. Once trust is destroyed, it can hardly be rebuilt, and all work building a network of trust will be lost. Because of this, the trust alliance's certification policy requires at least 3 certificates by different and randomly chosen trust alliance members (technically OpenPGP achieves this by trust signatures with partial trust amount for its trusted introducers). This not only protects the trust alliance's assets, its trustability, it also significantly strengthens the users' certificates. Certificates from 3 personally unknown certifiers may well be a minimum anyway, for it to be seen by most users as truly trustworthy.

Trust is the most valuable asset of a society, more than all other assets together.

The one root certificate from the trust alliance is secured through hardware key, key revocation and users timestamps. With a second root layer, e.g. a 3-of-5 board of root authorities (trust board), any possible single point of attack could be avoided (technically again through trusted signatures with partial trust amount - the root certificate private key could then be deleted or held together with its revocation certificates by the trust board secured with secret sharing, e.g. ssss).

The big advantages are that no centralized technical infrastructure has to be built or maintained, no sensitive user data, nor their public keys, has to be held, secured or backed up by the trust alliance, no single point of failure, no single point of attack. Once the user's public key is certified, only the user holds their public and private keys, and will share their public key with the parties they want to.

The public keys from the trust alliance (root certificate) and its trust alliance members (certifiers), are publicly stored on the worldwide pool of keyservers. The certifier's private keys are only existing as hardware keys (e.g. smart cards, dongles like NitroKey, YubiKey), they can not be attacked without physical access, and even then this can hardly be done without knowing it's secret pin (even then, the attacker would have to get access to the private keys of at least 3 certifiers, and then would have to act faster than the time it takes for the keys to be revoked).

The big advantage of the trust models used in OpenPGP is it's decentralized and extendible character. The hierarchical trust model of the described trust alliance can fit perfectly into the overall OpenPGP's worldwide web of trust as well, as it can be combined with another higher-ordered hierarchical trust structure.

So for example, a Bitnation could decide to trust its own trust alliance, as well as other alliances - for example of a Free Private Cities, Libertarian Societies / Friendly Societies, Homo Socialis, ... - to an overall trust aliance. It's an open, interoperable and growing network of trust. It could also be used within the coming Decentralized Identifier Network.

And all this for practically no cost, no single point of failure, no single point of attack.

Conclusion

Having read all this, it must seem very complicated. But in the end, for the general user, it's only using their preferred standard program or app for signing and verifying their documents and contracts.

 

© OpenTrustAlliance.org – Version 2019-06-01 – Contact: Friendly Societies, Homo Socialis