Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Email, Messaging, and SSI/DID (再放送)
Search
sylph01
November 19, 2020
Technology
0
1.5k
Email, Messaging, and SSI/DID (再放送)
@ #idcon vol.28
https://idcon.connpass.com/event/191305/
sylph01
November 19, 2020
Tweet
Share
More Decks by sylph01
See All by sylph01
Updates on MLS on Ruby (and maybe more)
sylph01
1
190
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (RubyConf Taiwan 2025 ver.)
sylph01
1
95
PicoRuby's Networking is Incomplete
sylph01
1
44
The Definitive? Guide To Locally Organizing RubyKaigi
sylph01
6
1.7k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
sylph01
1
130
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
sylph01
2
640
Introduction to C Extensions
sylph01
3
210
"Actual" Security in Microcontroller Ruby!?
sylph01
0
160
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
75
Other Decks in Technology
See All in Technology
Optuna DashboardにおけるPLaMo2連携機能の紹介 / PFN LLM セミナー
pfn
PRO
1
870
Modern_Data_Stack最新動向クイズ_買収_AI_激動の2025年_.pdf
sagara
0
200
LLMアプリケーション開発におけるセキュリティリスクと対策 / LLM Application Security
flatt_security
7
1.8k
非エンジニアのあなたもできる&もうやってる!コンテキストエンジニアリング
findy_eventslides
3
900
Geospatialの世界最前線を探る [2025年版]
dayjournal
3
490
Oracle Cloud Infrastructure:2025年9月度サービス・アップデート
oracle4engineer
PRO
0
390
AIAgentの限界を超え、 現場を動かすWorkflowAgentの設計と実践
miyatakoji
0
130
神回のメカニズムと再現方法/Mechanisms and Playbook for Kamikai scrumat2025
moriyuya
4
510
SREとソフトウェア開発者の合同チームはどのようにS3のコストを削減したか?
muziyoshiz
1
100
From Prompt to Product @ How to Web 2025, Bucharest, Romania
janwerner
0
120
extension 現場で使えるXcodeショートカット一覧
ktombow
0
210
成長自己責任時代のあるきかた/How to navigate the era of personal responsibility for growth
kwappa
3
260
Featured
See All Featured
Why You Should Never Use an ORM
jnunemaker
PRO
59
9.6k
Site-Speed That Sticks
csswizardry
11
880
The Language of Interfaces
destraynor
162
25k
The Power of CSS Pseudo Elements
geoffreycrofte
79
6k
Side Projects
sachag
455
43k
What's in a price? How to price your products and services
michaelherold
246
12k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
How to Think Like a Performance Engineer
csswizardry
27
2k
Testing 201, or: Great Expectations
jmmastey
45
7.7k
Automating Front-end Workflow
addyosmani
1371
200k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
188
55k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Transcript
Email, Messaging, and SSI/DID Ryo Kajiwara / sylph01 @ #idcon,
2020/11/19, ຊޠ࠶์ૹ
ҙࣄ߲ • ͜ΕͲͪΒ͔ͱ͍͏ͱҙݟද໌ͷΑ͏ͳੑ࣭ͷൃදͰ͢ • Ұ࣌ظͷQiitaͰ͍͏ͱ͜ΖͷʮϙΤϜʯ • ٞͷͨΊͷΞΠσΞग़͠Λ͢Δੑ࣭ͷͷͰ͢ • ΑͬͯɺϓϩμΫτ։ൃՌͷσϞͰ͋Γ·ͤΜ •
·ͨɺٞલఏʹൈ͚݀༨༟Ͱଘࡏ͢ΔͣͰ͢
None
TL;DR
SMTPΛ ΊΖ
Ͳ͏ͬͯ ΊΔʁ
None
ϝοηʔδϯάʹٻΊΔੑ࣭ • End-to-End҉߸Խ • ࠷֤ۙࠃ͕ban͠Α͏ͱ͍ͯ͠Δͬͯʁ • ҉߸Խ͞Εͨάϧʔϓϝοηʔδϯά • σʔλͷ੍ޚ •
identityදݱͷ੍ޚ
Q: ͳΜͰLINE / Facebook Messenger / WhatsApp etc.͕͋Δͷ ʹϝʔϧͳΜ͔ͬͯ Δͷʁ
Q: ͳΜͰLINE / Facebook Messenger / WhatsApp etc.͕͋Δͷ ʹϝʔϧͳΜ͔ͬͯΔͷʁ •
SMTPेͳ҉߸ԽೝূΛ͍࣋ͬͯͳ͍ • Eϝʔϧ௨ৗEnd-to-End҉߸ԽΛ͍࣋ͬͯͳ͍ • PGPS/MIMEΛͬͨͱ͜ΖͰάϧʔϓʹର͢Δ҉߸Խί ϛϡχέʔγϣϯͰ͖ͳ͍ • Eϝʔϧʹspam͕͋Δ
Q: ͳΜͰLINE / Facebook Messenger / WhatsApp etc.͕͋Δͷ ʹϝʔϧͳΜ͔ͬͯΔͷʁ A:
ࣄલͷ৴པؔͷͳ͍ਓ͔Β ϝοηʔδΛड͚औΔ͜ͱ͕Ͱ͖Δ
Eϝʔϧʹspam͋Δ ͡ΌΜʂ
Eϝʔϧʹspam͕͋Δ ͷϓϩτίϧʹΈ ࠐ·Εͨಗ໊ੑ͕ݪҼ
Eϝʔϧͷಗ໊ੑ ʮࣄલͷ৴པؔͷͳ͍ਓ͔ΒϝοηʔδΛड͚औΕΔʯͱ͍͏ ੑ࣭ిʹ͋ͯ·Δ͕ɺEϝʔϧʹిʹ͋ΔΑ͏ͳ anti-abuse mechanismΛ͍࣋ͬͯͳ͍ɻ͜ΕEϝʔϧͷಗ໊ੑʹ ΑΔͷͰ͋Δɻ • ిΛabuseͨ͠߹ٯ୳͕Մೳ • Eϝʔϧʹ͓͍ͯidentityͷspoofing͕༰қͰɺั·͑Δ͜ͱ͕
ࠔ • ͱ͍͏͔Eϝʔϧʹ·ͱͳidentity layer͕ͳ͍
spammerEϝʔϧͷ ಗ໊ੑΛͬͯѱࣄΛ ಇ͘
ͦͦಗ໊ͷEϝʔϧɺཉ ͍͠ʁ ಗ໊ͷEϝʔϧߴ֬Ͱspamɻ ৽ͨʹ৴པؔ݁ͼ͍ͨ߹ಗ໊Ͱ͋Δ͜ͱʹ͍͍͜ͱͦΜͳ ʹͳ͍ɻ
͡Ό͋S/MIMEΛશҬత ʹ͍͍͑ͷͰʁ
S/MIMEͷ • ߴ͍ • ൃߦ͞Εͨ༻్ʹറΒΕΔ • ͋Δূ໌ॻಛఆͷorganizationʹ͓͚ΔॴଐΛূ໌ͯ͘͠Ε Δ͔͠Εͳ͍͕ • ΠϯλʔωοτͰৗʹͦͷಛఆͷࢠΛͣͬͱ͔Ϳ͍ͬͯͨ
͍͔ͱ͍͏ͱͦ͏Ͱͳ͍ • ෳͷূ໌ॻ͍͍͑͡ΌΜʁ1ߦʹΔ
ͬͱυϥεςΟοΫͳղ๏: ϚΠφϯόʔΧʔυͷ ূ໌ॻͰsign͞Εͨ ϝʔϧͳΒࣗಈతʹड ͚ೖΕΔ
୭ϚΠφϯόʔʹඥ ͍ͨΞΧϯτͰ spamͳΜ͔͠ͳ͍Ͱ ͠ΐʁ
·͋Θ͟Θ͟SSI/DIDͷ ฉ͖ʹདྷΔํͳΒ͜ ΕͷԿ͕ා͍͔Θ͔ Δͱࢥ͍·͕͢
None
Eϝʔϧͷself-sovereignੑ SMTP/POP/IMAPͱͱself-sovereignੑΛຬͨ͢ϓϩτίϧͰ ͋ͬͨɻࣗͰαʔόʔཱͯΔݶΓɻ • ࣗͰIDΛൃߦͰ͖Δ • ༻్ʹԠͯ͡IDΛ͍͚Δ͜ͱ͕Ͱ͖Δ • ࣗͷσʔλͷίϯτϩʔϧࣗͰ࣋ͭ͜ͱ͕Ͱ͖Δ
Eϝʔϧͷself-sovereignੑ ࠷ۙ୭ͦΜͳ͜ͱ͠ͳ͍ɻ • SMTP: దʹೝূ͢Δͷ͕͍͠ɻઃఆ1ݸͰؒҧ͑Δͱ spamͷ౿Έɻ • IMAP: ϚϧνσόΠεΞΫηεͳΒඞਢɻ͚ͩͲετϨʔδཧ ࠈʹؕΔ
݁Ռɺຊདྷself-sovereignͰ͋Δͣͷϓϩτίϧͳͷ͕ͩɺதԝ ूݖԽΛڐͯ͠͠·ͬͨ
Eϝʔϧͷself-sovereignੑ EϝʔϧͷதԝूݖԽspamͷΛΑΓѱԽ͍ͤͯ͞Δɻதԝ ूݖతEϝʔϧϓϩόΠμͷspamϑΟϧλͷಈ࡞ʹेͳಁ໌ੑ͕ ͳ͘ɺѱҙͷͳ͍ϝʔϧͰ͢ΒspamϑΟϧλʹҿ·ΕΔɻதԝू ݖతEϝʔϧϓϩόΠμΛར༻͍ͯ͠ͳ͍ϝʔϧspamϑΟϧλΛ ৴༻ͤ͞Δ͜ͱ͕͘͠ͳΓɺΑΓதԝूݖԽ͕ਐΉ ʢಁ໌ੑ͕͋ͬͨΒ͋ͬͨͰspamۀऀ͕ͦΕΛᷖճͯ͘͠ΔͷͰ Ϛζ͍ͱ͍͑ͦͷͱ͓Γ͕ͩ…ʣ
"Principles of User Sovereignty / Fundamental Problems of Distributed Systems"
@ IIW30 ʮࢄγεςϜͷ๊͑ΔࠜຊతͳΛղܾͰ͖ͳ͍ͱ͖ɺͦΕ اۀʹΑΔதԝूݖԽ(corporate capture)ΛࣗΒڐͯ͠͠·͏ʯ Eϝʔϧ·͞ʹ͜ͷ࠷ͨΔྫͰ͋ΔɻࢄγεςϜ๊͕͑Δຊ࣭ తͳʹରͯ͠ेͳղܾ͕ͳ͞Εͳ͔ͬͨͨΊɺاۀͦ͜ ʹϚωλΠζͷػձΛݟग़͠ɺதԝूݖԽͯ͠͠·ͬͨɻ
"Fundamental Problems of Distributed Systems" ྫ: • ϊʔυͷσΟεΧόϦʔ(Eϝʔϧͷ߹ૹ৴ઌͷ֬ఆʹඞཁ) • ϊʔυ͕ωοτϫʔΫʹࢀՃ͢Δࡍͷηογϣϯͷཱ֬
(introduction) • ϓϥΠόγʔ(ظతͳؔ࿈͚ͷࢠ) • τϥετ
Eϝʔϧ͕digital identityͷ֩ͱͳΔ ͜ͱͷා͍ ύεϫʔυΕͨͱ͖ͷϦηοτ͍͍ͩͨEϝʔϧΛ௨ͯ͠ߦΘ Ε·͢Ͷʁ →Eϝʔϧ͕ͬऔΒΕΔͱ͋ͳͨͷΠϯλʔωοτ্ͷidentity શͯͬऔΕ·͢ɻ secure messaging͕ସͰ͖Δ͔Ͳ͏͔͓͖ͯ͞ɺेʹηΩϡ ΞͰͳ͍ϓϩτίϧ/ΤίγεςϜΛdigital
identityͷ֩ͱ͢Δͷ ةݥͰ͋ΓɺସΛߟ͑Δඞཁ͕͋Δɻ
None
Ͳ͏ͨ͠ΒղܾͰ͖ Δʁ
༧ઢ: ͜Εͬͯཁ͢ΔʹBetter PGPͷͩΑͶʁ →ͬͯΔɻ
Verifiable CredentialΛ༻͍ͨEϝʔϧ ֤τϥϯβΫγϣϯʢ͜͜ͰEϝʔϧͷΓͱΓʹ૬͢Δʣ͝ ͱʹҟͳΔidentityͷදݱΛΓग़ͯ͠͏ʹͲ͏͢ΕΑ͍ ͔ʁˠಛఆͷidentityͷදݱʹରԠ͢Δverifiable credentialΛ͑ Α͍ spamϑΟϧλEϝʔϧʹؔ࿈͍ͮͨVCͷਖ਼ੑɾ৴པΛఆ ͢Δ
Verifiable CredentialΛ༻͍ͨEϝʔϧ Կ͕خ͍͠ʁ • ૹ৴ऀ: ʢϝʔϧ͕ਖ਼ͳ༻్Ͱ͋ΔݶΓʣspamϑΟϧλʹ ͻ͔͔ͬΔ͜ͱ͕ݮΔ • ͍ͭͰʹɺৗʹެࣜͳࢠ͔Ϳͬͯͳͯ͘Α͍ •
ड৴ऀ: spam͕ݮΔɺ·ͱͳϝʔϧ͕ड৴ശʹೖͬͯ͘Δ • ͪΌΜͱͨ͠ϓϩτίϧ֦ுΛ͢ΕݱࡏͷSMTPͷΤίγες ϜͱڞଘͰ͖Δ
Messaging Layer Security https://messaginglayersecurity.rocks/ ηΩϡΞͰinteroperableͳάϧʔϓϝοηʔδϯάͷͨΊͷϓϩτ ίϧΛఆٛ͠Α͏ͱ͍ͯ͠ΔIETFͷWGɻ End-to-End҉߸ԽΛ࣋ͭʢͦΕͦ͏ʣɺ҉߸Խάϧʔϓϝο ηʔδϯά͕Մೳ ಛఆͷϓϥοτϑΥʔϜʹ͓͚ΔID͕ඞཁ
DIDComm Aries RFC 0005: DID Communication Ͱઆ໌͞Ε͍ͯΔDID Agentಉ࢜ ͷίϛϡχέʔγϣϯϝΧχζϜɻ DIDCommͱ͍͏ϓϩτίϧ͕͋Δɺͱ͍͏ΑΓDIDCommͷ্ʹ
֤ΞϓϦέʔγϣϯ͝ͱͷϓϩτίϧΛ࣮͢Δɺͱ͍͏΄͏͕ ͯ·ΔɻExplainerͰ˓×ήʔϜ༻ͷϓϩτίϧΛDIDCommͷ ্Ͱ࣮͍ͯ͠Δɻ
DIDComm ओͳಛͱͯ͠ɺʮඇಉظɺ୯ํ(simplex)ͷϝοηʔδϯάͰ͋ ΔʯʮτϥϯεϙʔτґଘੑΛ࣋ͨͳ͍(transport-agnostic)ʯ ʮEnd-to-end҉߸Խ͞Ε͍ͯΔʯͱ͍͏ੑ࣭͕͋Δɻ ૹΓઌͷൃݟ(discovery)DID RelationshipͷߏஙʹΑͬͯߦΘΕ Δɻ
None
·ͱΊ • Eϝʔϧͷͱͯ͠ʮ҉߸Խ͕ेͰͳ͍ʯ͜ͱʹՃ͑ͯʮ· ͱͳidentity layer͕ͳ͍ʯͱ͍͏͕͋Δ • identity layerͷߏஙΛதԝूݖԽ͞ΕͨEϝʔϧϓϩόΠμʹ· ͔ͤͯ͠·͏ͱEϝʔϧͷࡏతͳself-sovereignੑΛࣦͬͯ͠ ·͏
• DIDVCٕज़ͰEϝʔϧͷidentity layerΛ࡞Δ͔ɺͦͦDIDʹ ΑΔidentity layerΛ࣋ͭϓϩτίϧͰ͋ΔDIDCommʹ͔ͬͬ ͯ͠·͏ͷ͕Α͍ͷͰʁ