@ #idcon vol.28 https://idcon.connpass.com/event/191305/
Email, Messaging, andSSI/DIDRyo Kajiwara / sylph01@ #idcon, 2020/11/19, ຊޠ࠶์ૹ
View Slide
ҙࣄ߲• ͜ΕͲͪΒ͔ͱ͍͏ͱҙݟද໌ͷΑ͏ͳੑ࣭ͷൃදͰ͢• Ұ࣌ظͷQiitaͰ͍͏ͱ͜ΖͷʮϙΤϜʯ• ٞͷͨΊͷΞΠσΞग़͠Λ͢Δੑ࣭ͷͷͰ͢• ΑͬͯɺϓϩμΫτ։ൃՌͷσϞͰ͋Γ·ͤΜ• ·ͨɺٞલఏʹൈ͚݀༨༟Ͱଘࡏ͢ΔͣͰ͢
TL;DR
SMTPΛΊΖ
Ͳ͏ͬͯΊΔʁ
ϝοηʔδϯάʹٻΊΔੑ࣭• End-to-End҉߸Խ• ࠷֤ۙࠃ͕ban͠Α͏ͱ͍ͯ͠Δͬͯʁ• ҉߸Խ͞Εͨάϧʔϓϝοηʔδϯά• σʔλͷ੍ޚ• identityදݱͷ੍ޚ
Q: ͳΜͰLINE /Facebook Messenger /WhatsApp etc.͕͋ΔͷʹϝʔϧͳΜ͔ͬͯΔͷʁ
Q: ͳΜͰLINE / FacebookMessenger / WhatsApp etc.͕͋ΔͷʹϝʔϧͳΜ͔ͬͯΔͷʁ• SMTPेͳ҉߸ԽೝূΛ͍࣋ͬͯͳ͍• Eϝʔϧ௨ৗEnd-to-End҉߸ԽΛ͍࣋ͬͯͳ͍• PGPS/MIMEΛͬͨͱ͜ΖͰάϧʔϓʹର͢Δ҉߸ԽίϛϡχέʔγϣϯͰ͖ͳ͍• Eϝʔϧʹspam͕͋Δ
Q: ͳΜͰLINE / FacebookMessenger / WhatsApp etc.͕͋ΔͷʹϝʔϧͳΜ͔ͬͯΔͷʁA: ࣄલͷ৴པؔͷͳ͍ਓ͔ΒϝοηʔδΛड͚औΔ͜ͱ͕Ͱ͖Δ
Eϝʔϧʹspam͋Δ͡ΌΜʂ
Eϝʔϧʹspam͕͋ΔͷϓϩτίϧʹΈࠐ·Εͨಗ໊ੑ͕ݪҼ
Eϝʔϧͷಗ໊ੑʮࣄલͷ৴པؔͷͳ͍ਓ͔ΒϝοηʔδΛड͚औΕΔʯͱ͍͏ੑ࣭ిʹ͋ͯ·Δ͕ɺEϝʔϧʹిʹ͋ΔΑ͏ͳanti-abuse mechanismΛ͍࣋ͬͯͳ͍ɻ͜ΕEϝʔϧͷಗ໊ੑʹΑΔͷͰ͋Δɻ• ిΛabuseͨ͠߹ٯ୳͕Մೳ• Eϝʔϧʹ͓͍ͯidentityͷspoofing͕༰қͰɺั·͑Δ͜ͱ͕ࠔ• ͱ͍͏͔Eϝʔϧʹ·ͱͳidentity layer͕ͳ͍
spammerEϝʔϧͷಗ໊ੑΛͬͯѱࣄΛಇ͘
ͦͦಗ໊ͷEϝʔϧɺཉ͍͠ʁಗ໊ͷEϝʔϧߴ֬Ͱspamɻ৽ͨʹ৴པؔ݁ͼ͍ͨ߹ಗ໊Ͱ͋Δ͜ͱʹ͍͍͜ͱͦΜͳʹͳ͍ɻ
͡Ό͋S/MIMEΛશҬతʹ͍͍͑ͷͰʁ
S/MIMEͷ• ߴ͍• ൃߦ͞Εͨ༻్ʹറΒΕΔ• ͋Δূ໌ॻಛఆͷorganizationʹ͓͚ΔॴଐΛূ໌ͯ͘͠ΕΔ͔͠Εͳ͍͕• ΠϯλʔωοτͰৗʹͦͷಛఆͷࢠΛͣͬͱ͔Ϳ͍͍͔ͬͯͨͱ͍͏ͱͦ͏Ͱͳ͍• ෳͷূ໌ॻ͍͍͑͡ΌΜʁ1ߦʹΔ
ͬͱυϥεςΟοΫͳղ๏:ϚΠφϯόʔΧʔυͷূ໌ॻͰsign͞ΕͨϝʔϧͳΒࣗಈతʹड͚ೖΕΔ
୭ϚΠφϯόʔʹඥ͍ͨΞΧϯτͰspamͳΜ͔͠ͳ͍Ͱ͠ΐʁ
·͋Θ͟Θ͟SSI/DIDͷฉ͖ʹདྷΔํͳΒ͜ΕͷԿ͕ා͍͔Θ͔Δͱࢥ͍·͕͢
Eϝʔϧͷself-sovereignੑSMTP/POP/IMAPͱͱself-sovereignੑΛຬͨ͢ϓϩτίϧͰ͋ͬͨɻࣗͰαʔόʔཱͯΔݶΓɻ• ࣗͰIDΛൃߦͰ͖Δ• ༻్ʹԠͯ͡IDΛ͍͚Δ͜ͱ͕Ͱ͖Δ• ࣗͷσʔλͷίϯτϩʔϧࣗͰ࣋ͭ͜ͱ͕Ͱ͖Δ
Eϝʔϧͷself-sovereignੑ࠷ۙ୭ͦΜͳ͜ͱ͠ͳ͍ɻ• SMTP: దʹೝূ͢Δͷ͕͍͠ɻઃఆ1ݸͰؒҧ͑Δͱspamͷ౿Έɻ• IMAP: ϚϧνσόΠεΞΫηεͳΒඞਢɻ͚ͩͲετϨʔδཧࠈʹؕΔ݁Ռɺຊདྷself-sovereignͰ͋Δͣͷϓϩτίϧͳͷ͕ͩɺதԝूݖԽΛڐͯ͠͠·ͬͨ
Eϝʔϧͷself-sovereignੑEϝʔϧͷதԝूݖԽspamͷΛΑΓѱԽ͍ͤͯ͞ΔɻதԝूݖతEϝʔϧϓϩόΠμͷspamϑΟϧλͷಈ࡞ʹेͳಁ໌ੑ͕ͳ͘ɺѱҙͷͳ͍ϝʔϧͰ͢ΒspamϑΟϧλʹҿ·ΕΔɻதԝूݖతEϝʔϧϓϩόΠμΛར༻͍ͯ͠ͳ͍ϝʔϧspamϑΟϧλΛ৴༻ͤ͞Δ͜ͱ͕͘͠ͳΓɺΑΓதԝूݖԽ͕ਐΉʢಁ໌ੑ͕͋ͬͨΒ͋ͬͨͰspamۀऀ͕ͦΕΛᷖճͯ͘͠ΔͷͰϚζ͍ͱ͍͑ͦͷͱ͓Γ͕ͩ…ʣ
"Principles of User Sovereignty /Fundamental Problems of DistributedSystems" @ IIW30ʮࢄγεςϜͷ๊͑ΔࠜຊతͳΛղܾͰ͖ͳ͍ͱ͖ɺͦΕاۀʹΑΔதԝूݖԽ(corporate capture)ΛࣗΒڐͯ͠͠·͏ʯEϝʔϧ·͞ʹ͜ͷ࠷ͨΔྫͰ͋ΔɻࢄγεςϜ๊͕͑Δຊ࣭తͳʹରͯ͠ेͳղܾ͕ͳ͞Εͳ͔ͬͨͨΊɺاۀͦ͜ʹϚωλΠζͷػձΛݟग़͠ɺதԝूݖԽͯ͠͠·ͬͨɻ
"Fundamental Problems ofDistributed Systems"ྫ:• ϊʔυͷσΟεΧόϦʔ(Eϝʔϧͷ߹ૹ৴ઌͷ֬ఆʹඞཁ)• ϊʔυ͕ωοτϫʔΫʹࢀՃ͢Δࡍͷηογϣϯͷཱ֬(introduction)• ϓϥΠόγʔ(ظతͳؔ࿈͚ͷࢠ)• τϥετ
Eϝʔϧ͕digital identityͷ֩ͱͳΔ͜ͱͷා͍ύεϫʔυΕͨͱ͖ͷϦηοτ͍͍ͩͨEϝʔϧΛ௨ͯ͠ߦΘΕ·͢Ͷʁ→Eϝʔϧ͕ͬऔΒΕΔͱ͋ͳͨͷΠϯλʔωοτ্ͷidentityશͯͬऔΕ·͢ɻsecure messaging͕ସͰ͖Δ͔Ͳ͏͔͓͖ͯ͞ɺेʹηΩϡΞͰͳ͍ϓϩτίϧ/ΤίγεςϜΛdigital identityͷ֩ͱ͢ΔͷةݥͰ͋ΓɺସΛߟ͑Δඞཁ͕͋Δɻ
Ͳ͏ͨ͠ΒղܾͰ͖Δʁ
༧ઢ:͜Εͬͯཁ͢ΔʹBetterPGPͷͩΑͶʁ→ͬͯΔɻ
Verifiable CredentialΛ༻͍ͨEϝʔϧ֤τϥϯβΫγϣϯʢ͜͜ͰEϝʔϧͷΓͱΓʹ૬͢Δʣ͝ͱʹҟͳΔidentityͷදݱΛΓग़ͯ͠͏ʹͲ͏͢ΕΑ͍͔ʁˠಛఆͷidentityͷදݱʹରԠ͢Δverifiable credentialΛ͑Α͍spamϑΟϧλEϝʔϧʹؔ࿈͍ͮͨVCͷਖ਼ੑɾ৴པΛఆ͢Δ
Verifiable CredentialΛ༻͍ͨEϝʔϧԿ͕خ͍͠ʁ• ૹ৴ऀ: ʢϝʔϧ͕ਖ਼ͳ༻్Ͱ͋ΔݶΓʣspamϑΟϧλʹͻ͔͔ͬΔ͜ͱ͕ݮΔ• ͍ͭͰʹɺৗʹެࣜͳࢠ͔Ϳͬͯͳͯ͘Α͍• ड৴ऀ: spam͕ݮΔɺ·ͱͳϝʔϧ͕ड৴ശʹೖͬͯ͘Δ• ͪΌΜͱͨ͠ϓϩτίϧ֦ுΛ͢ΕݱࡏͷSMTPͷΤίγεςϜͱڞଘͰ͖Δ
Messaging Layer Securityhttps://messaginglayersecurity.rocks/ηΩϡΞͰinteroperableͳάϧʔϓϝοηʔδϯάͷͨΊͷϓϩτίϧΛఆٛ͠Α͏ͱ͍ͯ͠ΔIETFͷWGɻEnd-to-End҉߸ԽΛ࣋ͭʢͦΕͦ͏ʣɺ҉߸Խάϧʔϓϝοηʔδϯά͕ՄೳಛఆͷϓϥοτϑΥʔϜʹ͓͚ΔID͕ඞཁ
DIDCommAries RFC 0005: DID Communication Ͱઆ໌͞Ε͍ͯΔDID Agentಉ࢜ͷίϛϡχέʔγϣϯϝΧχζϜɻDIDCommͱ͍͏ϓϩτίϧ͕͋Δɺͱ͍͏ΑΓDIDCommͷ্ʹ֤ΞϓϦέʔγϣϯ͝ͱͷϓϩτίϧΛ࣮͢Δɺͱ͍͏΄͏͕ͯ·ΔɻExplainerͰ˓×ήʔϜ༻ͷϓϩτίϧΛDIDCommͷ্Ͱ࣮͍ͯ͠Δɻ
DIDCommओͳಛͱͯ͠ɺʮඇಉظɺ୯ํ(simplex)ͷϝοηʔδϯάͰ͋ΔʯʮτϥϯεϙʔτґଘੑΛ࣋ͨͳ͍(transport-agnostic)ʯʮEnd-to-end҉߸Խ͞Ε͍ͯΔʯͱ͍͏ੑ࣭͕͋ΔɻૹΓઌͷൃݟ(discovery)DID RelationshipͷߏஙʹΑͬͯߦΘΕΔɻ
·ͱΊ• Eϝʔϧͷͱͯ͠ʮ҉߸Խ͕ेͰͳ͍ʯ͜ͱʹՃ͑ͯʮ·ͱͳidentity layer͕ͳ͍ʯͱ͍͏͕͋Δ• identity layerͷߏஙΛதԝूݖԽ͞ΕͨEϝʔϧϓϩόΠμʹ·͔ͤͯ͠·͏ͱEϝʔϧͷࡏతͳself-sovereignੑΛࣦͬͯ͠·͏• DIDVCٕज़ͰEϝʔϧͷidentity layerΛ࡞Δ͔ɺͦͦDIDʹΑΔidentity layerΛ࣋ͭϓϩτίϧͰ͋ΔDIDCommʹ͔ͬͬͯ͠·͏ͷ͕Α͍ͷͰʁ