Show HN: Stamp – A Cryptographic Identity System Hi, everyone. Been playing around with this recently as a sort of PGP successor. It's not all there yet, and I know it's missing some things from PGP, but I figured why not get a start and see what kind of interest/support it might get. https://ift.tt/3nguCzp Effectively, this is a key management system that allows building and signing ("stamping") various claims about yourself and about others. The eventual goal is to create easy-to-use implementations of the protocol that allow logging in to websites or managing cryptographic keys for various security-conscious applications. Secure, simple distributed key management for cryptography and identity management. Currently Stamp uses crypto primitives found in libsodium, but is also built such that different algorithms can be added as needed. The identity itself is set up as a DAG which is appended to by signing transactions with an opinionated set of keys. A DAG was chosen so parallel offline updates could be made and merged later. One of Stamp's main features is it allows recovery of the identity via a pre-determined recovery policy, using signatures from trusted keys (friends, family, institutional providers). Think of it as sort of a multisig recovery mechanism. A few things I'm actively exploring: - A storage network (https://ift.tt/3zWFBBO). This would necessarily need to be some sort of p2p system, and hopefully not blockchain-based as I believe the consensus/validation used in blockchain systems are superfluous to identity storage and retrieval. - Putting stamp on USB keys/embedded devices (ARM TrustZone, RISC-V PMP, etc) so it can be used in more trusted environments. - Some sort of FIDO2 interop would be great so Stamp could act as a login system without having to re-tool a bunch of stuff. There's also a somewhat-incomplete CLI implementation of the protocol here: https://ift.tt/3z649ap. This allows creation of identities, creating and stamping claims, automatic verification of certain claims (www/DNS), as well as cryptographic messaging/signing tools. Let me know what you think! What's good, what's bad, what's missing, etc. Obviously it's early days so more feedback is better. September 9, 2021 at 02:07AM
Show HN: Launch VM workloads securely and instantaneously, without VMs Hello HN! We've been working on a new hypervisor https://kwarantine.xyz that can run strongly isolated containers. This is still a WIP, but we wanted to give the community an idea about our approach, its benefits, and various use cases it unlocks. Today, VMs are used to host containers, and make up for the lack of strong security as well as kernel isolation in containers. This work adds this missing security piece in containers. We plan on launching a free private beta soon. Meanwhile, we'd deeply appreciate any feedback, and happy to answer any questions here or on our slack channel. Thanks! April 29, 2021 at 07:50AM
Comments