I vote +1 Regards, Stan
On Thu, Sep 12, 2019 at 6:45 PM John McCane-Whitney <[email protected]> wrote: > Hi, > > This is a call to vote on the first (alpha) ASF release of the Apache > Milagro (incubating) Decentralized Trust Authority v0.1.0 tag from the > following repository: > > Milagro Decentralized Trust Authority (D-TA): > https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0 > Please see the release notes at the above link for a full description and > release rationale. > > DESCRIPTION SUMMARY: > The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is a > collaborative key management server. It has two primary functions. > > -Issue shares of identity-based Type-3 pairing secrets for initializing > zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of > clients and authentication servers. > -Safeguards shares of generic secrets, acting independently but in > conjunction with other D-TA nodes, for the benefit of other D-TA nodes. > > In the use case where it issues shares, the D-TA holds nothing except for > its Master Secret and acts as a distributed private key generation server. > In the use case where it is safeguarding shares of secrets, it is up to the > application developer to implement back-end application logic to hold those > shares securely. Examples include using Hardware Security Modules (HSMs) > via an on-board PKCS#11 implementation to create a realm of key encryption > keys, or multi-party computation through BLS signature aggregation. > > RELEASE RATIONALE SUMMARY: > By default, the D-TA allows requests from a Principal's D-TA for an > secp256k1 public key from a Fiduciary D-TA and then to subsequently allow > the Principal to request its corresponding private key. Whilst this may > have utility on its own, the Milagro community's intention is to extend the > capability of the server over time to meet many key generation, key storage > and distribution use cases. This will be achieved using the D-TA's plugin > architecture, and to this end, the initial release includes two plugins to > demonstrate the D-TA's extensibility. > > Subsequent releases will enable the D-TA to issue Type-3 pairing/identity > based secrets for "M-Pin" clients and servers ("M-Pin" is a zero-knowledge > authentication protocol in the milagro-crypto-c library that also > facilitates multi-factor authentication). In parallel with this will be a > rewritten release of the Milagro MFA Authentication server (the original > authentication server was conflated with the D-TA function limiting its > security efficacy). > The Milagro community is publishing this release now to elicit feedback > from a wider community that may have interest in an open source, > decentralized key generation, storage and distribution solution. Our > intention is to then to release a series of enhanced versions culminating > with a production-ready GA version. > > Please see the README for build/test instructions and > https://milagro.apache.org/docs/d-ta-overview for a full overview and > usage guide. > > RELEASE FILES: > The repo has the required DISCLAIMER, NOTICE and LICENSE file in its root > directory. All source files have the appropriate license header. No > binaries are included in this release. > > I have successfully built and ran the tests as per the instructions in the > readme file on Ubuntu 18, Ubuntu 19, Debian 10 and MacOS 10.14 Mojave. > > Release links: > Source code archive: > https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz > > SHA512 checksum: > https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.asc > > PGP Signature: > https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.sha512 > > Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS > > VOTING: > This round of voting will remain open for at least 72 hours. All > committers are welcome to vote. 3 x [+1] votes are required to move > forward. If the vote is passed, a second vote is requested from the IPMC. > > Please vote: > [+1] Signatures and checksums verified. Releases built and tests > completed. Release approved. > [0] No opinion > [-1] Release rejected - please include your reasoning. > > Many thanks to all the contributors, > > Regards, > > John > > John McCane-Whitney > Director of Product at Qredo Ltd > T: +44 7966 490687 > 1 Primrose Street > London, UK EC2A 2EX > https://qredo.com > Qredo Ltd is a limited company registered in England and Wales (registered > number 7834052). This e-mail and any attachments are confidential, and are > intended only for the named addressee(s). If you are not the intended > recipient you may not copy, disclose to anyone else or otherwise use the > content of this e-mail or any attachment thereto and should notify the > sender immediately and delete them from your system. > >
