Weekly catchup Log

08:04:00 <dan-shearer[m]> #startmeeting 
08:04:00 <lumosql-meetbot> dan-shearer[m]: Meeting started at 2022-08-05T08:04+0000
08:04:01 <lumosql-meetbot> dan-shearer[m]: Current chairs: dan-shearer[m]
08:04:02 <lumosql-meetbot> dan-shearer[m]: Useful commands: #action #info #idea #link #topic #motion #vote #close #endmeeting
08:04:03 <lumosql-meetbot> dan-shearer[m]: See also: https://hcoop-meetbot.readthedocs.io/en/stable/
08:04:04 <lumosql-meetbot> dan-shearer[m]: Participants should now identify themselves with '#here' or with an alias like '#here FirstLast'
08:04:14 <dan-shearer[m]> #here Dan
08:04:26 <moonshine[m]> #here Gabby
08:04:26 <bjk621[m]> #here Björn
08:04:41 <Labhraich> #here Claudio
08:05:13 <dan-shearer[m]> And good morning all. Ruben is of course on holiday.
08:05:28 <dan-shearer[m]> #topic Overview and administration
08:06:15 <dan-shearer[m]> Björn, can you confirm that as far as you know all financial admin is complete? There was some boring problem with a reimbursement, I cannot remember the details. Is that fixed?
08:06:38 <bjk621[m]> No. This is the sour toe
08:07:05 <dan-shearer[m]> #info Björn is still doing an administration task related to reimbursements.
08:07:08 <MartinaPalmucci[> #here Martina
08:07:19 <dan-shearer[m]> I'm sure you understand all the details and we can leave it with you.
08:07:38 <dan-shearer[m]> Welcome Martina! I even possibly have a maths question for you later :-)
08:07:51 <bjk621[m]> Yes. As my huge rain gutter project is done (almost) i have time
08:08:55 <dan-shearer[m]> You know I think you're confused, fixing your roof in summer when there isn't any rain anyway to cause a problem
08:10:25 <bjk621[m]> Crazy is the word
08:10:54 <dan-shearer[m]> So as a reminder, team status is that Dan continues to be more and more present, Ruben is full time when he returns from holiday middle of August, and Claudio is making progress.
08:11:13 <Labhraich> I'm convincing myself that I can do something productive again
08:11:24 <dan-shearer[m]> Yesterday I started a review of documentation including the RFC.
08:11:37 <Labhraich> Although I need to shut down that RISC-V and look at sqlite 3.39.* and API...
08:11:57 <dan-shearer[m]> Gabby I have no idea what you have been up to because I have not been communicating. How are you?
08:12:14 <bjk621[m]> The rfc can become urgent sooner than later
08:12:58 <dan-shearer[m]> Ruben will be doing two things, according to our discussions: 1. Implementing the proof of concept of Lumions and 2. Documenting in the RFC as he goes.
08:13:54 <dan-shearer[m]> I am updating for our current understanding of Attribute-based encryption. The design is not too bad according to other people, but there were many things I didn't understand when I wrote it.
08:14:38 <bjk621[m]> At the end of this meeting or at next I would like us to tick-off the milestones we can.
08:15:17 <dan-shearer[m]> moonshine: I agree with Björn and that means you and me coordinating.
08:15:28 <bjk621[m]> I would like to send a report to NLnet => money to us
08:15:44 <dan-shearer[m]> I don't think it can be at the end of this meeting, unless someone has done a lot of very detailed work.
08:16:01 <dan-shearer[m]> bjk621: I have been going through the new NLnet web interface very carefully.
08:16:16 <bjk621[m]> This is ok
08:17:31 <bjk621[m]> dan-shearer:  "I have been going through the new NLnet web interface very carefully." -- I do not understand. We can sort this outside
08:17:41 <MartinaPalmucci[> The first version of ABE-SSS algorithm has been implemented. You can find it in here: https://github.com/martinapalmucci/abe-sss/tree/devel
08:17:41 <MartinaPalmucci[> The algorithm works but I still need to refactor and add some other stuff to make it clear and complete.
08:18:15 <moonshine[m]> dan-shearer[m]: That sounds good, I have been busy with other things lately but can do some work in the next few days
08:20:24 <dan-shearer[m]> > <@martinapalmucci:matrix.org> The first version of ABE-SSS algorithm has been implemented. You can find it in here: https://github.com/martinapalmucci/abe-sss/tree/devel
08:20:24 <dan-shearer[m]> > The algorithm works but I still need to refactor and add some other stuff to make it clear and complete.
08:20:24 <dan-shearer[m]> Wow that's a lot of work, well done. I will do my best to understand the mathematics. I may have a few minor contributions to the SQLite-specific notes.
08:21:54 <dan-shearer[m]> At some point it needs to become clear to a non-mathematician where the different algorithm boundaries lie. So we have SSS and inside that we have ABE, and ABE is implemented at the bottom layer with standard public key. For example.
08:23:00 <MartinaPalmucci[> > <@martinapalmucci:matrix.org> The first version of ABE-SSS algorithm has been implemented. You can find it in here: https://github.com/martinapalmucci/abe-sss/tree/devel
08:23:00 <MartinaPalmucci[> > The algorithm works but I still need to refactor and add some other stuff to make it clear and complete.
08:23:00 <MartinaPalmucci[> I will keep working on it and write a good text to make it easier to understand. I also have exam session from mid of August though. I will be little bit busy till September. After that, it is going to be full time working on ABE-SSS project.
08:23:42 <dan-shearer[m]> "After that, it is going to be full time working on ABE-SSS project." Now that is exciting. But I will be careful not to distract from your exams.
08:27:09 <dan-shearer[m]> Martina Palmucci: my question is this. Can I include any externally-generated public key into ABE-SSS as an additional mandatory requirement? I am wondering if adding some kind of time-based key is something you specifically have to design, or if it is just a matter of adding it to the bottom level of public key encryption?
08:27:44 <dan-shearer[m]> I think you can probably guess why I am asking... because what if there was some service a bit like NotBeforeTime, could we also time-lock a Lumion easily?
08:28:29 <dan-shearer[m]> (Note: https://cv.shearer.org/w/File:NotBeforeTime-2.5.pdf is latest discussion paper.)
08:29:18 <dan-shearer[m]> I understand this might take more thinking, but at least now I have asked the question :-)
08:32:14 <MartinaPalmucci[> So far, keys are numbers of a specific set. So, if you find some way to encode time in there, the answer is yes. I will think about it!
08:32:28 <dan-shearer[m]> Ok so I would like to move to some topics and action items.
08:32:43 <dan-shearer[m]> Thanks Martina Palmucci !
08:32:59 <dan-shearer[m]> #topic LumoSQL Applications
08:34:29 <dan-shearer[m]> As a reminder, Ruben works on Whisperfish with other people, https://gitlab.com/whisperfish/whisperfish . Like nearly all mobile apps, Whisperfish uses SQLite, and of course as a Signal client it needs encryption, so they use SQLCipher. SQLCipher has many problems, as documented in the LumoSQL docs.
08:36:24 <dan-shearer[m]> I have recently been in close contact with the team behind Molly, https://molly.im/ . Molly is something different to Whisperfish, it is a fork of the Signal app with various helpful changes. And, just like the original, Signal also need encryption and they also use SQLCipher. And they would like to use LumoSQL, just like (of course) Ruben and friends would for Whisperfish.
08:37:27 <dan-shearer[m]> So these are critical security applications used by many millions of people, and the authors are deeply aware of why potentially LumoSQL is going to be easier for them and better for everyone.
08:38:03 <dan-shearer[m]> And they are applications that look very critically at their libraries (such as liblumosql...) meaning we are getting quality review.
08:38:38 <dan-shearer[m]> #action Dan to continue figuring out how closely we can work with Molly.im . They are keen and very knowledgable in security forensics etc.
08:40:14 <dan-shearer[m]> In addition, as we know, we came up with the idea of a multi-level keysafe as the minimal standalone application to demonstrate LumoSQL features. We are at the point where we need to find someone who wants to start work on this. I am looking. the person will be interacting with our APIs, and probably our API-designers :-)
08:40:57 <dan-shearer[m]> #action Dan to continue looking for someone who wants to write a multilevel keysafe
08:41:55 <dan-shearer[m]> A keysafe is likely to become widely used, because everyone needs one. if not for storing keys, then for sharing small amounts of data with different groups of people. Including strangers, with no trust (and yes... it will be some kind of ABE again :-)
08:43:12 <dan-shearer[m]> If anyone present knows of an open source team that maintains some kind of mobile app that relies on encryption, please point them at me. I want to hear from teams looking for a better solution.
08:43:55 <dan-shearer[m]> This is starting to get towards the real world, and that feels good :-)
08:44:08 <dan-shearer[m]> Anyone got anything to add to this topic?
08:44:35 <Labhraich> has nothing to say
08:44:54 <bjk621[m]> nop
08:46:09 <dan-shearer[m]> Ok. Be aware that also a keysafe for parties that don't trust each other wasn't an idea that came from nowhere.
08:46:41 <dan-shearer[m]> Besides the fact that almost everyone needs one (including AirBNB hosts, for a simple but common example) there is also one that I believe is required by EU law.
08:47:28 <dan-shearer[m]> Totally boring legal analysis here: https://cv.shearer.org/w/Analysis_of_GDPR_Article_28
08:48:16 <bjk621[m]> ha -- I am a gdpr nerd oo. But you dan-shearer is more
08:48:38 <dan-shearer[m]> All of which is very closely related to (a) Lumions and Martina's SSS-ABE etc and (b) Ruben's PE-SQL because the apps need a database, not an algorithm :-)
08:49:08 <dan-shearer[m]> which I guess brings me to the next section.
08:49:54 <dan-shearer[m]> #topic Yes and No There is a Masterplan
08:51:03 <dan-shearer[m]> Public key encryption and SSL/TLS and HTTP are everywhere. These technologies work together and kind of evolved together, but they never were exactly a masterplan to take over the world.
08:51:39 <dan-shearer[m]> Molly.im asked me if there is a LumoSQL-type masterplan because all this stuff fits together. Maybe you can educate me more here, however here is my response so far.
08:53:15 <dan-shearer[m]> Lumions are a new data primitive, and they move the power from giant organisations to individuals, from software to data. And they exist exactly when everyone is worried about privacy and human rights. So of course they are going to be everywhere.
08:53:58 <dan-shearer[m]> In addition, we can apply our growing SSS and ABE/zero knowledge/etc understanding to similar problems.
08:54:54 <dan-shearer[m]> Like a multilevel keysafe for untrusted parties. Like a time-based locking mechanism where nobody trusts the servers. And even for a modification of the Signal Server system where it would be nice if the metadata was respected more.
08:55:08 <dan-shearer[m]> So: no deliberate masterplan.
08:55:42 <dan-shearer[m]> Yes: an accidental happy coincidence of things needed urgently by billions of people ... and here we are. LumoSQL team, take a bow.
08:56:38 <dan-shearer[m]> So I think it might be time to remind one another of actions?
08:56:51 <dan-shearer[m]> Or rather, ongoing work.
08:57:08 <dan-shearer[m]> Any comments on the above?
08:57:41 <Labhraich> not from me
08:58:09 <bjk621[m]> As we have discussed this laterly I have nothing to add
08:58:53 <dan-shearer[m]> Martina Palmucci, moonshine does this feel like too abstract to matter, or does it feel like there is a connection between LumoSQL and actual real-world problems?
08:59:57 <dan-shearer[m]> (It is very easy for me to get way too excited and forget some of the basics. I think this makes sense so far, but I'm listening.)
09:01:32 <dan-shearer[m]> okidokie it's a hot day in Europe so let's move along...
09:01:59 <dan-shearer[m]> #topic Summary of LumoSQL activity
09:03:00 <dan-shearer[m]> #info Labhraich is continuing with API design, where he is meeting Ruben in the middle and offering application developers an SQLite-ish interface to LumoSQL
09:03:12 <dan-shearer[m]> #info Dan and Gabby to coordinate
09:03:28 <dan-shearer[m]> #info Björn doing admin together with Dan
09:04:12 <dan-shearer[m]> #info Dan talking to application developers who need LumoSQL to exist
09:04:24 <Labhraich> #info Labhraich also needs to see what changed in sqlite3 3.39 - because our build system encounters an error when trying to build it
09:05:05 <dan-shearer[m]> #info Martina continuing to develop ABE-SSS with review as appropriate from others here
09:05:18 <dan-shearer[m]> And I think that is all?
09:06:12 <bjk621[m]> Let's review/revisit NLnet milestones on next meeting
09:06:43 <dan-shearer[m]> bjk621: I think that means you and I have to review it in detail *before* next meeting. It is easier now the admin tools at NLnet have improved.
09:07:14 <bjk621[m]> Excellent. You know more about their new tool than I do
09:07:23 <dan-shearer[m]> #action : Björn to review all NLnet milestones with Dan
09:08:18 <bjk621[m]> #accepted review NLnet milestones w/ Dan
09:09:47 <dan-shearer[m]> ok!
09:09:53 <dan-shearer[m]> Thankyou everyone.
09:09:58 <dan-shearer[m]> Any last thoughts?
09:10:15 <bjk621[m]> *nop
09:10:25 <Labhraich> no
09:10:29 <dan-shearer[m]> Well I am going to pull Martina's tree and have a good look. That's going to be fun.
09:11:01 <dan-shearer[m]> Thankyou and good morning.
09:11:14 <Labhraich> Morning
09:11:28 <dan-shearer[m]> #meetingname Weekly catchup
09:11:28 <lumosql-meetbot> dan-shearer[m]: Meeting name set to: Weekly catchup
09:11:57 <dan-shearer[m]> #endmeeting