# Attestations Round Table ## Theory * What is an attestation IRL? * What is an attestation in progromatic cryptography? * Why are attestations desirable? * Are attestations intrinsic facts? Why or why not? ## Tech * What kinds of attestations exist? * zk-JWT * zk-email * email header hash signed by dkim signature, hash contains hash of email body * dkim signature = signature by MTA (MAIL TRANSFER AGENT) (smtp.google.com for gmail) * Base proof that exports a dkim pubkey says (I know some email that was signed by google SMTP) * Using regex/ string search can also say (I know some email that was signed by google SMTP that was delivered to some domain @aztec.network and contains the phrase "Hello world") or anything else * Attested sensors * ["Fighting Disinformation with ZKP"](https://medium.com/@boneh/using-zk-proofs-to-fight-disinformation-17e7d57fe52f) * Would output an image and a pubkey from (Nikon) saying "I can prove that Nikon says that this image was captured directly on a Nikon signed camera" * Where would this be useful? (proofs of transformation, zkml, etc) * SXG (signed exchange) * TLSN * A client and a notary cooperate to derive a key for ECDH used in SSL * Notary facilitates communication with server for https communication * Client can decrypt the https content, selectively disclose parts of the content to the notary trustlessly * Passports, eIDAS, ## Theory * What is an attestation, and is it different from an intrinsic fact * Why are attestations useful? When do we need them? * Semaphore - is it an attestation or a fact? When and why? * How can we classify attestations? * First party * Third party * Trust in third party (MTA DKIM sigs vs TLS notarization) * At the end - consistent definition or changed after conversation? ## Technology * ZK Passport runthrough * What 1st party attestation sources exist? * Attested sensors? * Open Banking * SXG? * Signed Government Documents * What 3rd party attestation sources exist? * JWTs * Emails * Notarized HTTPS * Failure/ attack surfaces for described attestation bases? * Combining them - strength or weakness? * Can we quantify social/ economic value secured? * Where is the cutoff for acceptable use? ## Real world * What applications are enabled * already * theoretical * Legal implications * Terms of Service * Legally accountable for failures of cryptographic attestations *