# Intro to Gordian Use Cases II (Continued) ## Collaborative Signing Designs Envelopes can be used in a variety of collaborative forms. Following are examples of collaborative signing, where a group of individuals jointly declare the validity of an envelope, specifically to ensure the trustworthiness of a software release. The three use cases are presented progressively, demonstrating how a group of users can jointly validate the contents of an envelope, even as the group evolves over time. ### 1. Casey Codifies Software Releases [Multiple Signatures, Structured Data] > _Problem:_ Casey needs to produce multi-signed software releases using structured files that are easily checkable by automated means. The possibility of malicious actors injecting code into software is a [prime attack vector](https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/final-documents/taking-out-the-crud-five-fabulous-did-attacks.md#1-create-the-did-creation-switcharoo), especially on the modern internet with its open-source repositories. Thus, checksumming and signing sotware releases has become increasingly important. Unfortunately, it remains very ad hoc, with styles of release varying widely and information often split among many files. Casey decides on a methodology where he'll store all of the information in a single Gordian Envelope with regularized data. He fills in an Envelope with a list of all the files, a list of all the signers, data on each, and some additional notes: ``` "Gordian Envelope 1.0.0" [ "fileInfo": "gordian-envelope-1.0.0.dm" [ "sha256": "6b41b0d9d9bff2c23ad9bd66b054fda36e3494ec" "timestamp": "1668062209" ] "isSigner": "bill-not-the-science-guy" [ "pubkey": "ur:crypto-pubkeys/lftaaosehdcxnnvapylszmcwmowzjlkifrktpftnamrdpdjkcfetfskoimeolfcywnloptaswsvltpvahd…" ] "isSigner": "omarc-bc-guy" [ "pubkey": "ur:crypto-pubkeys/lftaaosehdcxzojlrltejneykkzcfdaowkcwlbguvtmhsegdwpttwdadrnjtpmchlbrswkbwkivwtpvahd…" ] note: "initial release" ] ``` ```mermaid graph LR 1(("ac65545b<br/>NODE")) 2["de7e544e<br/>#quot;Gordian Envelope 1.0.0#quot;"] 3(["41db7106<br/>ASSERTION"]) 4["628ac8d9<br/>#quot;fileInfo#quot;"] 5(("10561183<br/>NODE")) 6["03c3e8cf<br/>#quot;gordian-envelope-1.0.0.dm#quot;"] 7(["26cdea4a<br/>ASSERTION"]) 8["fd9d5aed<br/>#quot;timestamp#quot;"] 9["928e86de<br/>#quot;1668062209#quot;"] 10(["b25bf99e<br/>ASSERTION"]) 11["108dbfb1<br/>#quot;sha256#quot;"] 12["b895faae<br/>#quot;6b41b0d9d9bff2c23ad9bd66b054fda36e3494ec#quot;"] 13(["484da754<br/>ASSERTION"]) 14["67d69bd7<br/>#quot;isSigner#quot;"] 15(("0ae65c77<br/>NODE")) 16["61aece1e<br/>#quot;bill-not-the-science-guy#quot;"] 17(["0ad198e4<br/>ASSERTION"]) 18["d52596f8<br/>#quot;pubkey#quot;"] 19["e82d6b98<br/>#quot;ur:crypto-pubkeys/lftaaosehdcxnnvapylszmcwmowzjlkifrktpftnamrdpdjkcfetfskoimeolfcywnloptaswsvltpvahd…#quot;"] 20(["72d6fac6<br/>ASSERTION"]) 21[/"61fb6a6b<br/>note"/] 22["fa62ba29<br/>#quot;initial release#quot;"] 23(["90e799be<br/>ASSERTION"]) 24["67d69bd7<br/>#quot;isSigner#quot;"] 25(("c833b577<br/>NODE")) 26["34e0c09c<br/>#quot;omarc-bc-guy#quot;"] 27(["0b8d474f<br/>ASSERTION"]) 28["d52596f8<br/>#quot;pubkey#quot;"] 29["929e99e7<br/>#quot;ur:crypto-pubkeys/lftaaosehdcxzojlrltejneykkzcfdaowkcwlbguvtmhsegdwpttwdadrnjtpmchlbrswkbwkivwtpvahd…#quot;"] 1 -->|subj| 2 1 --> 3 3 -->|pred| 4 3 -->|obj| 5 5 -->|subj| 6 5 --> 7 7 -->|pred| 8 7 -->|obj| 9 5 --> 10 10 -->|pred| 11 10 -->|obj| 12 1 --> 13 13 -->|pred| 14 13 -->|obj| 15 15 -->|subj| 16 15 --> 17 17 -->|pred| 18 17 -->|obj| 19 1 --> 20 20 -->|pred| 21 20 -->|obj| 22 1 --> 23 23 -->|pred| 24 23 -->|obj| 25 25 -->|subj| 26 25 --> 27 27 -->|pred| 28 27 -->|obj| 29 style 1 stroke:red,stroke-width:3.0px style 2 stroke:#55f,stroke-width:3.0px style 3 stroke:red,stroke-width:3.0px style 4 stroke:#55f,stroke-width:3.0px style 5 stroke:red,stroke-width:3.0px style 6 stroke:#55f,stroke-width:3.0px style 7 stroke:red,stroke-width:3.0px style 8 stroke:#55f,stroke-width:3.0px style 9 stroke:#55f,stroke-width:3.0px style 10 stroke:red,stroke-width:3.0px style 11 stroke:#55f,stroke-width:3.0px style 12 stroke:#55f,stroke-width:3.0px style 13 stroke:red,stroke-width:3.0px style 14 stroke:#55f,stroke-width:3.0px style 15 stroke:red,stroke-width:3.0px style 16 stroke:#55f,stroke-width:3.0px style 17 stroke:red,stroke-width:3.0px style 18 stroke:#55f,stroke-width:3.0px style 19 stroke:#55f,stroke-width:3.0px style 20 stroke:red,stroke-width:3.0px style 21 stroke:#55f,stroke-width:3.0px style 22 stroke:#55f,stroke-width:3.0px style 23 stroke:red,stroke-width:3.0px style 24 stroke:#55f,stroke-width:3.0px style 25 stroke:red,stroke-width:3.0px style 26 stroke:#55f,stroke-width:3.0px style 27 stroke:red,stroke-width:3.0px style 28 stroke:#55f,stroke-width:3.0px style 29 stroke:#55f,stroke-width:3.0px linkStyle 0 stroke:red,stroke-width:2.0px linkStyle 1 stroke-width:2.0px linkStyle 2 stroke:green,stroke-width:2.0px linkStyle 3 stroke:#55f,stroke-width:2.0px linkStyle 4 stroke:red,stroke-width:2.0px linkStyle 5 stroke-width:2.0px linkStyle 6 stroke:green,stroke-width:2.0px linkStyle 7 stroke:#55f,stroke-width:2.0px linkStyle 8 stroke-width:2.0px linkStyle 9 stroke:green,stroke-width:2.0px linkStyle 10 stroke:#55f,stroke-width:2.0px linkStyle 11 stroke-width:2.0px linkStyle 12 stroke:green,stroke-width:2.0px linkStyle 13 stroke:#55f,stroke-width:2.0px linkStyle 14 stroke:red,stroke-width:2.0px linkStyle 15 stroke-width:2.0px linkStyle 16 stroke:green,stroke-width:2.0px linkStyle 17 stroke:#55f,stroke-width:2.0px linkStyle 18 stroke-width:2.0px linkStyle 19 stroke:green,stroke-width:2.0px linkStyle 20 stroke:#55f,stroke-width:2.0px linkStyle 21 stroke-width:2.0px linkStyle 22 stroke:green,stroke-width:2.0px linkStyle 23 stroke:#55f,stroke-width:2.0px linkStyle 24 stroke:red,stroke-width:2.0px linkStyle 25 stroke-width:2.0px linkStyle 26 stroke:green,stroke-width:2.0px linkStyle 27 stroke:#55f,stroke-width:2.0px ``` Since this is the initial release of the Envelope, no one knows whether the signers can be trusted or not. Casey bootstraps the envelope by adding `signerInfo` hints, which tell validators where they can go to get more information about the included public keys. As usual, validators will then have to thoughtfully address the trustworthiness of that information. ``` "Gordian Envelope 1.0.0" [ "fileInfo": "gordian-envelope-1.0.0.dm" [ "sha256": "6b41b0d9d9bff2c23ad9bd66b054fda36e3494ec" "timestamp": "1668062209" ] "isSigner": "bill-not-the-science-guy" [ "pubkey": "ur:crypto-pubkeys/lftaaosehdcxnnvapylszmcwmowzjlkifrktpftnamrdpdjkcfetfskoimeolfcywnloptaswsvltpvahd…" ] "isSigner": "omarc-bc-guy" [ "pubkey": "ur:crypto-pubkeys/lftaaosehdcxzojlrltejneykkzcfdaowkcwlbguvtmhsegdwpttwdadrnjtpmchlbrswkbwkivwtpvahd…" ] "signerInfo": "bill-not-the-science-guy" [ "pubkeyURL": "https://github.com/bill-not-the-science-guy.keys" ] "signerInfo": "omarc-bc-guy" [ "pubkeyURL": "https://github.com/omarc-bc-guy.keys" ] note: "initial release" ] ``` ```mermaid graph LR 1(("d19ef9e7<br/>NODE")) 2["de7e544e<br/>#quot;Gordian Envelope 1.0.0#quot;"] 3(["41db7106<br/>ASSERTION"]) 4["628ac8d9<br/>#quot;fileInfo#quot;"] 5(("10561183<br/>NODE")) 6["03c3e8cf<br/>#quot;gordian-envelope-1.0.0.dm#quot;"] 7(["26cdea4a<br/>ASSERTION"]) 8["fd9d5aed<br/>#quot;timestamp#quot;"] 9["928e86de<br/>#quot;1668062209#quot;"] 10(["b25bf99e<br/>ASSERTION"]) 11["108dbfb1<br/>#quot;sha256#quot;"] 12["b895faae<br/>#quot;6b41b0d9d9bff2c23ad9bd66b054fda36e3494ec#quot;"] 13(["484da754<br/>ASSERTION"]) 14["67d69bd7<br/>#quot;isSigner#quot;"] 15(("0ae65c77<br/>NODE")) 16["61aece1e<br/>#quot;bill-not-the-science-guy#quot;"] 17(["0ad198e4<br/>ASSERTION"]) 18["d52596f8<br/>#quot;pubkey#quot;"] 19["e82d6b98<br/>#quot;ur:crypto-pubkeys/lftaaosehdcxnnvapylszmcwmowzjlkifrktpftnamrdpdjkcfetfskoimeolfcywnloptaswsvltpvahd…#quot;"] 20(["4ef0d8f2<br/>ASSERTION"]) 21["dbc1553d<br/>#quot;signerInfo#quot;"] 22(("d77c0291<br/>NODE")) 23["34e0c09c<br/>#quot;omarc-bc-guy#quot;"] 24(["9bc4beec<br/>ASSERTION"]) 25["29c0cd61<br/>#quot;pubkeyURL#quot;"] 26["78d7942e<br/>#quot;https://github.com/omarc-bc-guy.keys#quot;"] 27(["72d6fac6<br/>ASSERTION"]) 28[/"61fb6a6b<br/>note"/] 29["fa62ba29<br/>#quot;initial release#quot;"] 30(["90e799be<br/>ASSERTION"]) 31["67d69bd7<br/>#quot;isSigner#quot;"] 32(("c833b577<br/>NODE")) 33["34e0c09c<br/>#quot;omarc-bc-guy#quot;"] 34(["0b8d474f<br/>ASSERTION"]) 35["d52596f8<br/>#quot;pubkey#quot;"] 36["929e99e7<br/>#quot;ur:crypto-pubkeys/lftaaosehdcxzojlrltejneykkzcfdaowkcwlbguvtmhsegdwpttwdadrnjtpmchlbrswkbwkivwtpvahd…#quot;"] 37(["b5c9129a<br/>ASSERTION"]) 38["dbc1553d<br/>#quot;signerInfo#quot;"] 39(("67a2f813<br/>NODE")) 40["61aece1e<br/>#quot;bill-not-the-science-guy#quot;"] 41(["8f4c7eec<br/>ASSERTION"]) 42["29c0cd61<br/>#quot;pubkeyURL#quot;"] 43["0b240880<br/>#quot;https://github.com/bill-not-the-science-guy.keys#quot;"] 1 -->|subj| 2 1 --> 3 3 -->|pred| 4 3 -->|obj| 5 5 -->|subj| 6 5 --> 7 7 -->|pred| 8 7 -->|obj| 9 5 --> 10 10 -->|pred| 11 10 -->|obj| 12 1 --> 13 13 -->|pred| 14 13 -->|obj| 15 15 -->|subj| 16 15 --> 17 17 -->|pred| 18 17 -->|obj| 19 1 --> 20 20 -->|pred| 21 20 -->|obj| 22 22 -->|subj| 23 22 --> 24 24 -->|pred| 25 24 -->|obj| 26 1 --> 27 27 -->|pred| 28 27 -->|obj| 29 1 --> 30 30 -->|pred| 31 30 -->|obj| 32 32 -->|subj| 33 32 --> 34 34 -->|pred| 35 34 -->|obj| 36 1 --> 37 37 -->|pred| 38 37 -->|obj| 39 39 -->|subj| 40 39 --> 41 41 -->|pred| 42 41 -->|obj| 43 style 1 stroke:red,stroke-width:3.0px style 2 stroke:#55f,stroke-width:3.0px style 3 stroke:red,stroke-width:3.0px style 4 stroke:#55f,stroke-width:3.0px style 5 stroke:red,stroke-width:3.0px style 6 stroke:#55f,stroke-width:3.0px style 7 stroke:red,stroke-width:3.0px style 8 stroke:#55f,stroke-width:3.0px style 9 stroke:#55f,stroke-width:3.0px style 10 stroke:red,stroke-width:3.0px style 11 stroke:#55f,stroke-width:3.0px style 12 stroke:#55f,stroke-width:3.0px style 13 stroke:red,stroke-width:3.0px style 14 stroke:#55f,stroke-width:3.0px style 15 stroke:red,stroke-width:3.0px style 16 stroke:#55f,stroke-width:3.0px style 17 stroke:red,stroke-width:3.0px style 18 stroke:#55f,stroke-width:3.0px style 19 stroke:#55f,stroke-width:3.0px style 20 stroke:red,stroke-width:3.0px style 21 stroke:#55f,stroke-width:3.0px style 22 stroke:red,stroke-width:3.0px style 23 stroke:#55f,stroke-width:3.0px style 24 stroke:red,stroke-width:3.0px style 25 stroke:#55f,stroke-width:3.0px style 26 stroke:#55f,stroke-width:3.0px style 27 stroke:red,stroke-width:3.0px style 28 stroke:#55f,stroke-width:3.0px style 29 stroke:#55f,stroke-width:3.0px style 30 stroke:red,stroke-width:3.0px style 31 stroke:#55f,stroke-width:3.0px style 32 stroke:red,stroke-width:3.0px style 33 stroke:#55f,stroke-width:3.0px style 34 stroke:red,stroke-width:3.0px style 35 stroke:#55f,stroke-width:3.0px style 36 stroke:#55f,stroke-width:3.0px style 37 stroke:red,stroke-width:3.0px style 38 stroke:#55f,stroke-width:3.0px style 39 stroke:red,stroke-width:3.0px style 40 stroke:#55f,stroke-width:3.0px style 41 stroke:red,stroke-width:3.0px style 42 stroke:#55f,stroke-width:3.0px style 43 stroke:#55f,stroke-width:3.0px linkStyle 0 stroke:red,stroke-width:2.0px linkStyle 1 stroke-width:2.0px linkStyle 2 stroke:green,stroke-width:2.0px linkStyle 3 stroke:#55f,stroke-width:2.0px linkStyle 4 stroke:red,stroke-width:2.0px linkStyle 5 stroke-width:2.0px linkStyle 6 stroke:green,stroke-width:2.0px linkStyle 7 stroke:#55f,stroke-width:2.0px linkStyle 8 stroke-width:2.0px linkStyle 9 stroke:green,stroke-width:2.0px linkStyle 10 stroke:#55f,stroke-width:2.0px linkStyle 11 stroke-width:2.0px linkStyle 12 stroke:green,stroke-width:2.0px linkStyle 13 stroke:#55f,stroke-width:2.0px linkStyle 14 stroke:red,stroke-width:2.0px linkStyle 15 stroke-width:2.0px linkStyle 16 stroke:green,stroke-width:2.0px linkStyle 17 stroke:#55f,stroke-width:2.0px linkStyle 18 stroke-width:2.0px linkStyle 19 stroke:green,stroke-width:2.0px linkStyle 20 stroke:#55f,stroke-width:2.0px linkStyle 21 stroke:red,stroke-width:2.0px linkStyle 22 stroke-width:2.0px linkStyle 23 stroke:green,stroke-width:2.0px linkStyle 24 stroke:#55f,stroke-width:2.0px linkStyle 25 stroke-width:2.0px linkStyle 26 stroke:green,stroke-width:2.0px linkStyle 27 stroke:#55f,stroke-width:2.0px linkStyle 28 stroke-width:2.0px linkStyle 29 stroke:green,stroke-width:2.0px linkStyle 30 stroke:#55f,stroke-width:2.0px linkStyle 31 stroke:red,stroke-width:2.0px linkStyle 32 stroke-width:2.0px linkStyle 33 stroke:green,stroke-width:2.0px linkStyle 34 stroke:#55f,stroke-width:2.0px linkStyle 35 stroke-width:2.0px linkStyle 36 stroke:green,stroke-width:2.0px linkStyle 37 stroke:#55f,stroke-width:2.0px linkStyle 38 stroke:red,stroke-width:2.0px linkStyle 39 stroke-width:2.0px linkStyle 40 stroke:green,stroke-width:2.0px linkStyle 41 stroke:#55f,stroke-width:2.0px ``` Of course, one more thing is necessary to make the `fileInfo` trustworthy: the envelope must be signed. Casey's lead developers, Bill and Omar, each provide a signature, creating a group verification that can be checked against either signature (or both). In order for those signatures to apply to the entire envelope, the envelope must first be wrapped; because signatures are assertions, they'd otherwise just apply to the subject, "Gordian Envelope 1.0.0", which wouldn't be that useful! After wrapping the envelope, both Bill and Omar can sign. ``` { "Gordian Envelope 1.0.0" [ "fileInfo": "gordian-envelope-1.0.0.dm" [ "sha256": "6b41b0d9d9bff2c23ad9bd66b054fda36e3494ec" "timestamp": "1668062209" ] "isSigner": "bill-not-the-science-guy" [ "pubkey": "ur:crypto-pubkeys/lftaaosehdcxnnvapylszmcwmowzjlkifrktpftnamrdpdjkcfetfskoimeolfcywnloptaswsvltpvahd…" ] "isSigner": "omarc-bc-guy" [ "pubkey": "ur:crypto-pubkeys/lftaaosehdcxzojlrltejneykkzcfdaowkcwlbguvtmhsegdwpttwdadrnjtpmchlbrswkbwkivwtpvahd…" ] "signerInfo": "bill-not-the-science-guy" [ "pubkeyURL": "https://github.com/bill-not-the-science-guy.keys" ] "signerInfo": "omarc-bc-guy" [ "pubkeyURL": "https://github.com/omarc-bc-guy.keys" ] note: "initial release" ] } [ verifiedBy: Signature verifiedBy: Signature ] ``` ```mermaid graph LR 1(("6dd37ee9<br/>NODE")) 2[/"1502aebf<br/>WRAPPED"\] 3(("d19ef9e7<br/>NODE")) 4["de7e544e<br/>#quot;Gordian Envelope 1.0.0#quot;"] 5(["41db7106<br/>ASSERTION"]) 6["628ac8d9<br/>#quot;fileInfo#quot;"] 7(("10561183<br/>NODE")) 8["03c3e8cf<br/>#quot;gordian-envelope-1.0.0.dm#quot;"] 9(["26cdea4a<br/>ASSERTION"]) 10["fd9d5aed<br/>#quot;timestamp#quot;"] 11["928e86de<br/>#quot;1668062209#quot;"] 12(["b25bf99e<br/>ASSERTION"]) 13["108dbfb1<br/>#quot;sha256#quot;"] 14["b895faae<br/>#quot;6b41b0d9d9bff2c23ad9bd66b054fda36e3494ec#quot;"] 15(["484da754<br/>ASSERTION"]) 16["67d69bd7<br/>#quot;isSigner#quot;"] 17(("0ae65c77<br/>NODE")) 18["61aece1e<br/>#quot;bill-not-the-science-guy#quot;"] 19(["0ad198e4<br/>ASSERTION"]) 20["d52596f8<br/>#quot;pubkey#quot;"] 21["e82d6b98<br/>#quot;ur:crypto-pubkeys/lftaaosehdcxnnvapylszmcwmowzjlkifrktpftnamrdpdjkcfetfskoimeolfcywnloptaswsvltpvahd…#quot;"] 22(["4ef0d8f2<br/>ASSERTION"]) 23["dbc1553d<br/>#quot;signerInfo#quot;"] 24(("d77c0291<br/>NODE")) 25["34e0c09c<br/>#quot;omarc-bc-guy#quot;"] 26(["9bc4beec<br/>ASSERTION"]) 27["29c0cd61<br/>#quot;pubkeyURL#quot;"] 28["78d7942e<br/>#quot;https://github.com/omarc-bc-guy.keys#quot;"] 29(["72d6fac6<br/>ASSERTION"]) 30[/"61fb6a6b<br/>note"/] 31["fa62ba29<br/>#quot;initial release#quot;"] 32(["90e799be<br/>ASSERTION"]) 33["67d69bd7<br/>#quot;isSigner#quot;"] 34(("c833b577<br/>NODE")) 35["34e0c09c<br/>#quot;omarc-bc-guy#quot;"] 36(["0b8d474f<br/>ASSERTION"]) 37["d52596f8<br/>#quot;pubkey#quot;"] 38["929e99e7<br/>#quot;ur:crypto-pubkeys/lftaaosehdcxzojlrltejneykkzcfdaowkcwlbguvtmhsegdwpttwdadrnjtpmchlbrswkbwkivwtpvahd…#quot;"] 39(["b5c9129a<br/>ASSERTION"]) 40["dbc1553d<br/>#quot;signerInfo#quot;"] 41(("67a2f813<br/>NODE")) 42["61aece1e<br/>#quot;bill-not-the-science-guy#quot;"] 43(["8f4c7eec<br/>ASSERTION"]) 44["29c0cd61<br/>#quot;pubkeyURL#quot;"] 45["0b240880<br/>#quot;https://github.com/bill-not-the-science-guy.keys#quot;"] 46(["10799807<br/>ASSERTION"]) 47[/"d59f8c0f<br/>verifiedBy"/] 48["a61ca537<br/>Signature"] 49(["d491128c<br/>ASSERTION"]) 50[/"d59f8c0f<br/>verifiedBy"/] 51["7720bb5b<br/>Signature"] 1 -->|subj| 2 2 -->|subj| 3 3 -->|subj| 4 3 --> 5 5 -->|pred| 6 5 -->|obj| 7 7 -->|subj| 8 7 --> 9 9 -->|pred| 10 9 -->|obj| 11 7 --> 12 12 -->|pred| 13 12 -->|obj| 14 3 --> 15 15 -->|pred| 16 15 -->|obj| 17 17 -->|subj| 18 17 --> 19 19 -->|pred| 20 19 -->|obj| 21 3 --> 22 22 -->|pred| 23 22 -->|obj| 24 24 -->|subj| 25 24 --> 26 26 -->|pred| 27 26 -->|obj| 28 3 --> 29 29 -->|pred| 30 29 -->|obj| 31 3 --> 32 32 -->|pred| 33 32 -->|obj| 34 34 -->|subj| 35 34 --> 36 36 -->|pred| 37 36 -->|obj| 38 3 --> 39 39 -->|pred| 40 39 -->|obj| 41 41 -->|subj| 42 41 --> 43 43 -->|pred| 44 43 -->|obj| 45 1 --> 46 46 -->|pred| 47 46 -->|obj| 48 1 --> 49 49 -->|pred| 50 49 -->|obj| 51 style 1 stroke:red,stroke-width:3.0px style 2 stroke:red,stroke-width:3.0px style 3 stroke:red,stroke-width:3.0px style 4 stroke:#55f,stroke-width:3.0px style 5 stroke:red,stroke-width:3.0px style 6 stroke:#55f,stroke-width:3.0px style 7 stroke:red,stroke-width:3.0px style 8 stroke:#55f,stroke-width:3.0px style 9 stroke:red,stroke-width:3.0px style 10 stroke:#55f,stroke-width:3.0px style 11 stroke:#55f,stroke-width:3.0px style 12 stroke:red,stroke-width:3.0px style 13 stroke:#55f,stroke-width:3.0px style 14 stroke:#55f,stroke-width:3.0px style 15 stroke:red,stroke-width:3.0px style 16 stroke:#55f,stroke-width:3.0px style 17 stroke:red,stroke-width:3.0px style 18 stroke:#55f,stroke-width:3.0px style 19 stroke:red,stroke-width:3.0px style 20 stroke:#55f,stroke-width:3.0px style 21 stroke:#55f,stroke-width:3.0px style 22 stroke:red,stroke-width:3.0px style 23 stroke:#55f,stroke-width:3.0px style 24 stroke:red,stroke-width:3.0px style 25 stroke:#55f,stroke-width:3.0px style 26 stroke:red,stroke-width:3.0px style 27 stroke:#55f,stroke-width:3.0px style 28 stroke:#55f,stroke-width:3.0px style 29 stroke:red,stroke-width:3.0px style 30 stroke:#55f,stroke-width:3.0px style 31 stroke:#55f,stroke-width:3.0px style 32 stroke:red,stroke-width:3.0px style 33 stroke:#55f,stroke-width:3.0px style 34 stroke:red,stroke-width:3.0px style 35 stroke:#55f,stroke-width:3.0px style 36 stroke:red,stroke-width:3.0px style 37 stroke:#55f,stroke-width:3.0px style 38 stroke:#55f,stroke-width:3.0px style 39 stroke:red,stroke-width:3.0px style 40 stroke:#55f,stroke-width:3.0px style 41 stroke:red,stroke-width:3.0px style 42 stroke:#55f,stroke-width:3.0px style 43 stroke:red,stroke-width:3.0px style 44 stroke:#55f,stroke-width:3.0px style 45 stroke:#55f,stroke-width:3.0px style 46 stroke:red,stroke-width:3.0px style 47 stroke:#55f,stroke-width:3.0px style 48 stroke:#55f,stroke-width:3.0px style 49 stroke:red,stroke-width:3.0px style 50 stroke:#55f,stroke-width:3.0px style 51 stroke:#55f,stroke-width:3.0px linkStyle 0 stroke:red,stroke-width:2.0px linkStyle 1 stroke:red,stroke-width:2.0px linkStyle 2 stroke:red,stroke-width:2.0px linkStyle 3 stroke-width:2.0px linkStyle 4 stroke:green,stroke-width:2.0px linkStyle 5 stroke:#55f,stroke-width:2.0px linkStyle 6 stroke:red,stroke-width:2.0px linkStyle 7 stroke-width:2.0px linkStyle 8 stroke:green,stroke-width:2.0px linkStyle 9 stroke:#55f,stroke-width:2.0px linkStyle 10 stroke-width:2.0px linkStyle 11 stroke:green,stroke-width:2.0px linkStyle 12 stroke:#55f,stroke-width:2.0px linkStyle 13 stroke-width:2.0px linkStyle 14 stroke:green,stroke-width:2.0px linkStyle 15 stroke:#55f,stroke-width:2.0px linkStyle 16 stroke:red,stroke-width:2.0px linkStyle 17 stroke-width:2.0px linkStyle 18 stroke:green,stroke-width:2.0px linkStyle 19 stroke:#55f,stroke-width:2.0px linkStyle 20 stroke-width:2.0px linkStyle 21 stroke:green,stroke-width:2.0px linkStyle 22 stroke:#55f,stroke-width:2.0px linkStyle 23 stroke:red,stroke-width:2.0px linkStyle 24 stroke-width:2.0px linkStyle 25 stroke:green,stroke-width:2.0px linkStyle 26 stroke:#55f,stroke-width:2.0px linkStyle 27 stroke-width:2.0px linkStyle 28 stroke:green,stroke-width:2.0px linkStyle 29 stroke:#55f,stroke-width:2.0px linkStyle 30 stroke-width:2.0px linkStyle 31 stroke:green,stroke-width:2.0px linkStyle 32 stroke:#55f,stroke-width:2.0px linkStyle 33 stroke:red,stroke-width:2.0px linkStyle 34 stroke-width:2.0px linkStyle 35 stroke:green,stroke-width:2.0px linkStyle 36 stroke:#55f,stroke-width:2.0px linkStyle 37 stroke-width:2.0px linkStyle 38 stroke:green,stroke-width:2.0px linkStyle 39 stroke:#55f,stroke-width:2.0px linkStyle 40 stroke:red,stroke-width:2.0px linkStyle 41 stroke-width:2.0px linkStyle 42 stroke:green,stroke-width:2.0px linkStyle 43 stroke:#55f,stroke-width:2.0px linkStyle 44 stroke-width:2.0px linkStyle 45 stroke:green,stroke-width:2.0px linkStyle 46 stroke:#55f,stroke-width:2.0px linkStyle 47 stroke-width:2.0px linkStyle 48 stroke:green,stroke-width:2.0px linkStyle 49 stroke:#55f,stroke-width:2.0px ``` ### 2. Casey Chains His Software Releases [Chained Data] > _Problem Solved:_ Casey wants to be able to continuously rerelease his software, while reducing validation cost over time. Because Casey has now established a root of trust with his initial release he can make a new release without having to reestablish his signers. ``` "Gordian Envelope 1.0.1" [ "fileInfo": "gordian-envelope-1.0.1.dm" [ "sha256": "2c11c2c9c38b18ac12ab0880447f72b4739385c3a03ad65b765d426ecea1ad48" "timestamp": "1668026209" ] "isSigner": "bill-not-the-science-guy" [ "pubkey": "ur:crypto-pubkeys/lftaaosehdcxnnvapylszmcwmowzjlkifrktpftnamrdpdjkcfetfskoimeolfcywnloptaswsvltpvahd…" ] "isSigner": "omarc-bc-guy" [ "pubkey": "ur:crypto-pubkeys/lftaaosehdcxzojlrltejneykkzcfdaowkcwlbguvtmhsegdwpttwdadrnjtpmchlbrswkbwkivwtpvahd…" ] "previousRelease": "https://github.com/BlockchainCommons/GordianEnvelope-Experiment/releases/download/v1.0.0/gordian-env…" note: "improved documentation" ] ``` ```mermaid graph LR 1(("42712f3e<br/>NODE")) 2["70788a53<br/>#quot;Gordian Envelope 1.0.1#quot;"] 3(["484da754<br/>ASSERTION"]) 4["67d69bd7<br/>#quot;isSigner#quot;"] 5(("0ae65c77<br/>NODE")) 6["61aece1e<br/>#quot;bill-not-the-science-guy#quot;"] 7(["0ad198e4<br/>ASSERTION"]) 8["d52596f8<br/>#quot;pubkey#quot;"] 9["e82d6b98<br/>#quot;ur:crypto-pubkeys/lftaaosehdcxnnvapylszmcwmowzjlkifrktpftnamrdpdjkcfetfskoimeolfcywnloptaswsvltpvahd…#quot;"] 10(["8c13a688<br/>ASSERTION"]) 11[/"61fb6a6b<br/>note"/] 12["3671dd52<br/>#quot;improved documentation#quot;"] 13(["90e799be<br/>ASSERTION"]) 14["67d69bd7<br/>#quot;isSigner#quot;"] 15(("c833b577<br/>NODE")) 16["34e0c09c<br/>#quot;omarc-bc-guy#quot;"] 17(["0b8d474f<br/>ASSERTION"]) 18["d52596f8<br/>#quot;pubkey#quot;"] 19["929e99e7<br/>#quot;ur:crypto-pubkeys/lftaaosehdcxzojlrltejneykkzcfdaowkcwlbguvtmhsegdwpttwdadrnjtpmchlbrswkbwkivwtpvahd…#quot;"] 20(["d31238a4<br/>ASSERTION"]) 21["10d67046<br/>#quot;previousRelease#quot;"] 22["348c0715<br/>#quot;https://github.com/BlockchainCommons/GordianEnvelope-Experiment/releases/download/v1.0.0/gordian-env…#quot;"] 23(["ebe4d16f<br/>ASSERTION"]) 24["628ac8d9<br/>#quot;fileInfo#quot;"] 25(("96628076<br/>NODE")) 26["ed14cf80<br/>#quot;gordian-envelope-1.0.1.dm#quot;"] 27(["a9f4eb26<br/>ASSERTION"]) 28["108dbfb1<br/>#quot;sha256#quot;"] 29["cd5979c9<br/>#quot;2c11c2c9c38b18ac12ab0880447f72b4739385c3a03ad65b765d426ecea1ad48#quot;"] 30(["f3a0597e<br/>ASSERTION"]) 31["fd9d5aed<br/>#quot;timestamp#quot;"] 32["61b2ca73<br/>#quot;1668026209#quot;"] 1 -->|subj| 2 1 --> 3 3 -->|pred| 4 3 -->|obj| 5 5 -->|subj| 6 5 --> 7 7 -->|pred| 8 7 -->|obj| 9 1 --> 10 10 -->|pred| 11 10 -->|obj| 12 1 --> 13 13 -->|pred| 14 13 -->|obj| 15 15 -->|subj| 16 15 --> 17 17 -->|pred| 18 17 -->|obj| 19 1 --> 20 20 -->|pred| 21 20 -->|obj| 22 1 --> 23 23 -->|pred| 24 23 -->|obj| 25 25 -->|subj| 26 25 --> 27 27 -->|pred| 28 27 -->|obj| 29 25 --> 30 30 -->|pred| 31 30 -->|obj| 32 style 1 stroke:red,stroke-width:3.0px style 2 stroke:#55f,stroke-width:3.0px style 3 stroke:red,stroke-width:3.0px style 4 stroke:#55f,stroke-width:3.0px style 5 stroke:red,stroke-width:3.0px style 6 stroke:#55f,stroke-width:3.0px style 7 stroke:red,stroke-width:3.0px style 8 stroke:#55f,stroke-width:3.0px style 9 stroke:#55f,stroke-width:3.0px style 10 stroke:red,stroke-width:3.0px style 11 stroke:#55f,stroke-width:3.0px style 12 stroke:#55f,stroke-width:3.0px style 13 stroke:red,stroke-width:3.0px style 14 stroke:#55f,stroke-width:3.0px style 15 stroke:red,stroke-width:3.0px style 16 stroke:#55f,stroke-width:3.0px style 17 stroke:red,stroke-width:3.0px style 18 stroke:#55f,stroke-width:3.0px style 19 stroke:#55f,stroke-width:3.0px style 20 stroke:red,stroke-width:3.0px style 21 stroke:#55f,stroke-width:3.0px style 22 stroke:#55f,stroke-width:3.0px style 23 stroke:red,stroke-width:3.0px style 24 stroke:#55f,stroke-width:3.0px style 25 stroke:red,stroke-width:3.0px style 26 stroke:#55f,stroke-width:3.0px style 27 stroke:red,stroke-width:3.0px style 28 stroke:#55f,stroke-width:3.0px style 29 stroke:#55f,stroke-width:3.0px style 30 stroke:red,stroke-width:3.0px style 31 stroke:#55f,stroke-width:3.0px style 32 stroke:#55f,stroke-width:3.0px linkStyle 0 stroke:red,stroke-width:2.0px linkStyle 1 stroke-width:2.0px linkStyle 2 stroke:green,stroke-width:2.0px linkStyle 3 stroke:#55f,stroke-width:2.0px linkStyle 4 stroke:red,stroke-width:2.0px linkStyle 5 stroke-width:2.0px linkStyle 6 stroke:green,stroke-width:2.0px linkStyle 7 stroke:#55f,stroke-width:2.0px linkStyle 8 stroke-width:2.0px linkStyle 9 stroke:green,stroke-width:2.0px linkStyle 10 stroke:#55f,stroke-width:2.0px linkStyle 11 stroke-width:2.0px linkStyle 12 stroke:green,stroke-width:2.0px linkStyle 13 stroke:#55f,stroke-width:2.0px linkStyle 14 stroke:red,stroke-width:2.0px linkStyle 15 stroke-width:2.0px linkStyle 16 stroke:green,stroke-width:2.0px linkStyle 17 stroke:#55f,stroke-width:2.0px linkStyle 18 stroke-width:2.0px linkStyle 19 stroke:green,stroke-width:2.0px linkStyle 20 stroke:#55f,stroke-width:2.0px linkStyle 21 stroke-width:2.0px linkStyle 22 stroke:green,stroke-width:2.0px linkStyle 23 stroke:#55f,stroke-width:2.0px linkStyle 24 stroke:red,stroke-width:2.0px linkStyle 25 stroke-width:2.0px linkStyle 26 stroke:green,stroke-width:2.0px linkStyle 27 stroke:#55f,stroke-width:2.0px linkStyle 28 stroke-width:2.0px linkStyle 29 stroke:green,stroke-width:2.0px linkStyle 30 stroke:#55f,stroke-width:2.0px ``` After wrapping and signing, the final envelope is: ``` { "Gordian Envelope 1.0.1" [ "fileInfo": "gordian-envelope-1.0.1.dm" [ "sha256": "2c11c2c9c38b18ac12ab0880447f72b4739385c3a03ad65b765d426ecea1ad48" "timestamp": "1668026209" ] "isSigner": "bill-not-the-science-guy" [ "pubkey": "ur:crypto-pubkeys/lftaaosehdcxnnvapylszmcwmowzjlkifrktpftnamrdpdjkcfetfskoimeolfcywnloptaswsvltpvahd…" ] "isSigner": "omarc-bc-guy" [ "pubkey": "ur:crypto-pubkeys/lftaaosehdcxzojlrltejneykkzcfdaowkcwlbguvtmhsegdwpttwdadrnjtpmchlbrswkbwkivwtpvahd…" ] "previousRelease": "https://github.com/BlockchainCommons/GordianEnvelope-Experiment/releases/download/v1.0.0/gordian-env…" note: "improved documentation" ] } [ verifiedBy: Signature verifiedBy: Signature ] ``` ```mermaid graph LR 1(("f6336886<br/>NODE")) 2[/"b4c23e49<br/>WRAPPED"\] 3(("42712f3e<br/>NODE")) 4["70788a53<br/>#quot;Gordian Envelope 1.0.1#quot;"] 5(["484da754<br/>ASSERTION"]) 6["67d69bd7<br/>#quot;isSigner#quot;"] 7(("0ae65c77<br/>NODE")) 8["61aece1e<br/>#quot;bill-not-the-science-guy#quot;"] 9(["0ad198e4<br/>ASSERTION"]) 10["d52596f8<br/>#quot;pubkey#quot;"] 11["e82d6b98<br/>#quot;ur:crypto-pubkeys/lftaaosehdcxnnvapylszmcwmowzjlkifrktpftnamrdpdjkcfetfskoimeolfcywnloptaswsvltpvahd…#quot;"] 12(["8c13a688<br/>ASSERTION"]) 13[/"61fb6a6b<br/>note"/] 14["3671dd52<br/>#quot;improved documentation#quot;"] 15(["90e799be<br/>ASSERTION"]) 16["67d69bd7<br/>#quot;isSigner#quot;"] 17(("c833b577<br/>NODE")) 18["34e0c09c<br/>#quot;omarc-bc-guy#quot;"] 19(["0b8d474f<br/>ASSERTION"]) 20["d52596f8<br/>#quot;pubkey#quot;"] 21["929e99e7<br/>#quot;ur:crypto-pubkeys/lftaaosehdcxzojlrltejneykkzcfdaowkcwlbguvtmhsegdwpttwdadrnjtpmchlbrswkbwkivwtpvahd…#quot;"] 22(["d31238a4<br/>ASSERTION"]) 23["10d67046<br/>#quot;previousRelease#quot;"] 24["348c0715<br/>#quot;https://github.com/BlockchainCommons/GordianEnvelope-Experiment/releases/download/v1.0.0/gordian-env…#quot;"] 25(["ebe4d16f<br/>ASSERTION"]) 26["628ac8d9<br/>#quot;fileInfo#quot;"] 27(("96628076<br/>NODE")) 28["ed14cf80<br/>#quot;gordian-envelope-1.0.1.dm#quot;"] 29(["a9f4eb26<br/>ASSERTION"]) 30["108dbfb1<br/>#quot;sha256#quot;"] 31["cd5979c9<br/>#quot;2c11c2c9c38b18ac12ab0880447f72b4739385c3a03ad65b765d426ecea1ad48#quot;"] 32(["f3a0597e<br/>ASSERTION"]) 33["fd9d5aed<br/>#quot;timestamp#quot;"] 34["61b2ca73<br/>#quot;1668026209#quot;"] 35(["4eb7fae2<br/>ASSERTION"]) 36[/"d59f8c0f<br/>verifiedBy"/] 37["1bb8f0ca<br/>Signature"] 38(["afd1e527<br/>ASSERTION"]) 39[/"d59f8c0f<br/>verifiedBy"/] 40["e25fb646<br/>Signature"] 1 -->|subj| 2 2 -->|subj| 3 3 -->|subj| 4 3 --> 5 5 -->|pred| 6 5 -->|obj| 7 7 -->|subj| 8 7 --> 9 9 -->|pred| 10 9 -->|obj| 11 3 --> 12 12 -->|pred| 13 12 -->|obj| 14 3 --> 15 15 -->|pred| 16 15 -->|obj| 17 17 -->|subj| 18 17 --> 19 19 -->|pred| 20 19 -->|obj| 21 3 --> 22 22 -->|pred| 23 22 -->|obj| 24 3 --> 25 25 -->|pred| 26 25 -->|obj| 27 27 -->|subj| 28 27 --> 29 29 -->|pred| 30 29 -->|obj| 31 27 --> 32 32 -->|pred| 33 32 -->|obj| 34 1 --> 35 35 -->|pred| 36 35 -->|obj| 37 1 --> 38 38 -->|pred| 39 38 -->|obj| 40 style 1 stroke:red,stroke-width:3.0px style 2 stroke:red,stroke-width:3.0px style 3 stroke:red,stroke-width:3.0px style 4 stroke:#55f,stroke-width:3.0px style 5 stroke:red,stroke-width:3.0px style 6 stroke:#55f,stroke-width:3.0px style 7 stroke:red,stroke-width:3.0px style 8 stroke:#55f,stroke-width:3.0px style 9 stroke:red,stroke-width:3.0px style 10 stroke:#55f,stroke-width:3.0px style 11 stroke:#55f,stroke-width:3.0px style 12 stroke:red,stroke-width:3.0px style 13 stroke:#55f,stroke-width:3.0px style 14 stroke:#55f,stroke-width:3.0px style 15 stroke:red,stroke-width:3.0px style 16 stroke:#55f,stroke-width:3.0px style 17 stroke:red,stroke-width:3.0px style 18 stroke:#55f,stroke-width:3.0px style 19 stroke:red,stroke-width:3.0px style 20 stroke:#55f,stroke-width:3.0px style 21 stroke:#55f,stroke-width:3.0px style 22 stroke:red,stroke-width:3.0px style 23 stroke:#55f,stroke-width:3.0px style 24 stroke:#55f,stroke-width:3.0px style 25 stroke:red,stroke-width:3.0px style 26 stroke:#55f,stroke-width:3.0px style 27 stroke:red,stroke-width:3.0px style 28 stroke:#55f,stroke-width:3.0px style 29 stroke:red,stroke-width:3.0px style 30 stroke:#55f,stroke-width:3.0px style 31 stroke:#55f,stroke-width:3.0px style 32 stroke:red,stroke-width:3.0px style 33 stroke:#55f,stroke-width:3.0px style 34 stroke:#55f,stroke-width:3.0px style 35 stroke:red,stroke-width:3.0px style 36 stroke:#55f,stroke-width:3.0px style 37 stroke:#55f,stroke-width:3.0px style 38 stroke:red,stroke-width:3.0px style 39 stroke:#55f,stroke-width:3.0px style 40 stroke:#55f,stroke-width:3.0px linkStyle 0 stroke:red,stroke-width:2.0px linkStyle 1 stroke:red,stroke-width:2.0px linkStyle 2 stroke:red,stroke-width:2.0px linkStyle 3 stroke-width:2.0px linkStyle 4 stroke:green,stroke-width:2.0px linkStyle 5 stroke:#55f,stroke-width:2.0px linkStyle 6 stroke:red,stroke-width:2.0px linkStyle 7 stroke-width:2.0px linkStyle 8 stroke:green,stroke-width:2.0px linkStyle 9 stroke:#55f,stroke-width:2.0px linkStyle 10 stroke-width:2.0px linkStyle 11 stroke:green,stroke-width:2.0px linkStyle 12 stroke:#55f,stroke-width:2.0px linkStyle 13 stroke-width:2.0px linkStyle 14 stroke:green,stroke-width:2.0px linkStyle 15 stroke:#55f,stroke-width:2.0px linkStyle 16 stroke:red,stroke-width:2.0px linkStyle 17 stroke-width:2.0px linkStyle 18 stroke:green,stroke-width:2.0px linkStyle 19 stroke:#55f,stroke-width:2.0px linkStyle 20 stroke-width:2.0px linkStyle 21 stroke:green,stroke-width:2.0px linkStyle 22 stroke:#55f,stroke-width:2.0px linkStyle 23 stroke-width:2.0px linkStyle 24 stroke:green,stroke-width:2.0px linkStyle 25 stroke:#55f,stroke-width:2.0px linkStyle 26 stroke:red,stroke-width:2.0px linkStyle 27 stroke-width:2.0px linkStyle 28 stroke:green,stroke-width:2.0px linkStyle 29 stroke:#55f,stroke-width:2.0px linkStyle 30 stroke-width:2.0px linkStyle 31 stroke:green,stroke-width:2.0px linkStyle 32 stroke:#55f,stroke-width:2.0px linkStyle 33 stroke-width:2.0px linkStyle 34 stroke:green,stroke-width:2.0px linkStyle 35 stroke:#55f,stroke-width:2.0px linkStyle 36 stroke-width:2.0px linkStyle 37 stroke:green,stroke-width:2.0px linkStyle 38 stroke:#55f,stroke-width:2.0px ``` If the validator kept the envelope that he previously validated, now all that he has to do is see that the users and public keys in this new envelope match the old one, and then validate the signature. It should be entirely automatable. More complexity is required only if the previous envelope were not kept. In this case, the validator uses the `previousRelease` metadata to backtrack until he finds the foundational `signerInfo`, which he can validate with more effort (as he did originally). ### 3. Casey Changes Up His Software Releases [Chained Changes] > _Problem Solved:_ Casey wants to change up signers over time in a way that's organic and continue to allow for simple validation. A few years on, Bill leaves software programming for a lucrative career in television and lectures. Though Omar is maintaining the software on his own at this point, Casey wants to ensure that the software still is signed by multiple parties to allow for more robust validation. So he takes over as release manager, checking the software prior to release and adding his own signature. ``` { "Gordian Envelope 1.7.3" [ "fileInfo": "gordian-envelope-1.7.3.dm" [ "sha256": "c2121d1c7b82607fb289282020c6c7f73cb0aaa8e02e5f0529165a4c46591413" "timestamp": "1668026209" ] "fileInfo": "gordian-ttools-1.7.3.dm" [ "sha256": "7e6865b88d62b1d2bb7864fc7eb73fe74c99a773d2d224adebdd18d679c023f2" "timestamp": "1668032076" ] "isSigner": "casey-the-boss" [ "pubkey": "ur:crypto-pubkeys/lftaaosehdcxwehehymwkbiolglpnbeevtvttlaafgpdspntrpserplblbgrstwmswjpkkmwdwbatpvahd…" ] "isSigner": "omarc-bc-guy" [ "pubkey": "ur:crypto-pubkeys/lftaaosehdcxzojlrltejneykkzcfdaowkcwlbguvtmhsegdwpttwdadrnjtpmchlbrswkbwkivwtpvahd…" ] "previousRelease": "https://github.com/BlockchainCommons/GordianEnvelope-Experiment/releases/download/v1.7.2/gordian-env…" "signerInfo": "casey-the-boss" [ "pubkeyURL": "https://pki.blockchaincommons.com/casey-the-boss" ] note: "the latest glorious revision" ] } [ verifiedBy: Signature verifiedBy: Signature ] ``` ```mermaid graph LR 1(("8442ccb3<br/>NODE")) 2[/"660c90b7<br/>WRAPPED"\] 3(("8cdff684<br/>NODE")) 4["af3c537d<br/>#quot;Gordian Envelope 1.7.3#quot;"] 5(["4c86919f<br/>ASSERTION"]) 6["10d67046<br/>#quot;previousRelease#quot;"] 7["a4a99c3c<br/>#quot;https://github.com/BlockchainCommons/GordianEnvelope-Experiment/releases/download/v1.7.2/gordian-env…#quot;"] 8(["6e7fcb1c<br/>ASSERTION"]) 9["67d69bd7<br/>#quot;isSigner#quot;"] 10(("34f411d0<br/>NODE")) 11["c7e775ab<br/>#quot;casey-the-boss#quot;"] 12(["b2d580a4<br/>ASSERTION"]) 13["d52596f8<br/>#quot;pubkey#quot;"] 14["769da384<br/>#quot;ur:crypto-pubkeys/lftaaosehdcxwehehymwkbiolglpnbeevtvttlaafgpdspntrpserplblbgrstwmswjpkkmwdwbatpvahd…#quot;"] 15(["71bbe4c2<br/>ASSERTION"]) 16["dbc1553d<br/>#quot;signerInfo#quot;"] 17(("b28b7b74<br/>NODE")) 18["c7e775ab<br/>#quot;casey-the-boss#quot;"] 19(["a31bfd80<br/>ASSERTION"]) 20["29c0cd61<br/>#quot;pubkeyURL#quot;"] 21["361430aa<br/>#quot;https://pki.blockchaincommons.com/casey-the-boss#quot;"] 22(["90e799be<br/>ASSERTION"]) 23["67d69bd7<br/>#quot;isSigner#quot;"] 24(("c833b577<br/>NODE")) 25["34e0c09c<br/>#quot;omarc-bc-guy#quot;"] 26(["0b8d474f<br/>ASSERTION"]) 27["d52596f8<br/>#quot;pubkey#quot;"] 28["929e99e7<br/>#quot;ur:crypto-pubkeys/lftaaosehdcxzojlrltejneykkzcfdaowkcwlbguvtmhsegdwpttwdadrnjtpmchlbrswkbwkivwtpvahd…#quot;"] 29(["922bf933<br/>ASSERTION"]) 30[/"61fb6a6b<br/>note"/] 31["540dd49b<br/>#quot;the latest glorious revision#quot;"] 32(["adc524d7<br/>ASSERTION"]) 33["628ac8d9<br/>#quot;fileInfo#quot;"] 34(("daa0cdad<br/>NODE")) 35["f0cece42<br/>#quot;gordian-ttools-1.7.3.dm#quot;"] 36(["53087955<br/>ASSERTION"]) 37["fd9d5aed<br/>#quot;timestamp#quot;"] 38["abd7ee4e<br/>#quot;1668032076#quot;"] 39(["be287f81<br/>ASSERTION"]) 40["108dbfb1<br/>#quot;sha256#quot;"] 41["39f15278<br/>#quot;7e6865b88d62b1d2bb7864fc7eb73fe74c99a773d2d224adebdd18d679c023f2#quot;"] 42(["f6b0290b<br/>ASSERTION"]) 43["628ac8d9<br/>#quot;fileInfo#quot;"] 44(("2dff440a<br/>NODE")) 45["2d7eea6f<br/>#quot;gordian-envelope-1.7.3.dm#quot;"] 46(["71094acb<br/>ASSERTION"]) 47["108dbfb1<br/>#quot;sha256#quot;"] 48["12c5f463<br/>#quot;c2121d1c7b82607fb289282020c6c7f73cb0aaa8e02e5f0529165a4c46591413#quot;"] 49(["f3a0597e<br/>ASSERTION"]) 50["fd9d5aed<br/>#quot;timestamp#quot;"] 51["61b2ca73<br/>#quot;1668026209#quot;"] 52(["55ba3222<br/>ASSERTION"]) 53[/"d59f8c0f<br/>verifiedBy"/] 54["9fd67dec<br/>Signature"] 55(["ac321ebe<br/>ASSERTION"]) 56[/"d59f8c0f<br/>verifiedBy"/] 57["ce294f99<br/>Signature"] 1 -->|subj| 2 2 -->|subj| 3 3 -->|subj| 4 3 --> 5 5 -->|pred| 6 5 -->|obj| 7 3 --> 8 8 -->|pred| 9 8 -->|obj| 10 10 -->|subj| 11 10 --> 12 12 -->|pred| 13 12 -->|obj| 14 3 --> 15 15 -->|pred| 16 15 -->|obj| 17 17 -->|subj| 18 17 --> 19 19 -->|pred| 20 19 -->|obj| 21 3 --> 22 22 -->|pred| 23 22 -->|obj| 24 24 -->|subj| 25 24 --> 26 26 -->|pred| 27 26 -->|obj| 28 3 --> 29 29 -->|pred| 30 29 -->|obj| 31 3 --> 32 32 -->|pred| 33 32 -->|obj| 34 34 -->|subj| 35 34 --> 36 36 -->|pred| 37 36 -->|obj| 38 34 --> 39 39 -->|pred| 40 39 -->|obj| 41 3 --> 42 42 -->|pred| 43 42 -->|obj| 44 44 -->|subj| 45 44 --> 46 46 -->|pred| 47 46 -->|obj| 48 44 --> 49 49 -->|pred| 50 49 -->|obj| 51 1 --> 52 52 -->|pred| 53 52 -->|obj| 54 1 --> 55 55 -->|pred| 56 55 -->|obj| 57 style 1 stroke:red,stroke-width:3.0px style 2 stroke:red,stroke-width:3.0px style 3 stroke:red,stroke-width:3.0px style 4 stroke:#55f,stroke-width:3.0px style 5 stroke:red,stroke-width:3.0px style 6 stroke:#55f,stroke-width:3.0px style 7 stroke:#55f,stroke-width:3.0px style 8 stroke:red,stroke-width:3.0px style 9 stroke:#55f,stroke-width:3.0px style 10 stroke:red,stroke-width:3.0px style 11 stroke:#55f,stroke-width:3.0px style 12 stroke:red,stroke-width:3.0px style 13 stroke:#55f,stroke-width:3.0px style 14 stroke:#55f,stroke-width:3.0px style 15 stroke:red,stroke-width:3.0px style 16 stroke:#55f,stroke-width:3.0px style 17 stroke:red,stroke-width:3.0px style 18 stroke:#55f,stroke-width:3.0px style 19 stroke:red,stroke-width:3.0px style 20 stroke:#55f,stroke-width:3.0px style 21 stroke:#55f,stroke-width:3.0px style 22 stroke:red,stroke-width:3.0px style 23 stroke:#55f,stroke-width:3.0px style 24 stroke:red,stroke-width:3.0px style 25 stroke:#55f,stroke-width:3.0px style 26 stroke:red,stroke-width:3.0px style 27 stroke:#55f,stroke-width:3.0px style 28 stroke:#55f,stroke-width:3.0px style 29 stroke:red,stroke-width:3.0px style 30 stroke:#55f,stroke-width:3.0px style 31 stroke:#55f,stroke-width:3.0px style 32 stroke:red,stroke-width:3.0px style 33 stroke:#55f,stroke-width:3.0px style 34 stroke:red,stroke-width:3.0px style 35 stroke:#55f,stroke-width:3.0px style 36 stroke:red,stroke-width:3.0px style 37 stroke:#55f,stroke-width:3.0px style 38 stroke:#55f,stroke-width:3.0px style 39 stroke:red,stroke-width:3.0px style 40 stroke:#55f,stroke-width:3.0px style 41 stroke:#55f,stroke-width:3.0px style 42 stroke:red,stroke-width:3.0px style 43 stroke:#55f,stroke-width:3.0px style 44 stroke:red,stroke-width:3.0px style 45 stroke:#55f,stroke-width:3.0px style 46 stroke:red,stroke-width:3.0px style 47 stroke:#55f,stroke-width:3.0px style 48 stroke:#55f,stroke-width:3.0px style 49 stroke:red,stroke-width:3.0px style 50 stroke:#55f,stroke-width:3.0px style 51 stroke:#55f,stroke-width:3.0px style 52 stroke:red,stroke-width:3.0px style 53 stroke:#55f,stroke-width:3.0px style 54 stroke:#55f,stroke-width:3.0px style 55 stroke:red,stroke-width:3.0px style 56 stroke:#55f,stroke-width:3.0px style 57 stroke:#55f,stroke-width:3.0px linkStyle 0 stroke:red,stroke-width:2.0px linkStyle 1 stroke:red,stroke-width:2.0px linkStyle 2 stroke:red,stroke-width:2.0px linkStyle 3 stroke-width:2.0px linkStyle 4 stroke:green,stroke-width:2.0px linkStyle 5 stroke:#55f,stroke-width:2.0px linkStyle 6 stroke-width:2.0px linkStyle 7 stroke:green,stroke-width:2.0px linkStyle 8 stroke:#55f,stroke-width:2.0px linkStyle 9 stroke:red,stroke-width:2.0px linkStyle 10 stroke-width:2.0px linkStyle 11 stroke:green,stroke-width:2.0px linkStyle 12 stroke:#55f,stroke-width:2.0px linkStyle 13 stroke-width:2.0px linkStyle 14 stroke:green,stroke-width:2.0px linkStyle 15 stroke:#55f,stroke-width:2.0px linkStyle 16 stroke:red,stroke-width:2.0px linkStyle 17 stroke-width:2.0px linkStyle 18 stroke:green,stroke-width:2.0px linkStyle 19 stroke:#55f,stroke-width:2.0px linkStyle 20 stroke-width:2.0px linkStyle 21 stroke:green,stroke-width:2.0px linkStyle 22 stroke:#55f,stroke-width:2.0px linkStyle 23 stroke:red,stroke-width:2.0px linkStyle 24 stroke-width:2.0px linkStyle 25 stroke:green,stroke-width:2.0px linkStyle 26 stroke:#55f,stroke-width:2.0px linkStyle 27 stroke-width:2.0px linkStyle 28 stroke:green,stroke-width:2.0px linkStyle 29 stroke:#55f,stroke-width:2.0px linkStyle 30 stroke-width:2.0px linkStyle 31 stroke:green,stroke-width:2.0px linkStyle 32 stroke:#55f,stroke-width:2.0px linkStyle 33 stroke:red,stroke-width:2.0px linkStyle 34 stroke-width:2.0px linkStyle 35 stroke:green,stroke-width:2.0px linkStyle 36 stroke:#55f,stroke-width:2.0px linkStyle 37 stroke-width:2.0px linkStyle 38 stroke:green,stroke-width:2.0px linkStyle 39 stroke:#55f,stroke-width:2.0px linkStyle 40 stroke-width:2.0px linkStyle 41 stroke:green,stroke-width:2.0px linkStyle 42 stroke:#55f,stroke-width:2.0px linkStyle 43 stroke:red,stroke-width:2.0px linkStyle 44 stroke-width:2.0px linkStyle 45 stroke:green,stroke-width:2.0px linkStyle 46 stroke:#55f,stroke-width:2.0px linkStyle 47 stroke-width:2.0px linkStyle 48 stroke:green,stroke-width:2.0px linkStyle 49 stroke:#55f,stroke-width:2.0px linkStyle 50 stroke-width:2.0px linkStyle 51 stroke:green,stroke-width:2.0px linkStyle 52 stroke:#55f,stroke-width:2.0px linkStyle 53 stroke-width:2.0px linkStyle 54 stroke:green,stroke-width:2.0px linkStyle 55 stroke:#55f,stroke-width:2.0px ``` An ordinary validator can now verify that one of the signatures matches a public key he has in his saved Envelope from release 1.7.2. Automatic validation! This will then allow for a continued chain of validation going forward. If Casey produces 1.7.4 on his own, because Omar is out sick, validators can see that Casey's public key was in 1.7.3, signed by Omar, so they know the new release is safe. A more strict validator might instead validate the `signerInfo` for Casey themselves. Even if they miss 1.7.3, they'll be able to chain back from any later release until they find the initial one with the `signerInfo`. Casey is happy that he's achieved his goal: creating software releases that are easily validatable in automated ways, even as engineers change over time. ## Collaborative Credentials Designs One of the most powerful use cases for Gordian Envelopes centers on collaborative credentials, where a single credential is used by many different people. This allows for herd privacy, where those individual users maximize their anonymity while simultaneously taking advantage of the credentials. Two use cases follow. Though they are broadly the same in their usage, they demonstrate how the idea of herd privacy can be useful in multiple environments. ## 1. Paul Privately Proves Proficiency [Herd Privacy] > _Problem Solved:_ Paul wants a credential, but he doesn't trust the organization giving out the credentials with his personal information! Paul wants to get a credential showing proficiency in Gordian Envelope from Blockchain Commons, but he's a good Cypherpunk: he knows not to trust any organization. Fortunately, Blockchain Commons has privacy-protecting options. Paul can take an online test in either Basic form (automated Q&A with a time limit) or Advanced form (Q&A with a live proctor on Zoom). He chooses the former, again for privacy reasons. After he succeeds at the test (50 out of 50, of course!), he needs to get his credential. At this point, more credential issuers would require Paul to give up an email address and then mail the credential, but Blockchain Commons' privacy preserving methodology simply requires Paul to give them a DID (for which he presumably controls the private key). They'll then embed that in a very large Envelope with the credentials of everyone who succeeded at the test that month. Blockchain Commons tells Bob to return at the beginning of the next month to acquire of a proof of his certification. At the end of the month, Blockchain Commons creates a large Gordian Envelope that contains the DIDs of everyone who passed their test that month, with a statement as to whether each DID `isBasic` or `isAdvanced`. (An actual use case would likely have hundreds of entries to ensure herd privacy. The following examples notably reduce that for readability.) ``` "Blockchain Commons Certifactions #13" [ "certifiedBy": "Blockchain Commons" [ "pubkeyURL": "https://www.blockchaincommons.com/certification.keys" ] "date": "11-01-2022" "isAdvanced": "ur:crypto-cid/hdcxaepthffshppabkgydawmlftbpfrnaefzrdjehybwtskgmwveenwzntpyhdrpsfqzsgqdftnb" "isAdvanced": "ur:crypto-cid/hdcxbetimuglwppshfqdsahsktgmnelsjnbdcanspmnshkpecxcfztlkiohgenytntmkaxjngadt" "isAdvanced": "ur:crypto-cid/hdcxdkmhpfathyyltnnboypsemehkimudnkgeyosgolncfmdnboypsecpsghtefzetkndpeylrfz" "isAdvanced": "ur:crypto-cid/hdcxfnmdsrgdkbvekoecwevystbaztbwcshpqdbzkeatjlndlywepyctlkvwemhkiyhtenwnghda" "isAdvanced": "ur:crypto-cid/hdcxhnutcyktgtfxotvegrhllypakenlgoetmnnlimsktppkssloghpahsdeparktbkerebatyce" "isAdvanced": "ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts" "isAdvanced": "ur:crypto-cid/hdcxjsdwaegrpfwmbkehhscwmshpchlnhhayadadwszcghhtmnzcgomhutcmytldfwpadmdlcwfe" "isAdvanced": "ur:crypto-cid/hdcxmhtnnlcshsjzhywyhgttsrgulstdwdnezesekosndnfxswzezolrfdcwlulacxeopdkghnht" "isAdvanced": "ur:crypto-cid/hdcxmnktvdgeettlfmbklytaseayoeplwynbsawdurmuuelbbsfxbbaxkkpsemjovybzswqdssva" "isAdvanced": "ur:crypto-cid/hdcxuykblalfdalsvaplrfzsoxqdvdclstmdtssfdatkmecwnsbzmseohswldaytdmsfbwaxvewp" ] ``` ```mermaid graph LR 1(("7d06c46e<br/>NODE")) 2["7d0782b8<br/>#quot;Blockchain Commons Certifactions #13#quot;"] 3(["0e421d2e<br/>ASSERTION"]) 4["127a2386<br/>#quot;date#quot;"] 5["c666f06c<br/>#quot;11-01-2022#quot;"] 6(["2abe281c<br/>ASSERTION"]) 7["d68d0704<br/>#quot;isAdvanced#quot;"] 8["950f78c1<br/>#quot;ur:crypto-cid/hdcxuykblalfdalsvaplrfzsoxqdvdclstmdtssfdatkmecwnsbzmseohswldaytdmsfbwaxvewp#quot;"] 9(["2bb4affc<br/>ASSERTION"]) 10["d68d0704<br/>#quot;isAdvanced#quot;"] 11["37a1d85a<br/>#quot;ur:crypto-cid/hdcxfnmdsrgdkbvekoecwevystbaztbwcshpqdbzkeatjlndlywepyctlkvwemhkiyhtenwnghda#quot;"] 12(["30904ff5<br/>ASSERTION"]) 13["d68d0704<br/>#quot;isAdvanced#quot;"] 14["478112c2<br/>#quot;ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts#quot;"] 15(["336f50d3<br/>ASSERTION"]) 16["d68d0704<br/>#quot;isAdvanced#quot;"] 17["9fb97d91<br/>#quot;ur:crypto-cid/hdcxjsdwaegrpfwmbkehhscwmshpchlnhhayadadwszcghhtmnzcgomhutcmytldfwpadmdlcwfe#quot;"] 18(["64e8fe1e<br/>ASSERTION"]) 19["7eb11472<br/>#quot;certifiedBy#quot;"] 20(("55378d51<br/>NODE")) 21["8ae1d503<br/>#quot;Blockchain Commons#quot;"] 22(["b0a1cbca<br/>ASSERTION"]) 23["29c0cd61<br/>#quot;pubkeyURL#quot;"] 24["04d0d649<br/>#quot;https://www.blockchaincommons.com/certification.keys#quot;"] 25(["65269ea7<br/>ASSERTION"]) 26["d68d0704<br/>#quot;isAdvanced#quot;"] 27["a3c3105c<br/>#quot;ur:crypto-cid/hdcxmnktvdgeettlfmbklytaseayoeplwynbsawdurmuuelbbsfxbbaxkkpsemjovybzswqdssva#quot;"] 28(["b22278f9<br/>ASSERTION"]) 29["d68d0704<br/>#quot;isAdvanced#quot;"] 30["3410120d<br/>#quot;ur:crypto-cid/hdcxmhtnnlcshsjzhywyhgttsrgulstdwdnezesekosndnfxswzezolrfdcwlulacxeopdkghnht#quot;"] 31(["e1ea7196<br/>ASSERTION"]) 32["d68d0704<br/>#quot;isAdvanced#quot;"] 33["03e7479a<br/>#quot;ur:crypto-cid/hdcxdkmhpfathyyltnnboypsemehkimudnkgeyosgolncfmdnboypsecpsghtefzetkndpeylrfz#quot;"] 34(["e67d3bb2<br/>ASSERTION"]) 35["d68d0704<br/>#quot;isAdvanced#quot;"] 36["a285aabe<br/>#quot;ur:crypto-cid/hdcxbetimuglwppshfqdsahsktgmnelsjnbdcanspmnshkpecxcfztlkiohgenytntmkaxjngadt#quot;"] 37(["f4fc1ba5<br/>ASSERTION"]) 38["d68d0704<br/>#quot;isAdvanced#quot;"] 39["262db130<br/>#quot;ur:crypto-cid/hdcxhnutcyktgtfxotvegrhllypakenlgoetmnnlimsktppkssloghpahsdeparktbkerebatyce#quot;"] 40(["fae7a52c<br/>ASSERTION"]) 41["d68d0704<br/>#quot;isAdvanced#quot;"] 42["eb9d612b<br/>#quot;ur:crypto-cid/hdcxaepthffshppabkgydawmlftbpfrnaefzrdjehybwtskgmwveenwzntpyhdrpsfqzsgqdftnb#quot;"] 1 -->|subj| 2 1 --> 3 3 -->|pred| 4 3 -->|obj| 5 1 --> 6 6 -->|pred| 7 6 -->|obj| 8 1 --> 9 9 -->|pred| 10 9 -->|obj| 11 1 --> 12 12 -->|pred| 13 12 -->|obj| 14 1 --> 15 15 -->|pred| 16 15 -->|obj| 17 1 --> 18 18 -->|pred| 19 18 -->|obj| 20 20 -->|subj| 21 20 --> 22 22 -->|pred| 23 22 -->|obj| 24 1 --> 25 25 -->|pred| 26 25 -->|obj| 27 1 --> 28 28 -->|pred| 29 28 -->|obj| 30 1 --> 31 31 -->|pred| 32 31 -->|obj| 33 1 --> 34 34 -->|pred| 35 34 -->|obj| 36 1 --> 37 37 -->|pred| 38 37 -->|obj| 39 1 --> 40 40 -->|pred| 41 40 -->|obj| 42 style 1 stroke:red,stroke-width:3.0px style 2 stroke:#55f,stroke-width:3.0px style 3 stroke:red,stroke-width:3.0px style 4 stroke:#55f,stroke-width:3.0px style 5 stroke:#55f,stroke-width:3.0px style 6 stroke:red,stroke-width:3.0px style 7 stroke:#55f,stroke-width:3.0px style 8 stroke:#55f,stroke-width:3.0px style 9 stroke:red,stroke-width:3.0px style 10 stroke:#55f,stroke-width:3.0px style 11 stroke:#55f,stroke-width:3.0px style 12 stroke:red,stroke-width:3.0px style 13 stroke:#55f,stroke-width:3.0px style 14 stroke:#55f,stroke-width:3.0px style 15 stroke:red,stroke-width:3.0px style 16 stroke:#55f,stroke-width:3.0px style 17 stroke:#55f,stroke-width:3.0px style 18 stroke:red,stroke-width:3.0px style 19 stroke:#55f,stroke-width:3.0px style 20 stroke:red,stroke-width:3.0px style 21 stroke:#55f,stroke-width:3.0px style 22 stroke:red,stroke-width:3.0px style 23 stroke:#55f,stroke-width:3.0px style 24 stroke:#55f,stroke-width:3.0px style 25 stroke:red,stroke-width:3.0px style 26 stroke:#55f,stroke-width:3.0px style 27 stroke:#55f,stroke-width:3.0px style 28 stroke:red,stroke-width:3.0px style 29 stroke:#55f,stroke-width:3.0px style 30 stroke:#55f,stroke-width:3.0px style 31 stroke:red,stroke-width:3.0px style 32 stroke:#55f,stroke-width:3.0px style 33 stroke:#55f,stroke-width:3.0px style 34 stroke:red,stroke-width:3.0px style 35 stroke:#55f,stroke-width:3.0px style 36 stroke:#55f,stroke-width:3.0px style 37 stroke:red,stroke-width:3.0px style 38 stroke:#55f,stroke-width:3.0px style 39 stroke:#55f,stroke-width:3.0px style 40 stroke:red,stroke-width:3.0px style 41 stroke:#55f,stroke-width:3.0px style 42 stroke:#55f,stroke-width:3.0px linkStyle 0 stroke:red,stroke-width:2.0px linkStyle 1 stroke-width:2.0px linkStyle 2 stroke:green,stroke-width:2.0px linkStyle 3 stroke:#55f,stroke-width:2.0px linkStyle 4 stroke-width:2.0px linkStyle 5 stroke:green,stroke-width:2.0px linkStyle 6 stroke:#55f,stroke-width:2.0px linkStyle 7 stroke-width:2.0px linkStyle 8 stroke:green,stroke-width:2.0px linkStyle 9 stroke:#55f,stroke-width:2.0px linkStyle 10 stroke-width:2.0px linkStyle 11 stroke:green,stroke-width:2.0px linkStyle 12 stroke:#55f,stroke-width:2.0px linkStyle 13 stroke-width:2.0px linkStyle 14 stroke:green,stroke-width:2.0px linkStyle 15 stroke:#55f,stroke-width:2.0px linkStyle 16 stroke-width:2.0px linkStyle 17 stroke:green,stroke-width:2.0px linkStyle 18 stroke:#55f,stroke-width:2.0px linkStyle 19 stroke:red,stroke-width:2.0px linkStyle 20 stroke-width:2.0px linkStyle 21 stroke:green,stroke-width:2.0px linkStyle 22 stroke:#55f,stroke-width:2.0px linkStyle 23 stroke-width:2.0px linkStyle 24 stroke:green,stroke-width:2.0px linkStyle 25 stroke:#55f,stroke-width:2.0px linkStyle 26 stroke-width:2.0px linkStyle 27 stroke:green,stroke-width:2.0px linkStyle 28 stroke:#55f,stroke-width:2.0px linkStyle 29 stroke-width:2.0px linkStyle 30 stroke:green,stroke-width:2.0px linkStyle 31 stroke:#55f,stroke-width:2.0px linkStyle 32 stroke-width:2.0px linkStyle 33 stroke:green,stroke-width:2.0px linkStyle 34 stroke:#55f,stroke-width:2.0px linkStyle 35 stroke-width:2.0px linkStyle 36 stroke:green,stroke-width:2.0px linkStyle 37 stroke:#55f,stroke-width:2.0px linkStyle 38 stroke-width:2.0px linkStyle 39 stroke:green,stroke-width:2.0px linkStyle 40 stroke:#55f,stroke-width:2.0px ``` However, to create herd privacy, Blockchain Commons doesn't release that Envelope. Instead, they just release an elided version that only shows the root hash! ``` 7d06c46e ELIDED ``` ```mermaid graph LR 1{{"7d06c46e<br/>ELIDED"}} style 1 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0 ``` ` To prove that he is part of this group, Paul must now reach out to Blockchain Commons and create his own proof and digest. He does so by providing his DID and the fact that he took the Basic test. Blockchain Commons uses that to create an envelope of just the assertion: ``` "isBasic": "ur:crypto-cid/hdcxpfaemsdtlostptcewyvtdstageissewkiobwfrgehnfmdnbzzczciyjohyrlmnfzjsgtlfzo" ``` ```mermaid graph LR 1(["d55dc12b<br/>ASSERTION"]) 2["2100a83d<br/>#quot;isBasic#quot;"] 3["f520d04d<br/>#quot;ur:crypto-cid/hdcxpfaemsdtlostptcewyvtdstageissewkiobwfrgehnfmdnbzzczciyjohyrlmnfzjsgtlfzo#quot;"] 1 -->|pred| 2 1 -->|obj| 3 style 1 stroke:red,stroke-width:3.0px style 2 stroke:#55f,stroke-width:3.0px style 3 stroke:#55f,stroke-width:3.0px linkStyle 0 stroke:green,stroke-width:2.0px linkStyle 1 stroke:#55f,stroke-width:2.0px ``` They then give Paul the digest of that assertion: ``` ur:crypto-digest/hdcxtlhlsednfmcpiyiortmugwdsgymkbkprgyssdttideolgacmytahdyrsmytpaawzttgtoebk ``` Or: ``` d55dc12b3e226667c0934f2651980ab251c429d028a64916f90530bf8fd804f2 ``` (Which is the top-level digest for Paul's proof, as shown above.) Finally, Blockchain Commons creates a "Proof", which is essentially the path needed to get to Paul's digest: ``` ELIDED [ ELIDED (9) ] ``` ```mermaid graph LR 1(("5d6b3048<br/>NODE")) 2{{"cfe8bbd8<br/>ELIDED"}} 3{{"0724420b<br/>ELIDED"}} 4{{"0e200129<br/>ELIDED"}} 5{{"30e2105b<br/>ELIDED"}} 6{{"56e92bde<br/>ELIDED"}} 7{{"af0d6ab3<br/>ELIDED"}} 8{{"cce0aec5<br/>ELIDED"}} 9{{"cf9dc9e2<br/>ELIDED"}} 10{{"d55dc12b<br/>ELIDED"}} 11{{"eddcb6f8<br/>ELIDED"}} 1 -->|subj| 2 1 --> 3 1 --> 4 1 --> 5 1 --> 6 1 --> 7 1 --> 8 1 --> 9 1 --> 10 1 --> 11 style 1 stroke:red,stroke-width:3.0px style 2 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0 style 3 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0 style 4 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0 style 5 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0 style 6 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0 style 7 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0 style 8 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0 style 9 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0 style 10 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0 style 11 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0 linkStyle 0 stroke:red,stroke-width:2.0px linkStyle 1 stroke-width:2.0px linkStyle 2 stroke-width:2.0px linkStyle 3 stroke-width:2.0px linkStyle 4 stroke-width:2.0px linkStyle 5 stroke-width:2.0px linkStyle 6 stroke-width:2.0px linkStyle 7 stroke-width:2.0px linkStyle 8 stroke-width:2.0px linkStyle 9 stroke-width:2.0px ``` Now, Paul can point to Blockchain Common's hash of November 2022 certifications and show his digest and proof (path), which together demonstrate that he is a member of that group. Or, he could choose never to do so, and no one else would know! (A more robust example would salt the "isBasic" and "isAdvanced" predicates as well as the DIDs. Otherwise a random observer could create their own proofs to determine who was in the class, if they were able to suss out the structure of the Envelope.) -- Starter WebFinger Use Case So let's imagine a scenario where a number of facts are compiled about a resource and then signed by an authority... That entire document is then placed in a finger-like envelope server. Except our server doesn't need to purvey the *whole* document, depending on what is requested or who does the requesting. It can also purvey an *elided* form of the document that still has a valid signature. In the WebFinger spec, the "rel" attribute is used to ask for only requested attributes (basically assertions) to be returned. Our request can do similar, and the server can elide everything but that, and other "public" (never to be elided) information. Some attributes might require additional authentication/authorization to be sent unelided. But in all of these situations, the signature remains verifiable. The server itself does not have to have any signing authority, of course, because it's just the *holder* of the unelided document, and as such, it can decide what to elide before sending it to a requester. I think one fairly obvious authentication difference would be people outside an organization vs inside it. (Public vs. employes.) This could be determined based on requesting IP address or other authentication method. ## 2. WebFinger, the Man with the Envelope Touch [Automated Herd Privacy] Some notes on things we want to do: - An existence proof "only a triple, signed and counter-signed" will be essential and very common pattern. - It could be it has to be 3 existence proofs, and are merged somehow, but it will be very common. - To a certain extent CAs have it, but they don't sign the innermost triple, they only sign the middle signature. - Ok, I'll work with shannon on it. I think there are 3, the first being the nested set, the 2nd being the outermost only asserting the middle signature, but not that what is signed by the middle signature. > _Problem [full tree] ``` "www.test.com" [ "isActive": "carol@example.com" "isActive": "steve@example.com" [ "alias": "cap@example.com" "alias": "rogers@example.com" "link": "author" [ "href": "http://blog.example.com/author/steve" "titles": "0-3987-1069-4" [ "en-us": "The Magical World of Steve" "fr": "Le Monde Magique de Steve" ] ] "link": "copyright" [ "href": "http://www.example.com/copyright" ] ] "isExpired": "peggy@example.com" ] ``` ``` 977bc0ce NODE 1fcf1a33 subj "www.test.com" 3ce13afd ASSERTION 55bc1621 pred "isActive" b1a26c77 obj NODE 7dc37157 subj "steve@example.com" 13531a25 ASSERTION 63a81883 pred "link" b6abfa45 obj NODE d8c1566f subj "author" 02598b94 ASSERTION 97a8b0a6 pred "titles" 2be29088 obj NODE e28a0a72 subj "0-3987-1069-4" 893b4569 ASSERTION 9d031404 pred "en-us" 6a687715 obj "The Magical World of Steve" 994bd039 ASSERTION 036813e9 pred "fr" c005f51f obj "Le Monde Magique de Steve" 6fb875ba ASSERTION 3ae237d8 pred "href" b9cafd7f obj "http://blog.example.com/author/steve" 7e1f0ffb ASSERTION 63a81883 pred "link" 18587d08 obj NODE bd1d044a subj "copyright" 89c04281 ASSERTION 3ae237d8 pred "href" 492b6c49 obj "http://www.example.com/copyright" a380ec2f ASSERTION 4e7cdd69 pred "alias" fe14cded obj "cap@example.com" ed1a79ad ASSERTION 4e7cdd69 pred "alias" 9e28d658 obj "rogers@example.com" 464d1c61 ASSERTION 55bc1621 pred "isActive" a3bf572c obj "carol@example.com" e36615e1 ASSERTION 842ab78a pred "isExpired" dddea11f obj "peggy@example.com" ``` ```mermaid graph LR 1(("977bc0ce<br/>NODE")) 2["1fcf1a33<br/>#quot;www.test.com#quot;"] 3(["3ce13afd<br/>ASSERTION"]) 4["55bc1621<br/>#quot;isActive#quot;"] 5(("b1a26c77<br/>NODE")) 6["7dc37157<br/>#quot;steve@example.com#quot;"] 7(["13531a25<br/>ASSERTION"]) 8["63a81883<br/>#quot;link#quot;"] 9(("b6abfa45<br/>NODE")) 10["d8c1566f<br/>#quot;author#quot;"] 11(["02598b94<br/>ASSERTION"]) 12["97a8b0a6<br/>#quot;titles#quot;"] 13(("2be29088<br/>NODE")) 14["e28a0a72<br/>#quot;0-3987-1069-4#quot;"] 15(["893b4569<br/>ASSERTION"]) 16["9d031404<br/>#quot;en-us#quot;"] 17["6a687715<br/>#quot;The Magical World of Steve#quot;"] 18(["994bd039<br/>ASSERTION"]) 19["036813e9<br/>#quot;fr#quot;"] 20["c005f51f<br/>#quot;Le Monde Magique de Steve#quot;"] 21(["6fb875ba<br/>ASSERTION"]) 22["3ae237d8<br/>#quot;href#quot;"] 23["b9cafd7f<br/>#quot;http://blog.example.com/author/steve#quot;"] 24(["7e1f0ffb<br/>ASSERTION"]) 25["63a81883<br/>#quot;link#quot;"] 26(("18587d08<br/>NODE")) 27["bd1d044a<br/>#quot;copyright#quot;"] 28(["89c04281<br/>ASSERTION"]) 29["3ae237d8<br/>#quot;href#quot;"] 30["492b6c49<br/>#quot;http://www.example.com/copyright#quot;"] 31(["a380ec2f<br/>ASSERTION"]) 32["4e7cdd69<br/>#quot;alias#quot;"] 33["fe14cded<br/>#quot;cap@example.com#quot;"] 34(["ed1a79ad<br/>ASSERTION"]) 35["4e7cdd69<br/>#quot;alias#quot;"] 36["9e28d658<br/>#quot;rogers@example.com#quot;"] 37(["464d1c61<br/>ASSERTION"]) 38["55bc1621<br/>#quot;isActive#quot;"] 39["a3bf572c<br/>#quot;carol@example.com#quot;"] 40(["e36615e1<br/>ASSERTION"]) 41["842ab78a<br/>#quot;isExpired#quot;"] 42["dddea11f<br/>#quot;peggy@example.com#quot;"] 1 -->|subj| 2 1 --> 3 3 -->|pred| 4 3 -->|obj| 5 5 -->|subj| 6 5 --> 7 7 -->|pred| 8 7 -->|obj| 9 9 -->|subj| 10 9 --> 11 11 -->|pred| 12 11 -->|obj| 13 13 -->|subj| 14 13 --> 15 15 -->|pred| 16 15 -->|obj| 17 13 --> 18 18 -->|pred| 19 18 -->|obj| 20 9 --> 21 21 -->|pred| 22 21 -->|obj| 23 5 --> 24 24 -->|pred| 25 24 -->|obj| 26 26 -->|subj| 27 26 --> 28 28 -->|pred| 29 28 -->|obj| 30 5 --> 31 31 -->|pred| 32 31 -->|obj| 33 5 --> 34 34 -->|pred| 35 34 -->|obj| 36 1 --> 37 37 -->|pred| 38 37 -->|obj| 39 1 --> 40 40 -->|pred| 41 40 -->|obj| 42 style 1 stroke:red,stroke-width:3.0px style 2 stroke:#55f,stroke-width:3.0px style 3 stroke:red,stroke-width:3.0px style 4 stroke:#55f,stroke-width:3.0px style 5 stroke:red,stroke-width:3.0px style 6 stroke:#55f,stroke-width:3.0px style 7 stroke:red,stroke-width:3.0px style 8 stroke:#55f,stroke-width:3.0px style 9 stroke:red,stroke-width:3.0px style 10 stroke:#55f,stroke-width:3.0px style 11 stroke:red,stroke-width:3.0px style 12 stroke:#55f,stroke-width:3.0px style 13 stroke:red,stroke-width:3.0px style 14 stroke:#55f,stroke-width:3.0px style 15 stroke:red,stroke-width:3.0px style 16 stroke:#55f,stroke-width:3.0px style 17 stroke:#55f,stroke-width:3.0px style 18 stroke:red,stroke-width:3.0px style 19 stroke:#55f,stroke-width:3.0px style 20 stroke:#55f,stroke-width:3.0px style 21 stroke:red,stroke-width:3.0px style 22 stroke:#55f,stroke-width:3.0px style 23 stroke:#55f,stroke-width:3.0px style 24 stroke:red,stroke-width:3.0px style 25 stroke:#55f,stroke-width:3.0px style 26 stroke:red,stroke-width:3.0px style 27 stroke:#55f,stroke-width:3.0px style 28 stroke:red,stroke-width:3.0px style 29 stroke:#55f,stroke-width:3.0px style 30 stroke:#55f,stroke-width:3.0px style 31 stroke:red,stroke-width:3.0px style 32 stroke:#55f,stroke-width:3.0px style 33 stroke:#55f,stroke-width:3.0px style 34 stroke:red,stroke-width:3.0px style 35 stroke:#55f,stroke-width:3.0px style 36 stroke:#55f,stroke-width:3.0px style 37 stroke:red,stroke-width:3.0px style 38 stroke:#55f,stroke-width:3.0px style 39 stroke:#55f,stroke-width:3.0px style 40 stroke:red,stroke-width:3.0px style 41 stroke:#55f,stroke-width:3.0px style 42 stroke:#55f,stroke-width:3.0px linkStyle 0 stroke:red,stroke-width:2.0px linkStyle 1 stroke-width:2.0px linkStyle 2 stroke:green,stroke-width:2.0px linkStyle 3 stroke:#55f,stroke-width:2.0px linkStyle 4 stroke:red,stroke-width:2.0px linkStyle 5 stroke-width:2.0px linkStyle 6 stroke:green,stroke-width:2.0px linkStyle 7 stroke:#55f,stroke-width:2.0px linkStyle 8 stroke:red,stroke-width:2.0px linkStyle 9 stroke-width:2.0px linkStyle 10 stroke:green,stroke-width:2.0px linkStyle 11 stroke:#55f,stroke-width:2.0px linkStyle 12 stroke:red,stroke-width:2.0px linkStyle 13 stroke-width:2.0px linkStyle 14 stroke:green,stroke-width:2.0px linkStyle 15 stroke:#55f,stroke-width:2.0px linkStyle 16 stroke-width:2.0px linkStyle 17 stroke:green,stroke-width:2.0px linkStyle 18 stroke:#55f,stroke-width:2.0px linkStyle 19 stroke-width:2.0px linkStyle 20 stroke:green,stroke-width:2.0px linkStyle 21 stroke:#55f,stroke-width:2.0px linkStyle 22 stroke-width:2.0px linkStyle 23 stroke:green,stroke-width:2.0px linkStyle 24 stroke:#55f,stroke-width:2.0px linkStyle 25 stroke:red,stroke-width:2.0px linkStyle 26 stroke-width:2.0px linkStyle 27 stroke:green,stroke-width:2.0px linkStyle 28 stroke:#55f,stroke-width:2.0px linkStyle 29 stroke-width:2.0px linkStyle 30 stroke:green,stroke-width:2.0px linkStyle 31 stroke:#55f,stroke-width:2.0px linkStyle 32 stroke-width:2.0px linkStyle 33 stroke:green,stroke-width:2.0px linkStyle 34 stroke:#55f,stroke-width:2.0px linkStyle 35 stroke-width:2.0px linkStyle 36 stroke:green,stroke-width:2.0px linkStyle 37 stroke:#55f,stroke-width:2.0px linkStyle 38 stroke-width:2.0px linkStyle 39 stroke:green,stroke-width:2.0px linkStyle 40 stroke:#55f,stroke-width:2.0px ``` [assertion] ``` "isActive": "steve@example.com" ``` ``` 15d5d4f9 ASSERTION 55bc1621 pred "isActive" 7dc37157 obj "steve@example.com" ``` ```mermaid graph LR 1(["15d5d4f9<br/>ASSERTION"]) 2["55bc1621<br/>#quot;isActive#quot;"] 3["7dc37157<br/>#quot;steve@example.com#quot;"] 1 -->|pred| 2 1 -->|obj| 3 style 1 stroke:red,stroke-width:3.0px style 2 stroke:#55f,stroke-width:3.0px style 3 stroke:#55f,stroke-width:3.0px linkStyle 0 stroke:green,stroke-width:2.0px linkStyle 1 stroke:#55f,stroke-width:2.0px ``` [digest in an envelope:] ``` ur:crypto-digest/hdcxbztltyytotahhtasjzcydrottybdiypyghjpvdrhynwdktbdbbhtlfrfrdecfsaodntllbts ``` [or] ``` 15d5d4f9a3055a096c1a2aa3d40b66ab5472e7b9f6ea770b145a82bcba353d02 ``` [others] ``` 464d1c61 ASSERTION 55bc1621 pred "isActive" a3bf572c obj "carol@example.com" ``` ``` d611db50 ASSERTION 55bc1621 pred "isActive" dddea11f obj "peggy@example.com" ``` [release] [root] ``` ELIDED ``` ``` 977bc0ce ELIDED ``` ```mermaid graph LR 1{{"977bc0ce<br/>ELIDED"}} style 1 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0 ``` ## 3. ## [Inclusion Proof] [open badge issued by Blockchain Commons that you a basic understanding of Gordian Envelope, signed by us] [machine asks 12 random questions (BAISC)] [ADVANCED (Proctor talks to you on Zoom)] [no educational authority, BC just publish our public key] [next step: privacy. People might want to use these credentials that are concerned about privacy. So, we have 350 of these (Taiwenese number) we issue a giant VC and we tell all 350 people how to present their piece of it.] [advantage over individual cert? All we do is publish a hash. RESOLVE Phone Home problem. SO WE DON'T ISSUE CERT TO THEM. We just publish it.] [That one feature demonstrates herd privacy.] -NEXT STEP- -PEOPLE CAN CHOSE TO PROVE OR NOT- -SEE DID: MERKLE- [Can you control this by being the only one to create inclusion proof?] -- Third Doc -- VII. Example: Data Storage SSKR Share Storage VIII. Example: VC IX. Example: Inclusion Proof (for Herd Privacy) [each one explains the use case and then provides Mermaids of how the Envelopes might look, possibly before and after Encryption] -- ## Source Code Attribution [e.g., standardization of commit, validity, comments] IN A RELEASE: - Public Keys of Contributors AND/OR LEADS [AND #] - Signed by Leads of previous release Who were the contributors? Who were the leads? Allows for various degrees of privacy. [just like detached signatures in GPG] Goal: 1. Proof I had key and how many commits 2. Without proving name *. SELECTIVE CORRELATION Design: what you want to be correlated & what you do not want to. __Need to see if there are any technical details to pull out._ Older Text: We have had many discussions in the W3C-CCG community, and in the VC & DID working groups, on the problem of how to selectively disclose data. Techniques have been proposed such as CL-Sigs & BBS+ signatures, such that only some of our data can be correlated. I am now seeking support and interest in a different architecture that avoids correlation through redaction in hash trees, that we call Gordian Envelope. This format would be an alternate to JWT and JSON-LD formats for VCs, VPs, and DIDs. I’m aware that there have been many work-years of effort put into JWT and JSON-LD and their implementation in VCs/VPs and DIDs, and that this creates the possibility of an XKCD 15th standard: https://xkcd.com/927/. However, as both a long-term member of this group and its former co-chair, I’d never been happy with the use of those encoding formats in our standards. Though I saw advantages in each, such as the fact that many of JWT’s early security issues were understood and thus more mature, and that JSON-LD was built on powerful semantic triples, but I hoped that better privacy-focused encoding architecture for encoding would emerge. There were strong reasons for my reluctance to support JWT/JSON-LD. Like many of my cryptographer colleagues, I could not fully back JWTs for security architecture reasons. Like many, I also could not fully back JSON-LD because of its requirements for fully described semantic contexts and their barrier of canonicalization complexity. (There still isn’t a reviewed C or C++ library after 5 years!) As I could not fully support either of these formats, but also did not have a good alternative to offer, I stayed on the sidelines in the debate as co-chair here and invited expert to the WGs. The VC and DID specs ultimately incorporated compromises between the two in their final versions, but years later they do not appear to yet satisfy many advocates from either group. For me, the biggest problem remains is a lack of support for redaction by any party, whether they be issuer, subject, or subject. More broadly, this is what I call elision, which is the removal of some content for a variety of reasons. Elision is a requirement for strong privacy, and it’s missing! Yes, there are proposals for cl-sigs and bbs+ signatures. Though powerful, they are also very constrained and cryptographically complex. The result is that all of today’s POCs and pilots are sharing far too much correlatable data. Since retiring as co-chair of this community group, I’ve been working with the community of wallet developers that support Blockchain Commons to puzzle out a better architecture to both overcome some of the problems of JWT and JSON-LD and most importantly to support elision. The solution that we’ve come up with is called Gordian Envelope. It’s already fully functional and can be demonstrated as an MVA (Minimum Viable Architecyure) via a CLI program <https://github.com/BlockchainCommons/envelope-cli-swift> that creates and updates Gordian Envelopes. Here are the fundamentals of how Envelopes work: - Each Envelope is a triple, with a subject, predicate, and a set of assertions. - Every subject, predicate, and assertion itself can be an Envelope. It’s Envelopes all the way down. - Every Envelope, subject, predicate & assertion has a hash associated with it, which is part of a larger hash tree. - Elsion is fundamentally supported: - All four parts of the Envelope can be elided: the Envelope as a whole, its subject, its predicate, and every assertion. - Elements can be elided for redaction (for example, for selective disclosure), for encryption, or for external reference (for example, with IPFS-style lookup). - Instead of presenting redactive structures, you can optionally offer proofs of inclusion in a top-level hash. - There are limits of non-correlation with an elided hash (even with salts) that require care, but it is fundamental and always available. - The Envelope format still allows for cl-sigs, bbs+, and other privacy-preserving techniques such as zk-proofs (I like integer bulletproofs), differential privacy, etc. - Even after elision, the original hashes can still be verified! Here are some more specifics: - Envelopes structure are expressed in a binary CBOR structure. - No text transcoding format is specified, you can use our QR-focused UR specs, base64, or even hex. - Canonicalization is achieved not by using a context or other semantic quad techniques, but instead by sorting the hash of the envelopes in CBOR. - If you need semantic context or quads, they can be added to subject, predicates or assertions, but they are optional. - The format is not locked into any single-proof technique. You could use COSE, multisig schnorr, 25519 or ristretto, BLS signatures, timestamps, etc. I believe this format offers a lot of advantages to our community, in particular because elision is included as a fundamental feature that allows both issuers & holders to choose what to elide. Ultimately, the Gordian Envelope offers an alternative to not just VCs, but also to VPs and DIDs, and additionally it expands upon their possibilities. For example, you could use a “proof of inclusion” construction where multiple parties can share a single DID or VC for “herd privacy”. Thus, all students who graduate could be in a single diploma VC, and instead of offering their own diploma, they prove they were part of the graduating class. Another example is that all people in a cohort could share a single DID, contributing to a single hash tree, and only revealing selective portions under their control. Given these advantages, I’m asking the community whether Gordian Envelopes are worth bringing forward into the W3C, either in the CCG or with the VC 2.0 working group. There are multiple privacy-focused blockchian companies that would be willing to join the W3C to do so, but they are reluctant unless there is interest here by the broader W3C community. So: should we do so, or would it be too much of a distraction to ongoing efforts to begin to also discuss Gordian Envelopes here? For now, we definitely plan to submit the underlying CBOR envelope triple structure to the IETF. But beyond that we’d love to work with the W3C communities if that’s desired, or wait until post-VC 2.0 and do so then, or alternatively to work with the JWT and JSON-LD Communities to revive redaction signature requirements from 2016 proposals … all depending on the interest and suggestions from those communities.