NLnet grant bootstraps OCapN protocol standardization effort!

[Christine Lemmer-Webber]

I'm glad we can finally talk about this. I've been holding onto my
tongue!

https://spritely.institute/news/nlnet-grant-bootstraps-ocapn-protocol-standardization-effort.html

OCapN is the name for the aspirationally "current generation" of CapTP
and friends. We had a few calls but things petered out because, well,
we (the Spritely Networked Communities Institute) were busy launching
our organization and bootstraping ourselves. But now it's time to start
bootstrapping the real collaboration effort on CapTP and friends.

That's a lot of work though, and it needs support. This is a
*pre-standards* grant, to fund Jessica Tallon (co-author of ActivityPub
and prolific Spritely developer, so a very good fit for this task) to
work on starting documentation for what we have and a test suite.
There's also lots of work to be done on organizing, etc.

So. Time to start those meetings up again, eh?

- Christine, on behalf of the Spritely Networked Communities Institute

[Mark S. Miller]

Yes!

We've been making a lot of progress as well. In the absence of recent coordination, I suspect both of us have drifted from the other. Time to, first, gather a list of all the differences (aside from surface syntax), and second, start renegotiating common ground. (On surface syntax, I expect that currently we have no common ground at all. But we can deal with that through adaptors until we can actually negotiate agreement.)

One huge step we have taken towards you since we last talked is our adoption of a "tagged" record --- a tag string and an arbitrary Passable payload --- as an escape hatch for extensibility by higher layers. There was a lot of subtlety in getting this layer separation right which we're eager to discuss. We have an amazing amount to say about ordering semantics at each level, which I did not expect when we last met. 

Looking forward to it!

--
You received this message because you are subscribed to the Google Groups "cap-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/87mt9riq3c.fsf%40dustycloud.org.

--

  Cheers,
  --MarkM

[Mark S. Miller]

Btw, what do y'all think about https://atproto.com/ , https://www.theblock.co/post/178158/decentralized-social-media-platform-bluesky-unveils-latest-protocol?utm_source=drip&utm_medium=email&utm_campaign=Peace%20and%20Harmony ?

Other than seeing the announcement, I have not yet taken a look myself.

--

  Cheers,
  --MarkM

[Ian Denhardt]

Also looking forward to it -- I've been waiting to hear about the Agoric
folks' ideas about data models for many months now.

-Ian

Quoting Mark S. Miller (2022-10-19 15:53:01)

> Yes!
> We've been making a lot of progress as well. In the absence of recent
> coordination, I suspect both of us have drifted from the other. Time
> to, first, gather a list of all the differences (aside from surface
> syntax), and second, start renegotiating common ground. (On surface
> syntax, I expect that currently we have no common ground at all. But we
> can deal with that through adaptors until we can actually negotiate
> agreement.)
> One huge step we have taken towards you since we last talked is our
> adoption of a "tagged" record --- a tag string and an arbitrary
> Passable payload --- as an escape hatch for extensibility by higher
> layers. There was a lot of subtlety in getting this layer separation
> right which we're eager to discuss. We have an� amazing amount to say
> about ordering semantics at each level, which I did not expect when we
> last met.�
> Looking forward to it!
>
> On Wed, Oct 19, 2022 at 12:13 PM Christine Lemmer-Webber
> <[1]cwe...@dustycloud.org> wrote:
>
> I'm glad we can finally talk about this.� I've been holding onto my
> tongue!

> �
> [2]https://spritely.institute/news/nlnet-grant-bootstraps-ocapn-prot
> ocol-standardization-effort.html

> OCapN is the name for the aspirationally "current generation" of
> CapTP
> and friends.� We had a few calls but things petered out because,
> well,
> we (the Spritely Networked Communities Institute) were busy
> launching
> our organization and bootstraping ourselves.� But now it's time to
> start
> bootstrapping the real collaboration effort on CapTP and friends.
> That's a lot of work though, and it needs support.� This is a
> *pre-standards* grant, to fund Jessica Tallon (co-author of
> ActivityPub
> and prolific Spritely developer, so a very good fit for this task)
> to
> work on starting documentation for what we have and a test suite.
> There's also lots of work to be done on organizing, etc.
> So.� Time to start those meetings up again, eh?
> � - Christine, on behalf of the Spritely Networked Communities
> Institute
> --
> You received this message because you are subscribed to the Google
> Groups "cap-talk" group.
> To unsubscribe from this group and stop receiving emails from it,

> send an email to [3]cap-talk+u...@googlegroups.com.

> To view this discussion on the web visit

> [4]https://groups.google.com/d/msgid/cap-talk/87mt9riq3c.fsf%40dusty
> cloud.org.
>
> --
>
> � Cheers,
> � --MarkM

>
> --
> You received this message because you are subscribed to the Google
> Groups "cap-talk" group.
> To unsubscribe from this group and stop receiving emails from it, send

> an email to [5]cap-talk+u...@googlegroups.com.

> To view this discussion on the web visit

> [6]https://groups.google.com/d/msgid/cap-talk/CAK5yZYiA4ywGXincqj5aF4D7
> e-QA0pRWw%2BUm5AW4F7oQXk27gw%40mail.gmail.com.
>
> Verweise
>
> 1. mailto:cwe...@dustycloud.org
> 2. https://spritely.institute/news/nlnet-grant-bootstraps-ocapn-protocol-standardization-effort.html
> 3. mailto:cap-talk%2Bunsu...@googlegroups.com
> 4. https://groups.google.com/d/msgid/cap-talk/87mt9riq3c.fsf%40dustycloud.org
> 5. mailto:cap-talk+u...@googlegroups.com
> 6. https://groups.google.com/d/msgid/cap-talk/CAK5yZYiA4ywGXincqj5aF4D7e-QA0pRWw%2BUm5AW4F7oQXk27gw%40mail.gmail.com?utm_medium=email&utm_source=footer

[Dan Connolly]

On Wed, Oct 19, 2022 at 5:11 PM Ian Denhardt <i...@zenhack.net> wrote:

Also looking forward to it -- I've been waiting to hear about the Agoric
folks' ideas about data models for many months now.

For a pretty succinct write-up, see:

https://github.com/endojs/endo/blob/master/packages/marshal/src/types.js aka

https://github.com/endojs/endo/blob/233dbe2e159e454fd3bcdd0e08b15c4439b56ba7/packages/marshal/src/types.js

MarkM did a presentation as part of a week of meetings earlier this year... here's hoping we find time to share the recording...

--

Dan Connolly

http://www.madmode.com/

[Ben Laurie]

I am not sure what "those meetings" are but I am quite interested in this...

 

 - Christine, on behalf of the Spritely Networked Communities Institute

--
You received this message because you are subscribed to the Google Groups "cap-talk" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/87mt9riq3c.fsf%40dustycloud.org.

[Christine Lemmer-Webber]

I'm *finally* responding to all these today. As you may also know,
we've been in the process of hiring our first
engineer-as-spritely-institute-employee who isn't me. So that's taken
up a lot of time.

So now I'm going to reply to all these replies!

"Mark S. Miller" <eri...@gmail.com> writes:

> Yes!

YAY! I'm so excited that you're excited.

> We've been making a lot of progress as well. In the absence of recent
> coordination, I suspect both of us have drifted from the other.

Yes I think that's true.

> Time to, first, gather a list of all the differences (aside from
> surface syntax), and second, start renegotiating common ground. (On
> surface syntax, I expect that currently we have no common ground at
> all. But we can deal with that through adaptors until we can actually
> negotiate agreement.)

Yes, I also agree with all this!

I am going to leave it to Jessica to follow up; she's the one who
received the grant and while it's a joint project in conjunction with
the Spritely Networked Communities Institute, Jessica is in charge of
the execution of this grant and is acting independently but
collaboratively... and the whole point of this grant is to grow greater
inter-organizational collaboration also.

I did have a call with Jessica this morning, we are still coordinating
some things until we are ready, but we were talking about maybe the
first meeting could be in December, and it would specifically be a
"catch up" meeting, a survey of what everyone has done since.

But December is a difficult time for many people, if we have to start in
January, that's okay. Regardless, OCapN 2023! So we should definitely
be having a meeting in January.

> One huge step we have taken towards you since we last talked is our
> adoption of a "tagged" record --- a tag string and an arbitrary

That's great! That should help a lot with interop.

> Passable payload --- as an escape hatch for extensibility by higher
> layers. There was a lot of subtlety in getting this layer separation
> right which we're eager to discuss. We have an amazing amount to say
> about ordering semantics at each level, which I did not expect when we
> last met.

I'm very very interested in understanding better about the ordering
semantics, etc stuff. It would be good for you to specifically take
time to catch us up on what has happened, what insights you have gained!

> Looking forward to it!

Yes!!!

- Christine

[Christine Lemmer-Webber]

Speaking as myself here, not as Spritely's CTO.

It's interesting, though a bit sparse on the details. In many ways it's
a very client-server oriented system, but with some advantage that
accounts and content can be moved. That latter part is really good of
course, servers going down is a big problem on the contemporary
federated social web.

However, there are a lot of things I am uncertain about:

- I'm still uncertain why if doing something that resembles ActivityPub
so strongly, they didn't just start with ActivityPub, or at least the
ActivityStreams vocabulary, and go from there. I did some demos that
showed off that portable encrypted storage (tahoe-style) could be
composable with ActivityPub:

https://gitlab.com/spritely/golem/blob/master/README.org

I'm not sure why they didn't start with that since they ended up with
something ActivityPub-like in many ways, even if they mutated beyond
spec compatibility... but oh well. Obviously I am hugely biased
here. I don't think ActivityPub is the end-all-be-all, but at least
it's a reasonably simple actor model system that did have a lot of
work put into, and starting with something that's fairly well
explored already and mutating from there, if you're going to build
something that resembles it closely anyway, feels like the right
thing to do, whereas there's a lot of independent invention here for
reasons that are unclear to me.

- Rather than taking an actor based directed messaging approach, it
appears to be roughly a REST'ish type system with a "heap of
messages". This is probably Scuttlebutt's influence, but even
actor-like abstractions can be introduced with certificate ocap
thinking, and I'm not sure I'm seeing anything like that here. At
the very least, this looks very "data oriented" rather than "behavior
oriented", which in many ways ActivityPub was too, but since
delivering a message to an inbox can be equivalent to invoking a
remote method on an actor, it could still be reasonably "alive".
I'm not sure I'm seeing that here. I wonder whether or not the
system will be built to support richer interactions.

- While DIDs are mentioned, effectively the system is quasi-TOFU: DNS +
TLS still takes a large amount of center stage. I'm uncertain about
this, it feels like it's good for bootstrapping but I am a bit
confused as to how it works, and as for why they invented a new DID
method. That doesn't mean there isn't a good reason, I'm just not
sure at this time.

- I believe I read somewhere on a post that private posts are not
supported currently, and this was due to currently optimizing towards
a Twitter-like primarily public system. I could be wrong, but this
is kind of strange... even ActivityPub supports private posts, and
with the above demo I linked (again, just a demo, not good enough for
production), it can even support encrypted ones. A substantial
amount of my Twitter usage *is* messaging people over direct messages
though so I think even the Twitter use case does require private
messages.

- The most alarming thing to me is the authorization + authentication
part. It's unspecified so far. ActivityPub *knowingly* "made this
mistake" because we had to since we were told that those areas had
not achieved enough consensus on the web to settle on something (kind
of grateful, I didn't know anything about ocaps at the time so we
would have ended up with ACLs, but anyway). In a sense, this might
not be a bad thing, but it looks like authentication and
authorization appear *conflated* as being mostly the same problem,
and I suspect an ACL type approach is the possible direction unless
direct correction is not taken early on. Given that not specifying
authentication and authorization in a clean way is my biggest regret
about ActivityPub, I'm surprised to see something new that's making
that same mistake and *doesn't* have a standards body telling them
they have to do it.

That said, they do have quite a few smart people on board. The spec is
in early stages, things could change dramatically. But... I feel like
for me personally, it wasn't a very exciting reveal in terms of the tech
delivered. I guess we'll see where it goes. It could be nice to
collaborate with them on several layers of abstraction anyway, and I'm
open to that still! I think Jay Graber is a wonderful and very smart
person and she's pulled in some smart people, so hopefully things could
improve. (I haven't shared this feedback with her, but maybe I should.)

- Christine

"Mark S. Miller" <eri...@gmail.com> writes:

[Mark S. Miller]

On Wed, Nov 2, 2022 at 9:22 AM Christine Lemmer-Webber <cwe...@dustycloud.org> wrote:

Speaking as myself here, not as Spritely's CTO.

It's interesting, though a bit sparse on the details.  In many ways it's
a very client-server oriented system, but with some advantage that
accounts and content can be moved.

I lost the thread here. What system are you referring to?

--

  Cheers,
  --MarkM

[Alan Karp]

I'd love to see this discussion at friam.  Is that possible?

--------------
Alan Karp

To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/87r0ylgxmv.fsf%40dustycloud.org.

[Jessica Tallon]

Christine Lemmer-Webber <cwe...@dustycloud.org> writes:
> I am going to leave it to Jessica to follow up; she's the one who
> received the grant and while it's a joint project in conjunction with
> the Spritely Networked Communities Institute, Jessica is in charge of
> the execution of this grant and is acting independently but
> collaboratively... and the whole point of this grant is to grow greater
> inter-organizational collaboration also.
>
> I did have a call with Jessica this morning, we are still coordinating
> some things until we are ready, but we were talking about maybe the
> first meeting could be in December, and it would specifically be a
> "catch up" meeting, a survey of what everyone has done since.

Hey!

I'm Jessica Tallon, I figured I'd introduce myself here. I've been
hacking on Spritely stuff for a year or so on NLnet grants. I'm excited
to be working on spec stuff and finding convergance for our
implementations.

I thought I’d mention that we’re thinking of having a meeting early
December kick off the group with introductions and talk about where
everyone’s at and then start in earnest with the meetings trying to
discuss the spec and work towards consensus at the beginning of next
year.

I’ll be setting up some communication mechanism (mailing list, etc.)
this month and putting up a poll to find out what dates and times work
best for everyone so stay tuned for that.

--
Thanks,
Jessica.

[Christine Lemmer-Webber]

Ah, this was in response to you asking about https://atproto.com/

Just some high level review.

[Mark S. Miller]

Just reread with this addition bit of orientation. Makes a lot more sense now!

--

  Cheers,
  --MarkM

[Jessica Tallon]

Jessica Tallon <tsye...@tsyesika.se> writes:
> I thought I’d mention that we’re thinking of having a meeting early
> December kick off the group with introductions and talk about where
> everyone’s at and then start in earnest with the meetings trying to
> discuss the spec and work towards consensus at the beginning of next
> year.
>
> I’ll be setting up some communication mechanism (mailing list, etc.)
> this month and putting up a poll to find out what dates and times work
> best for everyone so stay tuned for that.

I’ve made a doodle poll to find out when everyone’s available for the
first pre-standardization meeting, you can find the link to the doodle
poll on the Github issue:

https://github.com/ocapn/ocapn/issues/23

--
Thanks,
Jessica.

[Tony Arcieri]

On Wed, Nov 2, 2022 at 10:22 AM Christine Lemmer-Webber <cwe...@dustycloud.org> wrote:

The most alarming thing to me is the authorization + authentication 

part.  It's unspecified so far.

I thought Bluesky was one of the main drivers behind UCAN? (i.e. SPKI/SDSI/Macaroons-alike, but shoved into a JWT)

https://github.com/ucan-wg/spec/

 

--

Tony Arcieri

[Ian Denhardt]

Quoting Jessica Tallon (2022-11-14 09:14:49)

> I’ve made a doodle poll to find out when everyone’s available for the
> first pre-standardization meeting, you can find the link to the doodle
> poll on the Github issue:
>
> https://github.com/ocapn/ocapn/issues/23

Ug, I hate to be that guy, but: Doodle's attempts to defeat adblockers
or break the page trying have beaten me, and I can't get the page to
even load without using another browser with none of that set up, and
the ad is sufficiently distracting that I spent a couple minutes trying
to process the actual poll and found that I couldn't even focus on it
well enough to do so... Can we please use something other than Doodle?

One option, Framadate has worked well for me in the past:

https://apps.sandstorm.io/app/s244puc94dz2nph0n38qgkxkg3yrckxc93vxuz31grtey4rke3j0

I also am somewhat fond of when2meet, even though it doesn't run on
Sandstorm: https://www.when2meet.com/ :P

-Ian

[Jessica Tallon]

Hello,

No problem, I'll remember that for future about Doodle. I have created a
new poll on Framadate, for Alan Carp and Mike Stay, could you possibly
move your votes across.

The link to the poll is updated on the Github issue.

--
Thanks,
Jessica.

[Alan Karp]

Times in UTC are a foot gun for me.  It's OK this time, because I remember the times from Doodle.

--------------
Alan Karp

--
You received this message because you are subscribed to the Google Groups "cap-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/87r0y5fjo7.fsf%40tsyesika.se.

[Ian Denhardt]

Quoting Jessica Tallon (2022-11-14 13:55:50)

> No problem, I'll remember that for future about Doodle. I have created

> a new poll on Framadate [...]

Thanks!

[Jessica Tallon]

Hey,

I've set the date, you can find the time and agenda on the issue:

https://github.com/ocapn/ocapn/issues/23#issuecomment-1323780175

For people wanting to talk and summaries where their implementations are at,
can you mention it on the issue so we can divide the time needed between
everyone.

Thanks,
Jessica.

[Jessica Tallon]

Hey,

The poll is up for the January's pre-standardization meeting, if folks
want to attend please look at https://github.com/ocapn/ocapn/issues/28
for the link to the poll and other details.

Note: I've set a deadline for the 12th (Thursday) and will announce the
date for the meeting on Friday.

Thanks,
Jessica.

[Daira Hopwood]

I'd like to get involved with this effort.

For Jessica, some context on my background: I've been sold on capability security since the 90s, and used to be a frequent contributor on cap-talk, as well as contributing to open source crypto projects and standardisation, e.g. for TLS. I worked at Least Authority on Tahoe-LAFS and several auditing projects. Then I moved with Zooko to Electric Coin Company where I do protocol/cryptographic design and documentation for Zcash; I'm the lead author on the Zcash protocol specification. I also codesigned the SPHINCS post-quantum signature scheme, which became SPHINCS+ that is being standardised by NIST.

[Jessica Tallon]

Hey,

Sorry for the delayed reply, got a bit behind on my emails last week. It'd be
great to have you involved in this effort, the meeting was supposed to be
today, however due to low turnout we decided to postpone it, hope to see you
at the new one.

I'll get up a poll for it by tomorrow.

[Jessica Tallon]

Since we decided to reschedule the meeting, I've made another poll and
proposed also a change of agenda, please vote if interested in coming:

https://github.com/ocapn/ocapn/issues/28#issuecomment-1386145076

[Rob Meijer]

Wow , I didn't know about SPHINCS, looks really interesting. 

I'm working (really slowly, my private life is a bit of a mess right now, severely limiting my non-funds-producing computer time for private projects) on a project inspired by my fiction (that has lore that starts off with a quantum blockchain-heist), and the Sun Juchen / Steem incident.

My project is attempting to use an XMSS alike algorithm build on libsodium primitives, and using a WOTS setup that I as a mere engineer felt more comfortable with with respect to the potentially leaked possibility to sign different bits using an old signature.

(Using an 'up' and a 'down' WOTS chain). The goal is to create a collection of interoperable libraries for different programming languages, that basically tries to be for Web 3.0 chains what QRL is for coin chains. That is, chains that are often extensive key-reuse by design. 

It's a multi layer effort, later zero the hash based signatures, layer one the stacking of keys in levels to create a top level key with dynamically replaced lower level keys to create a key that can be used many millions of times, and a layer one and a half for subkey management and entropy as a resource management.

I can imagine that in a stateless algoritm the layer 0/1 part could turn out a lot simpler. I definitely need to read up on SPHINCS, and see if something like it (I want to keep using libsodium primitives) could be useful for my pet project.

Its really interesting that you worked both on post quantum signing and on ZEC, I guess ZEC doesn't rely on key reuse, so moving to hash based signatures there isn't at all in any way urgent, but in Web 3.0 chains, the key isn't just reused by design, the pubkey often even published publicly. I'm very interested in your insights on that.

I recently created a little tool for the HIVE chain, basically WOTS only,  to allow for some kind of disaster recovery preparation for such chains. I'dd be interested from your expertise if you think such a tool is indeed practical (there hasnt been much use by the community, but I'm not great at marketing at all).

https://peakd.com/hive-139531/@pibara/what-if-coinzdense-comes-too-late-part-2--a-working-tool-for-preparing-for-quantum-disaster-recovery

--

You received this message because you are subscribed to the Google Groups "cap-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CAPa%3DBYJ5oo1FoBOd573aMOx28yzeGAjn5A3fKb%3Dm%3D%3D_FK8ugtw%40mail.gmail.com.

[Jessica Tallon]

The meeting date has been set: https://github.com/ocapn/ocapn/issues/
28#issuecomment-1402019760

I suspect we'll need the full hour of the meeting, so if you're willing to
scribe can you let me know on the issue.

Thanks,
Jessica.