Demos:
- taco-chat
- todos
- XDev
A working implementation of the principles Martin presented
- Provides a principled way to manage team membership and roles without a central server
- All authority traced back to the group's founder
- Founder can be removed
- Mutual removals are resolved by seniority
The membership graph is built on CRDX, which is a build-your-own-CRDT library with built-in authentication and encryption. Each node in the graph is asymmetrically encrypted by the author and can be decrypted using the team's keys. The encrypted form of the graph is its canonical form, and when you decrypt it you're simultaneously verifying the authenticity of each node.
Loose implementation of Keybase's Seitan protocol
- Alice chooses or generates a secret invitation code (the "password" in pake)
- Alice derives a keypair from that code
- Alice records the public key on the team graph
- Alice sends the secret invitation code to Bob via a trusted side channel
- Bob also derives the same keypair from the code, and uses the private key to sign a document; this serves as proof of invitation
- Any member of the group can then validate this proof with the public key recorded on the graph
- Devices have keys; devices' private keys never leave the device
- Users can have multiple devices
- Users can belong to multiple roles; each role has its own keys
- The admin role is special; it provides access to all other role-level keys
- There are team-wide keys
Keys are recorded on the graph using lockboxes.
A lockbox is a set of keys that has been asymmetrically encrypted to be decrypted by another set of keys. For example, to get a user's keys to that user's devices, the user's keys are asymmetrically encrypted once for each device.
Keys and lockboxes form a graph: A device can use its keys to obtain the user's keys, and then use the user's keys to obtain keys for roles that the member belongs to, as well as the team keys.
