[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: clean up intro
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: clean up intro |
|
Date: |
Sun, 18 Jul 2021 09:21:12 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 1a15895 clean up intro
1a15895 is described below
commit 1a15895d1307896a71d2e3158baa3ba851315233
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Jul 18 09:21:10 2021 +0200
clean up intro
---
doc/anastasis.texi | 421 +++++++++++++++++++++++++-------------------
doc/sphinx/index.rst | 29 ++-
doc/sphinx/introduction.rst | 23 ++-
3 files changed, 278 insertions(+), 195 deletions(-)
diff --git a/doc/anastasis.texi b/doc/anastasis.texi
index 466adaf..d5de311 100644
--- a/doc/anastasis.texi
+++ b/doc/anastasis.texi
@@ -64,7 +64,33 @@ Copyright @copyright{} 2020-2021 Anastasis SARL (AGPLv3+ or
GFDL 1.3+)
@c
@c @author Christian Grothoff
-The system will be based on free software and open protocols.
+Anastasis is Free Software protocol and implementation that allows
+users to securely deposit @strong{core secrets} with an open set of escrow
+providers and to recover these secrets if their original copies are
+lost.
+
+Anastasis is intended for users that want to make backups of key
+material, such as OpenPGP encryption keys, hard disk encryption keys
+or master keys of electronic wallets. Anastasis is NOT intended to
+store large amounts of secret data, it is only designed to safeguard
+key material.
+
+Anastasis solves the issue of keeping key material both available
+to the authorized user(s), and confidential from anyone else.
+
+With Anastasis, the @strong{core secrets} are protected from the Anastasis
+escrow providers by encrypting each with a @strong{master key}. The
+@strong{master key} can be split and distributed across the escrow
+providers to ensure that no single escrow provider can recover the
+@strong{master key} on its own. Which subset(s) of Anastasis providers
+must be contacted to recover a @strong{master key} is freely configurable.
+
+With Anastasis, users can reliably recover their @strong{core secret},
+while Anastasis makes this difficult for everyone else. This is even
+true if the user is unable to reliably remember any secret with
+sufficiently high entropy: Anastasis does not simply reduce the
+problem to encrypting the @strong{core secret} using some other key
+material in possession of the user.
@menu
* Documentation Overview::
@@ -88,6 +114,12 @@ Documentation Overview
* Complete Index::
* GNU Free Documentation License::
+Introduction
+
+* User Identifiers::
+* Adversary models::
+* The recovery document::
+
Installation
* Installing from source::
@@ -349,14 +381,21 @@ GNU Free Documentation License
@section Introduction
-Anastasis is a service that allows the user to securely deposit a
-@strong{core secret} with an open set of escrow providers and recover it if
the secret is
-lost. The @strong{core secret} itself is protected from the escrow providers
by
-encrypting it with a @strong{master key}. The main objective of Anastasis is
to
-ensure that the user can reliably recover the @strong{core secret}, while
making
-this difficult for everyone else. Furthermore, it is assumed that the user is
-unable to reliably remember any secret with sufficiently high entropy, so we
-cannot simply encrypt using some other key material in possession of the user.
+To understand how Anastasis works, you need to understand three key
+concepts: user identifiers, our adversary model and the role of the
+recovery document.
+
+@menu
+* User Identifiers::
+* Adversary models::
+* The recovery document::
+
+@end menu
+
+@node User Identifiers,Adversary models,,Introduction
+@anchor{introduction user-identifiers}@anchor{5}
+@subsection User Identifiers
+
To uniquely identify users, an “unforgettable” @strong{identifier} is used.
This
identifier should be difficult to guess for anybody but the user. However, the
@@ -365,6 +404,11 @@ cryptographically secure. Examples for such identifier
would be a
concatenation of the full name of the user and their social security or
passport number(s). For Swiss citizens, the AHV number could also be used.
+@node Adversary models,The recovery document,User Identifiers,Introduction
+@anchor{introduction adversary-models}@anchor{6}
+@subsection Adversary models
+
+
The adversary model of Anastasis has two types of adversaries: weak
adversaries which do not know the user’s @strong{identifier}, and strong
adversaries which somehow do know a user’s @strong{identifier}. For weak
@@ -375,6 +419,11 @@ escrow providers must have colluded. The user is able to
specify a set of
collude to break confidentiality. These policies also set the bar for the user
to recover their core secret.
+@node The recovery document,,Adversary models,Introduction
+@anchor{introduction the-recovery-document}@anchor{7}
+@subsection The recovery document
+
+
A @strong{recovery document} includes all of the information a user needs to
recover access to their core secret. It specifies a set of @strong{escrow
methods}, which specify how the user should convince the Anastasis server
@@ -416,7 +465,7 @@ may be exposed to an adversary which monitors the user’s
network traffic).
@c @author Dennis Neufeld
@node Installation,Configuration,Introduction,Documentation Overview
-@anchor{installation doc}@anchor{5}@anchor{installation installation}@anchor{6}
+@anchor{installation doc}@anchor{8}@anchor{installation installation}@anchor{9}
@section Installation
@@ -477,7 +526,7 @@ and should just be installed using the respective package
manager.
@end menu
@node Installing from source,Installing Anastasis binary packages on
Debian,,Installation
-@anchor{installation installing-from-source}@anchor{7}
+@anchor{installation installing-from-source}@anchor{a}
@subsection Installing from source
@@ -495,7 +544,7 @@ the GNU Taler exchange from source.
@end menu
@node Installing GNUnet,Installing the Taler Exchange,,Installing from source
-@anchor{installation installing-gnunet}@anchor{8}
+@anchor{installation installing-gnunet}@anchor{b}
@subsubsection Installing GNUnet
@@ -522,7 +571,7 @@ shared object libraries (@code{.so} files)
visible to the various installed programs.
@node Installing the Taler Exchange,Installing the Taler Merchant,Installing
GNUnet,Installing from source
-@anchor{installation installing-the-taler-exchange}@anchor{9}
+@anchor{installation installing-the-taler-exchange}@anchor{c}
@subsubsection Installing the Taler Exchange
@@ -544,7 +593,7 @@ which requires you to run the last step as @code{root}.
You have to specify
previous step.
@node Installing the Taler Merchant,Installing Anastasis,Installing the Taler
Exchange,Installing from source
-@anchor{installation installing-the-taler-merchant}@anchor{a}
+@anchor{installation installing-the-taler-merchant}@anchor{d}
@subsubsection Installing the Taler Merchant
@@ -589,7 +638,7 @@ find the installed libraries and launching the Taler
merchant backend would
then fail.
@node Installing Anastasis,Installing GNUnet-gtk,Installing the Taler
Merchant,Installing from source
-@anchor{installation installing-anastasis}@anchor{b}
+@anchor{installation installing-anastasis}@anchor{e}
@subsubsection Installing Anastasis
@@ -625,7 +674,7 @@ find the installed libraries and launching the Anastasis
backend would
then fail.
@node Installing GNUnet-gtk,Installing Anastasis-gtk,Installing
Anastasis,Installing from source
-@anchor{installation installing-gnunet-gtk}@anchor{c}
+@anchor{installation installing-gnunet-gtk}@anchor{f}
@subsubsection Installing GNUnet-gtk
@@ -659,7 +708,7 @@ step, it is possible that the linker may not find the
installed libraries and
launching gnunet-gtk would then fail.
@node Installing Anastasis-gtk,,Installing GNUnet-gtk,Installing from source
-@anchor{installation installing-anastasis-gtk}@anchor{d}
+@anchor{installation installing-anastasis-gtk}@anchor{10}
@subsubsection Installing Anastasis-gtk
@@ -696,7 +745,7 @@ run @code{ldconfig}. Without this step, it is possible that
the linker may not
find the installed libraries and launching anastasis-gtk would then fail.
@node Installing Anastasis binary packages on Debian,Installing Anastasis
binary packages on Ubuntu,Installing from source,Installation
-@anchor{installation installing-anastasis-binary-packages-on-debian}@anchor{e}
+@anchor{installation installing-anastasis-binary-packages-on-debian}@anchor{11}
@subsection Installing Anastasis binary packages on Debian
@@ -769,7 +818,7 @@ using apt.
@end menu
@node Installing the graphical front-end,Installing the backend,,Installing
Anastasis binary packages on Debian
-@anchor{installation installing-the-graphical-front-end}@anchor{f}
+@anchor{installation installing-the-graphical-front-end}@anchor{12}
@subsubsection Installing the graphical front-end
@@ -786,7 +835,7 @@ $ anastasis-gtk
@end example
@node Installing the backend,,Installing the graphical front-end,Installing
Anastasis binary packages on Debian
-@anchor{installation installing-the-backend}@anchor{10}
+@anchor{installation installing-the-backend}@anchor{13}
@subsubsection Installing the backend
@@ -819,7 +868,7 @@ need to install a Taler merchant backend via:
@end example
@node Installing Anastasis binary packages on Ubuntu,,Installing Anastasis
binary packages on Debian,Installation
-@anchor{installation installing-anastasis-binary-packages-on-ubuntu}@anchor{11}
+@anchor{installation installing-anastasis-binary-packages-on-ubuntu}@anchor{14}
@subsection Installing Anastasis binary packages on Ubuntu
@@ -860,7 +909,7 @@ using apt.
@end menu
@node Installing the graphical front-end<2>,Installing the
backend<2>,,Installing Anastasis binary packages on Ubuntu
-@anchor{installation id1}@anchor{12}
+@anchor{installation id1}@anchor{15}
@subsubsection Installing the graphical front-end
@@ -877,7 +926,7 @@ $ anastasis-gtk
@end example
@node Installing the backend<2>,,Installing the graphical
front-end<2>,Installing Anastasis binary packages on Ubuntu
-@anchor{installation id2}@anchor{13}
+@anchor{installation id2}@anchor{16}
@subsubsection Installing the backend
@@ -923,7 +972,7 @@ need to install a Taler merchant backend via:
@c @author Dennis Neufeld
@node Configuration,Cryptography,Installation,Documentation Overview
-@anchor{configuration doc}@anchor{14}@anchor{configuration
configuration}@anchor{15}
+@anchor{configuration doc}@anchor{17}@anchor{configuration
configuration}@anchor{18}
@section Configuration
@@ -938,7 +987,7 @@ configuration format.
@end menu
@node Configuration format,Using anastasis-config,,Configuration
-@anchor{configuration configuration-format}@anchor{16}
+@anchor{configuration configuration-format}@anchor{19}
@subsection Configuration format
@@ -1013,7 +1062,7 @@ merchant needs to know an exchange URL, or a database
name.
@end quotation
@node Using anastasis-config,,Configuration format,Configuration
-@anchor{configuration using-anastasis-config}@anchor{17}
+@anchor{configuration using-anastasis-config}@anchor{1a}
@subsection Using anastasis-config
@@ -1084,7 +1133,7 @@ option.
@c @author Dennis Neufeld
@node Cryptography,REST API,Configuration,Documentation Overview
-@anchor{cryptography doc}@anchor{18}@anchor{cryptography
cryptography}@anchor{19}
+@anchor{cryptography doc}@anchor{1b}@anchor{cryptography
cryptography}@anchor{1c}
@section Cryptography
@@ -1131,7 +1180,7 @@ encrypted @strong{core secret}, a set of escrow methods
and a set of policies.
@end menu
@node Key derivations,Key Usage,,Cryptography
-@anchor{cryptography key-derivations}@anchor{1a}
+@anchor{cryptography key-derivations}@anchor{1d}
@subsection Key derivations
@@ -1174,7 +1223,7 @@ kdf_id := Argon2( identifier, server_salt, keysize )
@end menu
@node Verification,Encryption,,Key derivations
-@anchor{cryptography verification}@anchor{1b}
+@anchor{cryptography verification}@anchor{1e}
@subsubsection Verification
@@ -1218,7 +1267,7 @@ digest[31] &= 0xf8;
@strong{eddsa_pub}: The generated EdDSA public key.
@node Encryption,,Verification,Key derivations
-@anchor{cryptography encryption}@anchor{1c}
+@anchor{cryptography encryption}@anchor{1f}
@subsubsection Encryption
@@ -1249,7 +1298,7 @@ avoid key reuse. So, we have to use different nonces to
get different keys and I
@strong{iv}: IV which will be used for AES-GCM.
@node Key Usage,Availability Considerations,Key derivations,Cryptography
-@anchor{cryptography key-usage}@anchor{1d}
+@anchor{cryptography key-usage}@anchor{20}
@subsection Key Usage
@@ -1263,7 +1312,7 @@ the @strong{key_share} of the user.
@end menu
@node Encryption<2>,Signatures,,Key Usage
-@anchor{cryptography id1}@anchor{1e}
+@anchor{cryptography id1}@anchor{21}
@subsubsection Encryption
@@ -1320,7 +1369,7 @@ ekss := HKDF("Anastasis-secure-question-uuid-salting",
@strong{ekss}: Replacement salt to be used instead of “eks” when deriving the
key to encrypt/decrypt the key share.
@node Signatures,,Encryption<2>,Key Usage
-@anchor{cryptography signatures}@anchor{1f}
+@anchor{cryptography signatures}@anchor{22}
@subsubsection Signatures
@@ -1353,7 +1402,7 @@ ver_res := eddsa_verifiy(version,
anastasis-account-signature, eddsa_pub)
@strong{ver_res}: A boolean value. True: Signature verification passed, False:
Signature verification failed.
@node Availability Considerations,,Key Usage,Cryptography
-@anchor{cryptography availability-considerations}@anchor{20}
+@anchor{cryptography availability-considerations}@anchor{23}
@subsection Availability Considerations
@@ -1401,7 +1450,7 @@ capacity.
@c @author Dennis Neufeld
@node REST API,Reducer API,Cryptography,Documentation Overview
-@anchor{rest doc}@anchor{21}@anchor{rest rest-api}@anchor{22}
+@anchor{rest doc}@anchor{24}@anchor{rest rest-api}@anchor{25}
@section REST API
@@ -1430,7 +1479,7 @@ capacity.
@end menu
@node HTTP Request and Response,Protocol Version Ranges,,REST API
-@anchor{rest http-common}@anchor{23}@anchor{rest
http-request-and-response}@anchor{24}
+@anchor{rest http-common}@anchor{26}@anchor{rest
http-request-and-response}@anchor{27}
@subsection HTTP Request and Response
@@ -1440,7 +1489,7 @@ theoretically fail to receive any response. In this
case, the client should
verify that the Internet connection is working properly, and then proceed to
handle the error as if an internal error (500) had been returned.
-@anchor{rest any--*}@anchor{25}
+@anchor{rest any--*}@anchor{28}
@deffn {HTTP Any} ANY /*
@strong{Request:}
@@ -1495,7 +1544,7 @@ within 24h.
@end table
Unless specified otherwise, all error status codes (4xx and 5xx) have a message
-body with an @ref{26,,ErrorDetail} JSON object.
+body with an @ref{29,,ErrorDetail} JSON object.
@strong{Details:}
@@ -1515,7 +1564,7 @@ interface ErrorDetail @{
@end deffn
@node Protocol Version Ranges,Common encodings,HTTP Request and Response,REST
API
-@anchor{rest protocol-version-ranges}@anchor{27}
+@anchor{rest protocol-version-ranges}@anchor{2a}
@subsection Protocol Version Ranges
@@ -1600,7 +1649,7 @@ to decide whether it will talk to the service.
@end cartouche
@node Common encodings,,Protocol Version Ranges,REST API
-@anchor{rest common-encodings}@anchor{28}@anchor{rest encodings-ref}@anchor{29}
+@anchor{rest common-encodings}@anchor{2b}@anchor{rest encodings-ref}@anchor{2c}
@subsection Common encodings
@@ -1627,7 +1676,7 @@ This section describes how certain types of values are
represented throughout th
@end menu
@node Binary Data,Hash codes,,Common encodings
-@anchor{rest base32}@anchor{2a}@anchor{rest binary-data}@anchor{2b}
+@anchor{rest base32}@anchor{2d}@anchor{rest binary-data}@anchor{2e}
@subsubsection Binary Data
@@ -1642,12 +1691,12 @@ type “base32” and the term “Crockford Base32” in the
text to refer to th
resulting encoding.
@node Hash codes,Large numbers,Binary Data,Common encodings
-@anchor{rest hash-codes}@anchor{2c}
+@anchor{rest hash-codes}@anchor{2f}
@subsubsection Hash codes
Hash codes are strings representing base32 encoding of the respective
-hashed data. See @ref{2a,,base32}.
+hashed data. See @ref{2d,,base32}.
@example
// 64-byte hash code.
@@ -1660,7 +1709,7 @@ type ShortHashCode = string;
@end example
@node Large numbers,Timestamps,Hash codes,Common encodings
-@anchor{rest large-numbers}@anchor{2d}
+@anchor{rest large-numbers}@anchor{30}
@subsubsection Large numbers
@@ -1668,7 +1717,7 @@ Large numbers such as 256 bit keys, are transmitted as
other binary data in
Crockford Base32 encoding.
@node Timestamps,Integers,Large numbers,Common encodings
-@anchor{rest timestamps}@anchor{2e}
+@anchor{rest timestamps}@anchor{31}
@subsubsection Timestamps
@@ -1692,7 +1741,7 @@ interface Duration @{
@end example
@node Integers,Objects,Timestamps,Common encodings
-@anchor{rest integers}@anchor{2f}@anchor{rest publickey}@anchor{30}
+@anchor{rest integers}@anchor{32}@anchor{rest publickey}@anchor{33}
@subsubsection Integers
@@ -1702,7 +1751,7 @@ type Integer = number;
@end example
@node Objects,Keys,Integers,Common encodings
-@anchor{rest objects}@anchor{31}
+@anchor{rest objects}@anchor{34}
@subsubsection Objects
@@ -1712,7 +1761,7 @@ type Object = object;
@end example
@node Keys,Signatures<2>,Objects,Common encodings
-@anchor{rest keys}@anchor{32}
+@anchor{rest keys}@anchor{35}
@subsubsection Keys
@@ -1731,7 +1780,7 @@ type EddsaPrivateKey = string;
@end example
@node Signatures<2>,Amounts,Keys,Common encodings
-@anchor{rest signature}@anchor{33}@anchor{rest signatures}@anchor{34}
+@anchor{rest signature}@anchor{36}@anchor{rest signatures}@anchor{37}
@subsubsection Signatures
@@ -1742,7 +1791,7 @@ type EddsaSignature = string;
@end example
@node Amounts,Time,Signatures<2>,Common encodings
-@anchor{rest amount}@anchor{35}@anchor{rest amounts}@anchor{36}
+@anchor{rest amount}@anchor{38}@anchor{rest amounts}@anchor{39}
@subsubsection Amounts
@@ -1781,7 +1830,7 @@ An amount that is prefixed with a @code{+} or @code{-}
character is also used in
When no sign is present, the amount is assumed to be positive.
@node Time,Cryptographic primitives,Amounts,Common encodings
-@anchor{rest time}@anchor{37}
+@anchor{rest time}@anchor{3a}
@subsubsection Time
@@ -1798,7 +1847,7 @@ struct GNUNET_TIME_AbsoluteNBO @{
@end example
@node Cryptographic primitives,Signatures<3>,Time,Common encodings
-@anchor{rest cryptographic-primitives}@anchor{38}
+@anchor{rest cryptographic-primitives}@anchor{3b}
@subsubsection Cryptographic primitives
@@ -1811,7 +1860,7 @@ struct GNUNET_HashCode @{
uint8_t hash[64]; // usually SHA-512
@};
@end example
-@anchor{rest taler-ecdhephemeralpublickeyp}@anchor{39}
+@anchor{rest taler-ecdhephemeralpublickeyp}@anchor{3c}
@example
struct TALER_EcdhEphemeralPublicKeyP @{
uint8_t ecdh_pub[32];
@@ -1825,7 +1874,7 @@ struct UUID @{
@end example
@node Signatures<3>,Receiving Configuration,Cryptographic primitives,Common
encodings
-@anchor{rest id1}@anchor{3a}@anchor{rest id2}@anchor{3b}
+@anchor{rest id1}@anchor{3d}@anchor{rest id2}@anchor{3e}
@subsubsection Signatures
@@ -1859,21 +1908,21 @@ struct GNUNET_CRYPTO_EccSignaturePurpose @{
uint32_t size;
@};
@end example
-@anchor{rest salt}@anchor{3c}
+@anchor{rest salt}@anchor{3f}
@node Receiving Configuration,Receiving Terms of Service,Signatures<3>,Common
encodings
-@anchor{rest config}@anchor{3d}@anchor{rest receiving-configuration}@anchor{3e}
+@anchor{rest config}@anchor{40}@anchor{rest receiving-configuration}@anchor{41}
@subsubsection Receiving Configuration
-@anchor{rest get--config}@anchor{3f}
+@anchor{rest get--config}@anchor{42}
@deffn {HTTP Get} GET /config
Obtain the configuration details of the escrow provider.
@strong{Response:}
-Returns an @ref{40,,EscrowConfigurationResponse}.
-@anchor{rest escrowconfigurationresponse}@anchor{40}
+Returns an @ref{43,,EscrowConfigurationResponse}.
+@anchor{rest escrowconfigurationresponse}@anchor{43}
@example
interface EscrowConfigurationResponse @{
@@ -1915,7 +1964,7 @@ interface EscrowConfigurationResponse @{
@}
@end example
-@anchor{rest authorizationmethodconfig}@anchor{41}
+@anchor{rest authorizationmethodconfig}@anchor{44}
@example
interface AuthorizationMethodConfig @{
// Name of the authorization method.
@@ -1929,11 +1978,11 @@ interface AuthorizationMethodConfig @{
@end deffn
@node Receiving Terms of Service,Manage policy,Receiving Configuration,Common
encodings
-@anchor{rest receiving-terms-of-service}@anchor{42}@anchor{rest
terms}@anchor{43}
+@anchor{rest receiving-terms-of-service}@anchor{45}@anchor{rest
terms}@anchor{46}
@subsubsection Receiving Terms of Service
-@anchor{rest get--terms}@anchor{44}
+@anchor{rest get--terms}@anchor{47}
@deffn {HTTP Get} GET /terms
Obtain the terms of service provided by the escrow provider.
@@ -1944,7 +1993,7 @@ Returns the terms of service of the provider, in the best
language
and format available based on the client’s request.
@end deffn
-@anchor{rest get--privacy}@anchor{45}
+@anchor{rest get--privacy}@anchor{48}
@deffn {HTTP Get} GET /privacy
Obtain the privacy policy of the service provided by the escrow provider.
@@ -1956,7 +2005,7 @@ and format available based on the client’s request.
@end deffn
@node Manage policy,Managing truth,Receiving Terms of Service,Common encodings
-@anchor{rest id3}@anchor{46}@anchor{rest manage-policy}@anchor{47}
+@anchor{rest id3}@anchor{49}@anchor{rest manage-policy}@anchor{4a}
@subsubsection Manage policy
@@ -1971,7 +2020,7 @@ public key using the Crockford base32-encoding.
In the following, UUID is always defined and used according to RFC
4122@footnote{https://tools.ietf.org/html/rfc4122}.
-@anchor{rest get--policy-$ACCOUNT_PUB[?version=$NUMBER]}@anchor{48}
+@anchor{rest get--policy-$ACCOUNT_PUB[?version=$NUMBER]}@anchor{4b}
@deffn {HTTP Get} GET /policy/$ACCOUNT_PUB[?version=$NUMBER]
Get the customer’s encrypted recovery document. If @code{version}
@@ -2007,7 +2056,7 @@ code in case the resource matches the provided Etag.
@item 200
OK@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1}:
-The escrow provider responds with an @ref{49,,EncryptedRecoveryDocument}
object.
+The escrow provider responds with an @ref{4c,,EncryptedRecoveryDocument}
object.
@item 304 Not
modified@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.5}:
@@ -2033,7 +2082,7 @@ The requested resource was not found.
@emph{Anastasis-Version}: $NUMBER — The server must return actual version of
the encrypted recovery document via this header.
If the client specified a version number in the header of the request, the
server must return that version. If the client
-did not specify a version in the request, the server returns latest version of
the @ref{49,,EncryptedRecoveryDocument}.
+did not specify a version in the request, the server returns latest version of
the @ref{4c,,EncryptedRecoveryDocument}.
@emph{Etag}: Set by the server to the Base32-encoded SHA512 hash of the body.
Used for caching and to prevent redundancies. The server MUST send the Etag if
the status code is @code{200 OK}.
@@ -2043,7 +2092,7 @@ The client SHOULD send this header with every request
(except for the first requ
@emph{Anastasis-Account-Signature}: The client must provide Base-32 encoded
EdDSA signature over hash of body with @code{$ACCOUNT_PRIV}, affirming desire
to download the requested encrypted recovery document. The purpose used MUST
be @code{TALER_SIGNATURE_ANASTASIS_POLICY_DOWNLOAD} (1401).
@end deffn
-@anchor{rest post--policy-$ACCOUNT_PUB}@anchor{4a}
+@anchor{rest post--policy-$ACCOUNT_PUB}@anchor{4d}
@deffn {HTTP Post} POST /policy/$ACCOUNT_PUB
Upload a new version of the customer’s encrypted recovery document.
@@ -2129,7 +2178,7 @@ The upload is too large @emph{or} too small. The response
body may elaborate on
@end table
@strong{Details:}
-@anchor{rest encryptedrecoverydocument}@anchor{49}
+@anchor{rest encryptedrecoverydocument}@anchor{4c}
@example
interface EncryptedRecoveryDocument @{
// Nonce used to compute the (iv,key) pair for encryption of the
@@ -2147,7 +2196,7 @@ interface EncryptedRecoveryDocument @{
@}
@end example
-@anchor{rest recoverydocument}@anchor{4b}
+@anchor{rest recoverydocument}@anchor{4e}
@example
interface RecoveryDocument @{
// Account identifier at backup provider, AES-encrypted with
@@ -2165,7 +2214,7 @@ interface RecoveryDocument @{
@}
@end example
-@anchor{rest escrowmethod}@anchor{4c}
+@anchor{rest escrowmethod}@anchor{4f}
@example
interface EscrowMethod @{
// URL of the escrow provider (including possibly this Anastasis server).
@@ -2197,7 +2246,7 @@ interface EscrowMethod @{
@}
@end example
-@anchor{rest decryptionpolicy}@anchor{4d}
+@anchor{rest decryptionpolicy}@anchor{50}
@example
interface DecryptionPolicy @{
// Salt included to encrypt master key share when
@@ -2217,7 +2266,7 @@ interface DecryptionPolicy @{
@end deffn
@node Managing truth,,Manage policy,Common encodings
-@anchor{rest managing-truth}@anchor{4e}@anchor{rest truth}@anchor{4f}
+@anchor{rest managing-truth}@anchor{51}@anchor{rest truth}@anchor{52}
@subsubsection Managing truth
@@ -2232,10 +2281,10 @@ data required for such a respective escrow method.
An Anastasis-server may store truth for free for a certain time period, or
charge per truth operation using GNU Taler.
-@anchor{rest post--truth-$UUID}@anchor{50}
+@anchor{rest post--truth-$UUID}@anchor{53}
@deffn {HTTP Post} POST /truth/$UUID
-Upload a @ref{51,,TruthUploadRequest}-Object according to the policy the
client created before (see @ref{4b,,RecoveryDocument}).
+Upload a @ref{54,,TruthUploadRequest}-Object according to the policy the
client created before (see @ref{4e,,RecoveryDocument}).
If request has been seen before, the server should do nothing, and otherwise
store the new object.
@strong{Request:}
@@ -2284,7 +2333,7 @@ The selected authentication method is not supported on
this provider.
@end table
@strong{Details:}
-@anchor{rest truthuploadrequest}@anchor{51}
+@anchor{rest truthuploadrequest}@anchor{54}
@example
interface TruthUploadRequest @{
// Contains the information of an interface `EncryptedKeyShare`, but simply
@@ -2321,11 +2370,11 @@ interface TruthUploadRequest @{
@end example
@end deffn
-@anchor{rest get--truth-$UUID[?response=$H_RESPONSE]}@anchor{52}
+@anchor{rest get--truth-$UUID[?response=$H_RESPONSE]}@anchor{55}
@deffn {HTTP Get} GET /truth/$UUID[?response=$H_RESPONSE]
Get the stored encrypted key share. If @code{$H_RESPONSE} is specified by the
client, the server checks
-if @code{$H_RESPONSE} matches the expected response specified before within
the @ref{51,,TruthUploadRequest} (see @code{encrypted_truth}).
+if @code{$H_RESPONSE} matches the expected response specified before within
the @ref{54,,TruthUploadRequest} (see @code{encrypted_truth}).
Also, the user has to provide the correct @emph{truth_encryption_key} with
every get request (see below).
When @code{$H_RESPONSE} is correct, the server responds with the encrypted key
share.
The encrypted key share is returned simply as a byte array and not in JSON
format.
@@ -2337,7 +2386,7 @@ The encrypted key share is returned simply as a byte
array and not in JSON forma
@item 200
OK@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1}:
-@ref{53,,EncryptedKeyShare} is returned in body (in binary).
+@ref{56,,EncryptedKeyShare} is returned in body (in binary).
@item 202
Accepted@footnote{http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.3}:
@@ -2386,11 +2435,11 @@ an e-mail address for sending an E-mail is not a valid
e-mail address.
Server is out of Service.
@end table
-@emph{Truth-Decryption-Key}: Key used to encrypt the @strong{truth} (see
encrypted_truth within @ref{51,,TruthUploadRequest}) and which has to provided
by the user. The key is stored with
-the according @ref{4c,,EscrowMethod}. The server needs this key to get the
info out of @ref{51,,TruthUploadRequest} needed to verify the @code{$RESPONSE}.
+@emph{Truth-Decryption-Key}: Key used to encrypt the @strong{truth} (see
encrypted_truth within @ref{54,,TruthUploadRequest}) and which has to provided
by the user. The key is stored with
+the according @ref{4f,,EscrowMethod}. The server needs this key to get the
info out of @ref{54,,TruthUploadRequest} needed to verify the @code{$RESPONSE}.
@strong{Details:}
-@anchor{rest encryptedkeyshare}@anchor{53}
+@anchor{rest encryptedkeyshare}@anchor{56}
@example
interface EncryptedKeyShare @{
// Nonce used to compute the decryption (iv,key) pair.
@@ -2414,7 +2463,7 @@ interface EncryptedKeyShare @{
@}
@end example
-@anchor{rest keyshare}@anchor{54}
+@anchor{rest keyshare}@anchor{57}
@example
interface KeyShare @{
// Key material to concatenate with policy_salt and KDF to derive
@@ -2447,13 +2496,13 @@ interface KeyShare @{
@c @author Dennis Neufeld
@node Reducer API,Authentication Methods,REST API,Documentation Overview
-@anchor{reducer doc}@anchor{55}@anchor{reducer reducer-api}@anchor{56}
+@anchor{reducer doc}@anchor{58}@anchor{reducer reducer-api}@anchor{59}
@section Reducer API
This section describes the Anastasis Reducer API which is used by client
applications
to store or load the different states the client application can have.
-The reducer takes a @ref{57,,state} in JSON syntax and returns the new state
in JSON syntax.
+The reducer takes a @ref{5a,,state} in JSON syntax and returns the new state
in JSON syntax.
For example a @strong{state} may take the following structure:
@@ -2467,7 +2516,7 @@ For example a @strong{state} may take the following
structure:
@}
@end example
-The new state depends on the previous one and on the transition
@ref{58,,action} with its
+The new state depends on the previous one and on the transition
@ref{5b,,action} with its
arguments given to the reducer. A @strong{transition argument} also is a
statement in JSON syntax:
@example
@@ -2477,7 +2526,7 @@ arguments given to the reducer. A @strong{transition
argument} also is a stateme
@end example
The new state returned by the reducer with the state and transition argument
defined
-above would look like following for the transition @ref{58,,action}
@code{select_continent}:
+above would look like following for the transition @ref{5b,,action}
@code{select_continent}:
@example
@{
@@ -2528,7 +2577,7 @@ above would look like following for the transition
@ref{58,,action} @code{select
@end menu
@node States,Backup Reducer,,Reducer API
-@anchor{reducer states}@anchor{59}
+@anchor{reducer states}@anchor{5c}
@subsection States
@@ -2663,10 +2712,10 @@ in FINISHED-states, the operation has definitively
concluded.
@end quotation
@node Backup Reducer,Recovery Reducer,States,Reducer API
-@anchor{reducer backup-reducer}@anchor{5a}
+@anchor{reducer backup-reducer}@anchor{5d}
@subsection Backup Reducer
-@anchor{reducer state}@anchor{57}@anchor{reducer action}@anchor{58}
+@anchor{reducer state}@anchor{5a}@anchor{reducer action}@anchor{5b}
@float Figure
@@ -2681,7 +2730,7 @@ The illustration above shows the different states the
reducer can have during a
process.
@node Recovery Reducer,Reducer transitions,Backup Reducer,Reducer API
-@anchor{reducer recovery-reducer}@anchor{5b}
+@anchor{reducer recovery-reducer}@anchor{5e}
@subsection Recovery Reducer
@@ -2699,7 +2748,7 @@ The illustration above shows the different states the
reducer can have during a
process.
@node Reducer transitions,,Recovery Reducer,Reducer API
-@anchor{reducer reducer-transitions}@anchor{5c}
+@anchor{reducer reducer-transitions}@anchor{5f}
@subsection Reducer transitions
@@ -2716,7 +2765,7 @@ state is preserved to enable “back” transitions to
function smoothly.
@end menu
@node Initial state,Common transitions,,Reducer transitions
-@anchor{reducer initial-state}@anchor{5d}
+@anchor{reducer initial-state}@anchor{60}
@subsubsection Initial state
@@ -2779,7 +2828,7 @@ continent names:
Translations must be given in the same order as the main English array.
@node Common transitions,Backup transitions,Initial state,Reducer transitions
-@anchor{reducer common-transitions}@anchor{5e}
+@anchor{reducer common-transitions}@anchor{61}
@subsubsection Common transitions
@@ -3160,7 +3209,7 @@ port 8888 was now added:
@end example
@node Backup transitions,Recovery transitions,Common transitions,Reducer
transitions
-@anchor{reducer backup-transitions}@anchor{5f}
+@anchor{reducer backup-transitions}@anchor{62}
@subsubsection Backup transitions
@@ -3843,7 +3892,7 @@ In the above example, 52 would thus imply that the
Anastasis provider failed to
store information into its database.
@node Recovery transitions,,Backup transitions,Reducer transitions
-@anchor{reducer recovery-transitions}@anchor{60}
+@anchor{reducer recovery-transitions}@anchor{63}
@subsubsection Recovery transitions
@@ -4320,7 +4369,7 @@ formats are:
@c @author Dennis Neufeld
@node Authentication Methods,DB Schema,Reducer API,Documentation Overview
-@anchor{authentication doc}@anchor{61}@anchor{authentication
anastasis-auth-methods}@anchor{62}@anchor{authentication
authentication-methods}@anchor{63}
+@anchor{authentication doc}@anchor{64}@anchor{authentication
anastasis-auth-methods}@anchor{65}@anchor{authentication
authentication-methods}@anchor{66}
@section Authentication Methods
@@ -4348,29 +4397,29 @@ maximum permissible frequency.
@end menu
@node SMS sms,Email verification email,,Authentication Methods
-@anchor{authentication sms-sms}@anchor{64}
+@anchor{authentication sms-sms}@anchor{67}
@subsection SMS (sms)
Sends an SMS with a code (prefixed with @code{A-}) to the user’s phone,
including
a UUID which identifies the challenge the code is for. The user must send
-this code back with his request (see @code{$RESPONSE} under @ref{4f,,Managing
truth}).
+this code back with his request (see @code{$RESPONSE} under @ref{52,,Managing
truth}).
If the transmitted code is correct, the server responses with the requested
encrypted key share.
@node Email verification email,Video identification vid,SMS sms,Authentication
Methods
-@anchor{authentication email-verification-email}@anchor{65}
+@anchor{authentication email-verification-email}@anchor{68}
@subsection Email verification (email)
Sends an email with a code (prefixed with @code{A-}) to the user’s mail
address,
including a UUID which identifies the challenge the code is for. The user
-must send this code back with his request (see @code{$RESPONSE} under
@ref{4f,,Managing truth}).
+must send this code back with his request (see @code{$RESPONSE} under
@ref{52,,Managing truth}).
If the transmitted code is correct, the server responses with the
requested encrypted key share.
@node Video identification vid,Security question qa,Email verification
email,Authentication Methods
-@anchor{authentication video-identification-vid}@anchor{66}
+@anchor{authentication video-identification-vid}@anchor{69}
@subsection Video identification (vid)
@@ -4388,7 +4437,7 @@ requesting the user to be redirected to a Web site (or
other URL) for the
video-call.
@node Security question qa,Snail mail verification post,Video identification
vid,Authentication Methods
-@anchor{authentication security-question-qa}@anchor{67}
+@anchor{authentication security-question-qa}@anchor{6a}
@subsection Security question (qa)
@@ -4411,14 +4460,14 @@ remains irrecoverable without the answer even if the
Anastasis provider
storing the security question is malicious.
@node Snail mail verification post,,Security question qa,Authentication Methods
-@anchor{authentication snail-mail-verification-post}@anchor{68}
+@anchor{authentication snail-mail-verification-post}@anchor{6b}
@subsection Snail mail verification (post)
Sends physical mail (snail mail) with a code (prefixed with @code{A-}) to the
user’s mail address, including a UUID which identifies the challenge the code
is for. The user must send this code back with their request (see
-@code{$RESPONSE} under @ref{4f,,Managing truth}). If the transmitted code is
correct,
+@code{$RESPONSE} under @ref{52,,Managing truth}). If the transmitted code is
correct,
the server responds with the requested encrypted key share.
@c This file is part of Anastasis
@@ -4440,7 +4489,7 @@ the server responds with the requested encrypted key
share.
@c @author Dennis Neufeld
@node DB Schema,Design Documents,Authentication Methods,Documentation Overview
-@anchor{db doc}@anchor{69}@anchor{db db-schema}@anchor{6a}
+@anchor{db doc}@anchor{6c}@anchor{db db-schema}@anchor{6d}
@section DB Schema
@@ -4455,7 +4504,7 @@ the server responds with the requested encrypted key
share.
@image{anastasis-figures/anastasis_truth_payment,,,,png}
@node Design Documents,Anastasis licensing information,DB Schema,Documentation
Overview
-@anchor{design-documents/index doc}@anchor{6b}@anchor{design-documents/index
design-documents}@anchor{6c}
+@anchor{design-documents/index doc}@anchor{6e}@anchor{design-documents/index
design-documents}@anchor{6f}
@section Design Documents
@@ -4471,7 +4520,7 @@ and protocol.
@end menu
@node Design Doc 001 Anastasis User Experience,Template,,Design Documents
-@anchor{design-documents/001-anastasis-ux
doc}@anchor{6d}@anchor{design-documents/001-anastasis-ux
design-doc-001-anastasis-user-experience}@anchor{6e}
+@anchor{design-documents/001-anastasis-ux
doc}@anchor{70}@anchor{design-documents/001-anastasis-ux
design-doc-001-anastasis-user-experience}@anchor{71}
@subsection Design Doc 001: Anastasis User Experience
@@ -4485,7 +4534,7 @@ and protocol.
@end menu
@node Summary,Motivation,,Design Doc 001 Anastasis User Experience
-@anchor{design-documents/001-anastasis-ux summary}@anchor{6f}
+@anchor{design-documents/001-anastasis-ux summary}@anchor{72}
@subsubsection Summary
@@ -4493,7 +4542,7 @@ This document describes the recommended way of
implementing the user experience
of setting up and making use of @ref{3,,Introduction} account recovery.
@node Motivation,Setup Steps,Summary,Design Doc 001 Anastasis User Experience
-@anchor{design-documents/001-anastasis-ux motivation}@anchor{70}
+@anchor{design-documents/001-anastasis-ux motivation}@anchor{73}
@subsubsection Motivation
@@ -4505,7 +4554,7 @@ even if all devices and offline secrets have been lost.
Access to the backup key is shared with escrow providers that can be chosen by
the user.
@node Setup Steps,Show Service Status After Setup,Motivation,Design Doc 001
Anastasis User Experience
-@anchor{design-documents/001-anastasis-ux setup-steps}@anchor{71}
+@anchor{design-documents/001-anastasis-ux setup-steps}@anchor{74}
@subsubsection Setup Steps
@image{graphviz-2d8d83202d2b7835498d2a5c18fa9e3cc05c4b6a,,,[graphviz],png}
@@ -4521,7 +4570,7 @@ Access to the backup key is shared with escrow providers
that can be chosen by t
@end menu
@node Entry point Settings,Providing Identification,,Setup Steps
-@anchor{design-documents/001-anastasis-ux entry-point-settings}@anchor{72}
+@anchor{design-documents/001-anastasis-ux entry-point-settings}@anchor{75}
@subsubsection Entry point: Settings
@@ -4539,7 +4588,7 @@ maybe be integrated into the backup settings.
@image{anastasis-figures/backupsettings,,,,png}
@node Providing Identification,Add Authentication Methods,Entry point
Settings,Setup Steps
-@anchor{design-documents/001-anastasis-ux providing-identification}@anchor{73}
+@anchor{design-documents/001-anastasis-ux providing-identification}@anchor{76}
@subsubsection Providing Identification
@@ -4570,12 +4619,12 @@ country of the SIM card. But nothing invasive like the
actual GPS location.
@image{anastasis-figures/userid,,,,png}
@node Add Authentication Methods,Confirm/Change Service Providers,Providing
Identification,Setup Steps
-@anchor{design-documents/001-anastasis-ux
add-authentication-methods}@anchor{74}
+@anchor{design-documents/001-anastasis-ux
add-authentication-methods}@anchor{77}
@subsubsection Add Authentication Methods
After creating a unique identifier, the user can chose one or more
-@ref{62,,Authentication Methods} supported by Anastasis.
+@ref{65,,Authentication Methods} supported by Anastasis.
When selecting a method, the user is already asked to provide the information
required for the recovery with that method. For example, a photo of
@@ -4592,7 +4641,7 @@ sane values (phone number, e-mail addresses, country of
residence).
@image{anastasis-figures/addtruthmail,,,,png}
@node Confirm/Change Service Providers,Defining Recovery Options,Add
Authentication Methods,Setup Steps
-@anchor{design-documents/001-anastasis-ux
confirm-change-service-providers}@anchor{75}
+@anchor{design-documents/001-anastasis-ux
confirm-change-service-providers}@anchor{78}
@subsubsection Confirm/Change Service Providers
@@ -4608,7 +4657,7 @@ default list provided by the wallet.
@image{anastasis-figures/addpolicymethod,,,,png}
@node Defining Recovery Options,Pay for Setup,Confirm/Change Service
Providers,Setup Steps
-@anchor{design-documents/001-anastasis-ux defining-recovery-options}@anchor{76}
+@anchor{design-documents/001-anastasis-ux defining-recovery-options}@anchor{79}
@subsubsection Defining Recovery Options
@@ -4631,7 +4680,7 @@ should get updated with each user action affecting those
costs such as
when the user reconfigures the policies.
@node Pay for Setup,,Defining Recovery Options,Setup Steps
-@anchor{design-documents/001-anastasis-ux pay-for-setup}@anchor{77}
+@anchor{design-documents/001-anastasis-ux pay-for-setup}@anchor{7a}
@subsubsection Pay for Setup
@@ -4640,14 +4689,14 @@ asked to pay for the service with the regular wallet
payment confirmation
screen.
@node Show Service Status After Setup,Recovery Steps,Setup Steps,Design Doc
001 Anastasis User Experience
-@anchor{design-documents/001-anastasis-ux
show-service-status-after-setup}@anchor{78}
+@anchor{design-documents/001-anastasis-ux
show-service-status-after-setup}@anchor{7b}
@subsubsection Show Service Status After Setup
TODO
@node Recovery Steps,,Show Service Status After Setup,Design Doc 001 Anastasis
User Experience
-@anchor{design-documents/001-anastasis-ux recovery-steps}@anchor{79}
+@anchor{design-documents/001-anastasis-ux recovery-steps}@anchor{7c}
@subsubsection Recovery Steps
@image{graphviz-834e5a93329dec2ccdefd2a21bdfb5a02bad1c84,,,[graphviz],png}
@@ -4663,7 +4712,7 @@ TODO
@end menu
@node Entry point Settings<2>,Providing Identification<2>,,Recovery Steps
-@anchor{design-documents/001-anastasis-ux id1}@anchor{7a}
+@anchor{design-documents/001-anastasis-ux id1}@anchor{7d}
@subsubsection Entry point: Settings
@@ -4681,7 +4730,7 @@ checkpoint instead of from the beginning.
@image{anastasis-figures/backupsettings,,,,png}
@node Providing Identification<2>,Select Authentication Challenge,Entry point
Settings<2>,Recovery Steps
-@anchor{design-documents/001-anastasis-ux id2}@anchor{7b}
+@anchor{design-documents/001-anastasis-ux id2}@anchor{7e}
@subsubsection Providing Identification
@@ -4692,7 +4741,7 @@ and then to provide country-specific inputs for
identification.
@image{anastasis-figures/userid,,,,png}
@node Select Authentication Challenge,Payment,Providing
Identification<2>,Recovery Steps
-@anchor{design-documents/001-anastasis-ux
select-authentication-challenge}@anchor{7c}
+@anchor{design-documents/001-anastasis-ux
select-authentication-challenge}@anchor{7f}
@subsubsection Select Authentication Challenge
@@ -4711,7 +4760,7 @@ When selecting a challenge, the user may be asked to
confirm making a payment
for this challenge if the provider requires payment.
@node Payment,Enter Challenge Response,Select Authentication
Challenge,Recovery Steps
-@anchor{design-documents/001-anastasis-ux payment}@anchor{7d}
+@anchor{design-documents/001-anastasis-ux payment}@anchor{80}
@subsubsection Payment
@@ -4724,7 +4773,7 @@ used – except of course if the security question
challenge is free of
charge).
@node Enter Challenge Response,Success,Payment,Recovery Steps
-@anchor{design-documents/001-anastasis-ux enter-challenge-response}@anchor{7e}
+@anchor{design-documents/001-anastasis-ux enter-challenge-response}@anchor{81}
@subsubsection Enter Challenge Response
@@ -4735,7 +4784,7 @@ numeric code, or the full code with the @code{A-} prefix
(or ideally, the user
cannot delete the pre-filled @code{A-} text).
@node Success,,Enter Challenge Response,Recovery Steps
-@anchor{design-documents/001-anastasis-ux success}@anchor{7f}
+@anchor{design-documents/001-anastasis-ux success}@anchor{82}
@subsubsection Success
@@ -4744,7 +4793,7 @@ as part of a separate screen, or simply with a
notification bar in the
main wallet screen.
@node Template,,Design Doc 001 Anastasis User Experience,Design Documents
-@anchor{design-documents/999-template
doc}@anchor{80}@anchor{design-documents/999-template template}@anchor{81}
+@anchor{design-documents/999-template
doc}@anchor{83}@anchor{design-documents/999-template template}@anchor{84}
@subsection Template
@@ -4760,44 +4809,44 @@ main wallet screen.
@end menu
@node Summary<2>,Motivation<2>,,Template
-@anchor{design-documents/999-template summary}@anchor{82}
+@anchor{design-documents/999-template summary}@anchor{85}
@subsubsection Summary
@node Motivation<2>,Requirements,Summary<2>,Template
-@anchor{design-documents/999-template motivation}@anchor{83}
+@anchor{design-documents/999-template motivation}@anchor{86}
@subsubsection Motivation
@node Requirements,Proposed Solution,Motivation<2>,Template
-@anchor{design-documents/999-template requirements}@anchor{84}
+@anchor{design-documents/999-template requirements}@anchor{87}
@subsubsection Requirements
@node Proposed Solution,Alternatives,Requirements,Template
-@anchor{design-documents/999-template proposed-solution}@anchor{85}
+@anchor{design-documents/999-template proposed-solution}@anchor{88}
@subsubsection Proposed Solution
@node Alternatives,Drawbacks,Proposed Solution,Template
-@anchor{design-documents/999-template alternatives}@anchor{86}
+@anchor{design-documents/999-template alternatives}@anchor{89}
@subsubsection Alternatives
@node Drawbacks,Discussion / Q&A,Alternatives,Template
-@anchor{design-documents/999-template drawbacks}@anchor{87}
+@anchor{design-documents/999-template drawbacks}@anchor{8a}
@subsubsection Drawbacks
@node Discussion / Q&A,,Drawbacks,Template
-@anchor{design-documents/999-template discussion-q-a}@anchor{88}
+@anchor{design-documents/999-template discussion-q-a}@anchor{8b}
@subsubsection Discussion / Q&A
(This should be filled in with results from discussions on mailing lists /
personal communication.)
@node Anastasis licensing information,Man Pages,Design Documents,Documentation
Overview
-@anchor{global-licensing doc}@anchor{89}@anchor{global-licensing
anastasis-licensing-information}@anchor{8a}
+@anchor{global-licensing doc}@anchor{8c}@anchor{global-licensing
anastasis-licensing-information}@anchor{8d}
@section Anastasis licensing information
@@ -4819,7 +4868,7 @@ GPL.
@end menu
@node Anastasis git //git taler net/anastasis,Anastasis-gtk git //git taler
net/anastasis-gtk,,Anastasis licensing information
-@anchor{global-licensing
anastasis-git-git-taler-net-anastasis}@anchor{8b}@anchor{global-licensing
exchange-repo}@anchor{8c}
+@anchor{global-licensing
anastasis-git-git-taler-net-anastasis}@anchor{8e}@anchor{global-licensing
exchange-repo}@anchor{8f}
@subsection Anastasis (git://git.taler.net/anastasis)
@@ -4831,7 +4880,7 @@ Anastasis core logic is under AGPL.
@end menu
@node Runtime dependencies,,,Anastasis git //git taler net/anastasis
-@anchor{global-licensing runtime-dependencies}@anchor{8d}
+@anchor{global-licensing runtime-dependencies}@anchor{90}
@subsubsection Runtime dependencies
@@ -4861,7 +4910,7 @@ GNU Taler: LGPLv3+ / GPLv3+ / AGPLv3+: owned by Taler
Systems SA
@end itemize
@node Anastasis-gtk git //git taler net/anastasis-gtk,Documentation,Anastasis
git //git taler net/anastasis,Anastasis licensing information
-@anchor{global-licensing
anastasis-gtk-git-git-taler-net-anastasis-gtk}@anchor{8e}
+@anchor{global-licensing
anastasis-gtk-git-git-taler-net-anastasis-gtk}@anchor{91}
@subsection Anastasis-gtk (git://git.taler.net/anastasis-gtk)
@@ -4873,7 +4922,7 @@ Anastasis-gtk is under AGPL.
@end menu
@node Runtime dependencies<2>,,,Anastasis-gtk git //git taler net/anastasis-gtk
-@anchor{global-licensing id1}@anchor{8f}
+@anchor{global-licensing id1}@anchor{92}
@subsubsection Runtime dependencies
@@ -4906,14 +4955,14 @@ GNU Taler: LGPLv3+ / GPLv3+ / AGPLv3+: owned by Taler
Systems SA
@end itemize
@node Documentation,,Anastasis-gtk git //git taler net/anastasis-gtk,Anastasis
licensing information
-@anchor{global-licensing documentation}@anchor{90}
+@anchor{global-licensing documentation}@anchor{93}
@subsection Documentation
The documentation is licensed under the GNU Free Documentation License Version
1.3 or later.
@node Man Pages,Complete Index,Anastasis licensing information,Documentation
Overview
-@anchor{manindex doc}@anchor{91}@anchor{manindex man-pages}@anchor{92}
+@anchor{manindex doc}@anchor{94}@anchor{manindex man-pages}@anchor{95}
@section Man Pages
@@ -4927,7 +4976,7 @@ The documentation is licensed under the GNU Free
Documentation License Version 1
@end menu
@node anastasis-config 1,anastasis-gtk 1,,Man Pages
-@anchor{manpages/anastasis-config 1
doc}@anchor{93}@anchor{manpages/anastasis-config 1
anastasis-config-1}@anchor{94}
+@anchor{manpages/anastasis-config 1
doc}@anchor{96}@anchor{manpages/anastasis-config 1
anastasis-config-1}@anchor{97}
@subsection anastasis-config(1)
@@ -4941,7 +4990,7 @@ The documentation is licensed under the GNU Free
Documentation License Version 1
@end menu
@node Synopsis,Description,,anastasis-config 1
-@anchor{manpages/anastasis-config 1 synopsis}@anchor{95}
+@anchor{manpages/anastasis-config 1 synopsis}@anchor{98}
@subsubsection Synopsis
@@ -4961,7 +5010,7 @@ The documentation is licensed under the GNU Free
Documentation License Version 1
[@strong{-v} | @strong{––version}]
@node Description,See Also,Synopsis,anastasis-config 1
-@anchor{manpages/anastasis-config 1 description}@anchor{96}
+@anchor{manpages/anastasis-config 1 description}@anchor{99}
@subsubsection Description
@@ -5045,14 +5094,14 @@ Print Anastasis version number.
@end table
@node See Also,Bugs,Description,anastasis-config 1
-@anchor{manpages/anastasis-config 1 see-also}@anchor{97}
+@anchor{manpages/anastasis-config 1 see-also}@anchor{9a}
@subsubsection See Also
anastasis.conf(5)
@node Bugs,,See Also,anastasis-config 1
-@anchor{manpages/anastasis-config 1 bugs}@anchor{98}
+@anchor{manpages/anastasis-config 1 bugs}@anchor{9b}
@subsubsection Bugs
@@ -5060,7 +5109,7 @@ Report bugs by using
@indicateurl{https://bugs.anastasis.lu} or by sending elect
mail to <@email{contact@@anastasis.lu}>.
@node anastasis-gtk 1,anastasis-httpd 1,anastasis-config 1,Man Pages
-@anchor{manpages/anastasis-gtk 1 doc}@anchor{99}@anchor{manpages/anastasis-gtk
1 anastasis-gtk-1}@anchor{9a}
+@anchor{manpages/anastasis-gtk 1 doc}@anchor{9c}@anchor{manpages/anastasis-gtk
1 anastasis-gtk-1}@anchor{9d}
@subsection anastasis-gtk(1)
@@ -5074,7 +5123,7 @@ mail to <@email{contact@@anastasis.lu}>.
@end menu
@node Synopsis<2>,Description<2>,,anastasis-gtk 1
-@anchor{manpages/anastasis-gtk 1 synopsis}@anchor{9b}
+@anchor{manpages/anastasis-gtk 1 synopsis}@anchor{9e}
@subsubsection Synopsis
@@ -5086,7 +5135,7 @@ mail to <@email{contact@@anastasis.lu}>.
[@strong{-v} | @strong{––version}]
@node Description<2>,See Also<2>,Synopsis<2>,anastasis-gtk 1
-@anchor{manpages/anastasis-gtk 1 description}@anchor{9c}
+@anchor{manpages/anastasis-gtk 1 description}@anchor{9f}
@subsubsection Description
@@ -5119,14 +5168,14 @@ Print version information.
@end table
@node See Also<2>,Bugs<2>,Description<2>,anastasis-gtk 1
-@anchor{manpages/anastasis-gtk 1 see-also}@anchor{9d}
+@anchor{manpages/anastasis-gtk 1 see-also}@anchor{a0}
@subsubsection See Also
anastasis-reducer(1), anastasis-httpd(1), anastasis.conf(5).
@node Bugs<2>,,See Also<2>,anastasis-gtk 1
-@anchor{manpages/anastasis-gtk 1 bugs}@anchor{9e}
+@anchor{manpages/anastasis-gtk 1 bugs}@anchor{a1}
@subsubsection Bugs
@@ -5134,7 +5183,7 @@ Report bugs by using
@indicateurl{https://bugs.anastasis.lu/} or by sending elec
mail to <@email{contact@@anastasis.lu}>.
@node anastasis-httpd 1,anastasis-reducer 1,anastasis-gtk 1,Man Pages
-@anchor{manpages/anastasis-httpd 1
doc}@anchor{9f}@anchor{manpages/anastasis-httpd 1 anastasis-httpd-1}@anchor{a0}
+@anchor{manpages/anastasis-httpd 1
doc}@anchor{a2}@anchor{manpages/anastasis-httpd 1 anastasis-httpd-1}@anchor{a3}
@subsection anastasis-httpd(1)
@@ -5149,14 +5198,14 @@ mail to <@email{contact@@anastasis.lu}>.
@end menu
@node Synopsis<3>,Description<3>,,anastasis-httpd 1
-@anchor{manpages/anastasis-httpd 1 synopsis}@anchor{a1}
+@anchor{manpages/anastasis-httpd 1 synopsis}@anchor{a4}
@subsubsection Synopsis
@strong{anastasis-httpd}
@node Description<3>,Signals,Synopsis<3>,anastasis-httpd 1
-@anchor{manpages/anastasis-httpd 1 description}@anchor{a2}
+@anchor{manpages/anastasis-httpd 1 description}@anchor{a5}
@subsubsection Description
@@ -5188,7 +5237,7 @@ Print version information.
@end table
@node Signals,See also,Description<3>,anastasis-httpd 1
-@anchor{manpages/anastasis-httpd 1 signals}@anchor{a3}
+@anchor{manpages/anastasis-httpd 1 signals}@anchor{a6}
@subsubsection Signals
@@ -5203,14 +5252,14 @@ Sending a SIGTERM to the process will cause it to
shutdown cleanly.
@end table
@node See also,Bugs<3>,Signals,anastasis-httpd 1
-@anchor{manpages/anastasis-httpd 1 see-also}@anchor{a4}
+@anchor{manpages/anastasis-httpd 1 see-also}@anchor{a7}
@subsubsection See also
anastasis-dbinit(1), anastasis-config(1), anastasis-gtk(1),
anastasis-reducer(1)
@node Bugs<3>,,See also,anastasis-httpd 1
-@anchor{manpages/anastasis-httpd 1 bugs}@anchor{a5}
+@anchor{manpages/anastasis-httpd 1 bugs}@anchor{a8}
@subsubsection Bugs
@@ -5218,7 +5267,7 @@ Report bugs by using
@indicateurl{https://bugs.anastasis.lu} or by sending
electronic mail to <@email{contact@@anastasis.lu}>.
@node anastasis-reducer 1,anastasis conf 5,anastasis-httpd 1,Man Pages
-@anchor{manpages/anastasis-reducer 1
doc}@anchor{a6}@anchor{manpages/anastasis-reducer 1
anastasis-reducer-1}@anchor{a7}
+@anchor{manpages/anastasis-reducer 1
doc}@anchor{a9}@anchor{manpages/anastasis-reducer 1
anastasis-reducer-1}@anchor{aa}
@subsection anastasis-reducer(1)
@@ -5232,7 +5281,7 @@ electronic mail to <@email{contact@@anastasis.lu}>.
@end menu
@node Synopsis<4>,Description<4>,,anastasis-reducer 1
-@anchor{manpages/anastasis-reducer 1 synopsis}@anchor{a8}
+@anchor{manpages/anastasis-reducer 1 synopsis}@anchor{ab}
@subsubsection Synopsis
@@ -5247,7 +5296,7 @@ electronic mail to <@email{contact@@anastasis.lu}>.
[@strong{-v} | @strong{––version}] COMMAND
@node Description<4>,See Also<3>,Synopsis<4>,anastasis-reducer 1
-@anchor{manpages/anastasis-reducer 1 description}@anchor{a9}
+@anchor{manpages/anastasis-reducer 1 description}@anchor{ac}
@subsubsection Description
@@ -5257,7 +5306,7 @@ The reducer will read the current state from standard
input and
write the resulting state to standard output. A COMMAND must
be given on the command line. The arguments (if any) are to
be given in JSON format to the @strong{-a} option. A list of
-commands can be found in the @ref{55,,Reducer API}
+commands can be found in the @ref{58,,Reducer API}
chapter.
@@ -5298,14 +5347,14 @@ Print version information.
@end table
@node See Also<3>,Bugs<4>,Description<4>,anastasis-reducer 1
-@anchor{manpages/anastasis-reducer 1 see-also}@anchor{aa}
+@anchor{manpages/anastasis-reducer 1 see-also}@anchor{ad}
@subsubsection See Also
anastasis-gtk(1), anastasis-httpd(1), anastasis.conf(5).
@node Bugs<4>,,See Also<3>,anastasis-reducer 1
-@anchor{manpages/anastasis-reducer 1 bugs}@anchor{ab}
+@anchor{manpages/anastasis-reducer 1 bugs}@anchor{ae}
@subsubsection Bugs
@@ -5313,7 +5362,7 @@ Report bugs by using
@indicateurl{https://bugs.anastasis.lu/} or by sending elec
mail to <@email{contact@@anastasis.lu}>.
@node anastasis conf 5,,anastasis-reducer 1,Man Pages
-@anchor{manpages/anastasis conf 5 doc}@anchor{ac}@anchor{manpages/anastasis
conf 5 anastasis-conf-5}@anchor{ad}
+@anchor{manpages/anastasis conf 5 doc}@anchor{af}@anchor{manpages/anastasis
conf 5 anastasis-conf-5}@anchor{b0}
@subsection anastasis.conf(5)
@@ -5326,7 +5375,7 @@ mail to <@email{contact@@anastasis.lu}>.
@end menu
@node Description<5>,SEE ALSO,,anastasis conf 5
-@anchor{manpages/anastasis conf 5 description}@anchor{ae}
+@anchor{manpages/anastasis conf 5 description}@anchor{b1}
@subsubsection Description
@@ -5380,7 +5429,7 @@ include the entirety of @code{sub.conf} at that point in
@code{main.conf}.
@end menu
@node GLOBAL OPTIONS,Authorization options,,Description<5>
-@anchor{manpages/anastasis conf 5 global-options}@anchor{af}
+@anchor{manpages/anastasis conf 5 global-options}@anchor{b2}
@subsubsection GLOBAL OPTIONS
@@ -5430,7 +5479,7 @@ TCP port on which the HTTP service should listen on.
@end table
@node Authorization options,Postgres database configuration,GLOBAL
OPTIONS,Description<5>
-@anchor{manpages/anastasis conf 5 authorization-options}@anchor{b0}
+@anchor{manpages/anastasis conf 5 authorization-options}@anchor{b3}
@subsubsection Authorization options
@@ -5456,7 +5505,7 @@ Helper command to run (only relevant for some plugins).
@end table
@node Postgres database configuration,,Authorization options,Description<5>
-@anchor{manpages/anastasis conf 5 postgres-database-configuration}@anchor{b1}
+@anchor{manpages/anastasis conf 5 postgres-database-configuration}@anchor{b4}
@subsubsection Postgres database configuration
@@ -5474,14 +5523,14 @@ should use, i.e. @code{postgres://anastasis}.
@end table
@node SEE ALSO,BUGS,Description<5>,anastasis conf 5
-@anchor{manpages/anastasis conf 5 see-also}@anchor{b2}
+@anchor{manpages/anastasis conf 5 see-also}@anchor{b5}
@subsubsection SEE ALSO
anastasis-httpd(1), anastasis-config(1)
@node BUGS,,SEE ALSO,anastasis conf 5
-@anchor{manpages/anastasis conf 5 bugs}@anchor{b3}
+@anchor{manpages/anastasis conf 5 bugs}@anchor{b6}
@subsubsection BUGS
@@ -5489,12 +5538,12 @@ Report bugs by using
@indicateurl{https://bugs.anastasis.lu/} or by sending elec
mail to <@email{contact@@anastasis.lu}>.
@node Complete Index,GNU Free Documentation License,Man Pages,Documentation
Overview
-@anchor{genindex doc}@anchor{b4}@anchor{genindex complete-index}@anchor{b5}
+@anchor{genindex doc}@anchor{b7}@anchor{genindex complete-index}@anchor{b8}
@section Complete Index
@node GNU Free Documentation License,,Complete Index,Documentation Overview
-@anchor{fdl-1 3 doc}@anchor{b6}@anchor{fdl-1 3
gnu-fdl-1-3}@anchor{b7}@anchor{fdl-1 3
gnu-free-documentation-license}@anchor{b8}
+@anchor{fdl-1 3 doc}@anchor{b9}@anchor{fdl-1 3
gnu-fdl-1-3}@anchor{ba}@anchor{fdl-1 3
gnu-free-documentation-license}@anchor{bb}
@section GNU Free Documentation License
@@ -5524,7 +5573,7 @@ license document, but changing it is not allowed.
@end menu
@node 0 PREAMBLE,1 APPLICABILITY AND DEFINITIONS,,GNU Free Documentation
License
-@anchor{fdl-1 3 preamble}@anchor{b9}
+@anchor{fdl-1 3 preamble}@anchor{bc}
@subsection 0. PREAMBLE
@@ -5550,7 +5599,7 @@ published as a printed book. We recommend this License
principally for
works whose purpose is instruction or reference.
@node 1 APPLICABILITY AND DEFINITIONS,2 VERBATIM COPYING,0 PREAMBLE,GNU Free
Documentation License
-@anchor{fdl-1 3 applicability-and-definitions}@anchor{ba}
+@anchor{fdl-1 3 applicability-and-definitions}@anchor{bd}
@subsection 1. APPLICABILITY AND DEFINITIONS
@@ -5640,7 +5689,7 @@ these Warranty Disclaimers may have is void and has no
effect on the
meaning of this License.
@node 2 VERBATIM COPYING,3 COPYING IN QUANTITY,1 APPLICABILITY AND
DEFINITIONS,GNU Free Documentation License
-@anchor{fdl-1 3 verbatim-copying}@anchor{bb}
+@anchor{fdl-1 3 verbatim-copying}@anchor{be}
@subsection 2. VERBATIM COPYING
@@ -5658,7 +5707,7 @@ You may also lend copies, under the same conditions
stated above, and
you may publicly display copies.
@node 3 COPYING IN QUANTITY,4 MODIFICATIONS,2 VERBATIM COPYING,GNU Free
Documentation License
-@anchor{fdl-1 3 copying-in-quantity}@anchor{bc}
+@anchor{fdl-1 3 copying-in-quantity}@anchor{bf}
@subsection 3. COPYING IN QUANTITY
@@ -5698,7 +5747,7 @@ Document well before redistributing any large number of
copies, to give
them a chance to provide you with an updated version of the Document.
@node 4 MODIFICATIONS,5 COMBINING DOCUMENTS,3 COPYING IN QUANTITY,GNU Free
Documentation License
-@anchor{fdl-1 3 modifications}@anchor{bd}
+@anchor{fdl-1 3 modifications}@anchor{c0}
@subsection 4. MODIFICATIONS
@@ -5834,7 +5883,7 @@ give permission to use their names for publicity for or
to assert or
imply endorsement of any Modified Version.
@node 5 COMBINING DOCUMENTS,6 COLLECTIONS OF DOCUMENTS,4 MODIFICATIONS,GNU
Free Documentation License
-@anchor{fdl-1 3 combining-documents}@anchor{be}
+@anchor{fdl-1 3 combining-documents}@anchor{c1}
@subsection 5. COMBINING DOCUMENTS
@@ -5861,7 +5910,7 @@ sections Entitled “Dedications”. You must delete all
sections Entitled
“Endorsements”.
@node 6 COLLECTIONS OF DOCUMENTS,7 AGGREGATION WITH INDEPENDENT WORKS,5
COMBINING DOCUMENTS,GNU Free Documentation License
-@anchor{fdl-1 3 collections-of-documents}@anchor{bf}
+@anchor{fdl-1 3 collections-of-documents}@anchor{c2}
@subsection 6. COLLECTIONS OF DOCUMENTS
@@ -5877,7 +5926,7 @@ License into the extracted document, and follow this
License in all
other respects regarding verbatim copying of that document.
@node 7 AGGREGATION WITH INDEPENDENT WORKS,8 TRANSLATION,6 COLLECTIONS OF
DOCUMENTS,GNU Free Documentation License
-@anchor{fdl-1 3 aggregation-with-independent-works}@anchor{c0}
+@anchor{fdl-1 3 aggregation-with-independent-works}@anchor{c3}
@subsection 7. AGGREGATION WITH INDEPENDENT WORKS
@@ -5898,7 +5947,7 @@ equivalent of covers if the Document is in electronic
form. Otherwise
they must appear on printed covers that bracket the whole aggregate.
@node 8 TRANSLATION,9 TERMINATION,7 AGGREGATION WITH INDEPENDENT WORKS,GNU
Free Documentation License
-@anchor{fdl-1 3 translation}@anchor{c1}
+@anchor{fdl-1 3 translation}@anchor{c4}
@subsection 8. TRANSLATION
@@ -5920,7 +5969,7 @@ If a section in the Document is Entitled
“Acknowledgements”,
Title (section 1) will typically require changing the actual title.
@node 9 TERMINATION,10 FUTURE REVISIONS OF THIS LICENSE,8 TRANSLATION,GNU Free
Documentation License
-@anchor{fdl-1 3 termination}@anchor{c2}
+@anchor{fdl-1 3 termination}@anchor{c5}
@subsection 9. TERMINATION
@@ -5950,7 +5999,7 @@ reinstated, receipt of a copy of some or all of the same
material does
not give you any rights to use it.
@node 10 FUTURE REVISIONS OF THIS LICENSE,11 RELICENSING,9 TERMINATION,GNU
Free Documentation License
-@anchor{fdl-1 3 future-revisions-of-this-license}@anchor{c3}
+@anchor{fdl-1 3 future-revisions-of-this-license}@anchor{c6}
@subsection 10. FUTURE REVISIONS OF THIS LICENSE
@@ -5972,7 +6021,7 @@ used, that proxy’s public statement of acceptance of a
version
permanently authorizes you to choose that version for the Document.
@node 11 RELICENSING,ADDENDUM How to use this License for your documents,10
FUTURE REVISIONS OF THIS LICENSE,GNU Free Documentation License
-@anchor{fdl-1 3 relicensing}@anchor{c4}
+@anchor{fdl-1 3 relicensing}@anchor{c7}
@subsection 11. RELICENSING
@@ -6003,7 +6052,7 @@ under CC-BY-SA on the same site at any time before August
1, 2009,
provided the MMC is eligible for relicensing.
@node ADDENDUM How to use this License for your documents,,11 RELICENSING,GNU
Free Documentation License
-@anchor{fdl-1 3 addendum-how-to-use-this-license-for-your-documents}@anchor{c5}
+@anchor{fdl-1 3 addendum-how-to-use-this-license-for-your-documents}@anchor{c8}
@subsection ADDENDUM: How to use this License for your documents
@@ -6037,8 +6086,8 @@ If your document contains nontrivial examples of program
code, we
recommend releasing these examples in parallel under your choice of free
software license, such as the GNU General Public License, to permit
their use in free software.
+@anchor{29}@w{ }
@anchor{rest tsref-type-ErrorDetail}@w{ }
-@anchor{26}@w{ }
@c %**end of body
@bye
diff --git a/doc/sphinx/index.rst b/doc/sphinx/index.rst
index 52edd89..8c19ebc 100644
--- a/doc/sphinx/index.rst
+++ b/doc/sphinx/index.rst
@@ -18,7 +18,34 @@
Anastasis Documentation
=======================
-The system will be based on free software and open protocols.
+Anastasis is Free Software protocol and implementation that allows
+users to securely deposit **core secrets** with an open set of escrow
+providers and to recover these secrets if their original copies are
+lost.
+
+Anastasis is intended for users that want to make backups of key
+material, such as OpenPGP encryption keys, hard disk encryption keys
+or master keys of electronic wallets. Anastasis is NOT intended to
+store large amounts of secret data, it is only designed to safeguard
+key material.
+
+Anastasis solves the issue of keeping key material both available
+to the authorized user(s), and confidential from anyone else.
+
+With Anastasis, the **core secrets** are protected from the Anastasis
+escrow providers by encrypting each with a **master key**. The
+**master key** can be split and distributed across the escrow
+providers to ensure that no single escrow provider can recover the
+**master key** on its own. Which subset(s) of Anastasis providers
+must be contacted to recover a **master key** is freely configurable.
+
+With Anastasis, users can reliably recover their **core secret**,
+while Anastasis makes this difficult for everyone else. This is even
+true if the user is unable to reliably remember any secret with
+sufficiently high entropy: Anastasis does not simply reduce the
+problem to encrypting the **core secret** using some other key
+material in possession of the user.
+
Documentation Overview
diff --git a/doc/sphinx/introduction.rst b/doc/sphinx/introduction.rst
index c3ae234..bfff83a 100644
--- a/doc/sphinx/introduction.rst
+++ b/doc/sphinx/introduction.rst
@@ -21,14 +21,13 @@
Introduction
============
-Anastasis is a service that allows the user to securely deposit a
-**core secret** with an open set of escrow providers and recover it if the
secret is
-lost. The **core secret** itself is protected from the escrow providers by
-encrypting it with a **master key**. The main objective of Anastasis is to
-ensure that the user can reliably recover the **core secret**, while making
-this difficult for everyone else. Furthermore, it is assumed that the user is
-unable to reliably remember any secret with sufficiently high entropy, so we
-cannot simply encrypt using some other key material in possession of the user.
+To understand how Anastasis works, you need to understand three key
+concepts: user identifiers, our adversary model and the role of the
+recovery document.
+
+
+User Identifiers
+----------------
To uniquely identify users, an "unforgettable" **identifier** is used. This
identifier should be difficult to guess for anybody but the user. However, the
@@ -37,6 +36,10 @@ cryptographically secure. Examples for such identifier would
be a
concatenation of the full name of the user and their social security or
passport number(s). For Swiss citizens, the AHV number could also be used.
+
+Adversary models
+----------------
+
The adversary model of Anastasis has two types of adversaries: weak
adversaries which do not know the user's **identifier**, and strong
adversaries which somehow do know a user's **identifier**. For weak
@@ -47,6 +50,10 @@ escrow providers must have colluded. The user is able to
specify a set of
collude to break confidentiality. These policies also set the bar for the user
to recover their core secret.
+
+The recovery document
+---------------------
+
A **recovery document** includes all of the information a user needs to
recover access to their core secret. It specifies a set of **escrow
methods**, which specify how the user should convince the Anastasis server
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: clean up intro,
gnunet <=