Wiki source code of Definitions
Version 1.1 by Zenna Elfen on 2025/11/23 23:14
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | == Definitions for Authentication and Access == | ||
| 2 | |||
| 3 | (% dir="ltr" id="auth_def" style="margin-right:auto" summary="Definitions for Authentication and Access" %) | ||
| 4 | |=Function|=What it means in P2P context | ||
| 5 | |**Permissions**|Define what actions a peer is allowed to perform (read, write, broadcast, modify state, etc.) | ||
| 6 | |**Delegation**|Allow a peer to grant some portion of its authority to another peer (e.g., "you can write to this dataset for 1 day") | ||
| 7 | |**Capabilities**|Tokens/objects that //embody// permissions and can be passed around securely | ||
| 8 | |**Revocation**|Ability to withdraw access (essential yet tricky, since there's no central admin) | ||
| 9 | |**Identity-agnostic control**|Often operations are authorized not by //who// you are but //what capabilities you possess// | ||
| 10 | |||
| 11 | |||
| 12 | |||
| 13 | == Definitions for Security and Encryption == | ||
| 14 | |||
| 15 | (% dir="ltr" id="sec_def" style="margin-right:auto" summary="Definitions for Security and Encryption" %) | ||
| 16 | |=Security Function|=Purpose|=Examples | ||
| 17 | |Transport Encryption|//P2P channel confidentiality//|//TLS, Noise// | ||
| 18 | |Message Encryption|//End-to-end secrecy, async//|//MLS, Olm/Megolm, DR// | ||
| 19 | |Identity & Trust|//Who’s who, key bootstrapping//|//DIDs, TOFU, Web-of-trust// | ||
| 20 | |Integrity|//Detect tampering//|//AEAD, Merkle DAGs// | ||
| 21 | |Key Lifecycle|//Rotation, revocation, recovery//|//X3DH, key transparency// | ||
| 22 | |Anonymity & Metadata Protection|//Hide who communicates with whom//|//Tor, mixnets// | ||
| 23 | |Anti-Abuse / Sybil Resistance|//Resist spam and capture//|//PoW, stake, identity proofs// | ||
| 24 | |Censorship Resistance|//Survive blocking, surveillance//|//pluggable transports, relays// | ||
| 25 | |Secure Storage|//Protect data at rest//|//hardware keystores, secret sharing// | ||
| 26 | |Integrated Overlays|//All of the above in one stack//|//Veilid, I2P, Nym// | ||
| 27 | |Confidentiality|//Only intended peers can read communication//|//TLS, DTLS, Noise Protocol Framework, AEAD (e.g., ChaCha20-Poly1305), MLS, Olm/Megolm, WireGuard, Veilid E2E channels// | ||
| 28 | |Integrity|//Messages can't be modified undetected//|//Digital signatures (Ed25519, BLS), MACs, Merkle DAGs (IPLD/IPFS), Hash chains, Signed Gossip, BPSec// | ||
| 29 | |Authentication|//Verify identity or cryptographic key ownership//|//Noise handshake patterns, TLS mutual auth, DIDs, Web-of-Trust (PGP), TOFU (SSH-style), libp2p PeerIDs, X3DH (Signal)// | ||
| 30 | |Forward Secrecy|//Compromising long-term keys does not reveal past messages//|//Double Ratchet, X3DH, MLS TreeKEM, Noise ephemeral handshakes, Olm (Matrix)// | ||
| 31 | |Metadata protection|//Hide sender, receiver, and communication patterns//|//Tor (Onion routing), Mixnets (Katzenpost / Nym), Dandelion++ (P2P routing privacy), Cover traffic schemes, Veilid routing obfuscation// | ||
| 32 | |Resilience|//Continue operating despite adversarial environments//|//Multipath routing (Tor bridges, libp2p relay), Censorship-resistant transports (Snowflake, Pluggable transports), DTN/BPSec, CRDT/replicated DHT storage (IPFS/Kademlia), Opportunistic mesh routing (Briar/Scuttlebutt), Veilid global overlay network// | ||
| 33 | |||
| 34 | |||
| 35 | |||
| 36 | |||
| 37 | |||
| 38 | |||
| 39 | |||
| 40 | |||
| 41 | |||
| 42 | |||
| 43 |