From eca1e5481d320a33dfada85a95f3b609cabfe3f6 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Mon, 27 Jan 2025 02:39:39 -0500 Subject: [PATCH] minor fixes --- .../fixed-location/operator/pgp-key-provisioning.md | 6 +++--- .../proposer/create-transaction-payload.md | 2 +- .../fixed-location/provisioner/air-gapped-bundle.md | 2 -- quorum-key-management/src/key-types.md | 4 ---- quorum-key-management/src/system-roles.md | 8 ++++++++ quorum-key-management/src/threat-model.md | 12 +++++------- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/pgp-key-provisioning.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/pgp-key-provisioning.md index b52ea6e..48ab15c 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/pgp-key-provisioning.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/pgp-key-provisioning.md @@ -1,4 +1,4 @@ -# PGP Key Provisioning +# Quorum PGP Key Provisioning ## Requirements @@ -16,9 +16,9 @@ * For each new key to be provisioned: - * 2 new smart cards + * 2+ new smart cards - * 2 new SD cards + * 2+ new SD cards ## Procedure diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md index cf384f7..e8b3add 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md @@ -26,7 +26,7 @@ The proposer must combine these values into a single message, which can be a sim ## Procedure -1. Define a new file `workflow_inputs_.json`, for example `workflow_inputs_1.json` +1. Define a new file `workflow_payload_.json`, for example `workflow_payload_1.json` 1. Create a new directory in the `ceremonies` repository for the date on which the ceremony for the transaction will take place if it doesn't already exist, for example `2024-01-01/` diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md index d3bd57b..fa4e67b 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md @@ -8,8 +8,6 @@ * Air-gapped computer -* Ceremony SD Card - ## Procedure {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}} diff --git a/quorum-key-management/src/key-types.md b/quorum-key-management/src/key-types.md index 51c9237..ed36e81 100644 --- a/quorum-key-management/src/key-types.md +++ b/quorum-key-management/src/key-types.md @@ -33,7 +33,3 @@ Only used in ceremonies for decrypting shardfile material. * MUST not be transferred in level 4 * MAY be transferred in levels 1-3 - -## Namespace Key - -- [ ] TODO define \ No newline at end of file diff --git a/quorum-key-management/src/system-roles.md b/quorum-key-management/src/system-roles.md index efaeed9..5d88c6d 100644 --- a/quorum-key-management/src/system-roles.md +++ b/quorum-key-management/src/system-roles.md @@ -14,6 +14,14 @@ Individuals who are selected for the roles: * MUST be reinvestigated once a year to ensure they meet necessary standards to access restricted information +## Provisioner + +Responsible for more technical aspects of preparing equipment for ceremonies such as creating air-gapped machines by removing radio cards, and tamper proofing them along with SD cards which are loaded with AirgapOS etc. + +## Procurer + +Responsible for tasks such as procuring a location, tamper proofing equipment, hardware, and maintaining inventory. + ## Proposer This is an individual who is a business owner or stakeholder, or a financial controller. Their role is to make fiduciary decisions which protect the financial interest of the organization and its clients. Their role is specifically to propose the movement of funds, specifying the amount, origin and destination. diff --git a/quorum-key-management/src/threat-model.md b/quorum-key-management/src/threat-model.md index f9456c6..f767148 100644 --- a/quorum-key-management/src/threat-model.md +++ b/quorum-key-management/src/threat-model.md @@ -26,19 +26,17 @@ of their security properties * Creating custom purpose specific tooling which eliminates dependencies in order to reduce supply chain attacks, and adds desirable security properties -* Using a fully bootstrapped and deterministically built compiler for building -all software that's used +* Building as much of the software and firmware deterministically as possible - aiming for 100% -* Building all of the software and firmware deterministically + * The [StageX](https://codeberg.org/stagex/stagex) project is the effort towards this end -* Using computers which either have a hard switch for disabling networking or -which had radio networking cards (bluetooth, wifi etc.) removed +* Using computers which either have a hard switch for disabling networking or which had radio networking cards (bluetooth, wifi etc.) removed * Leveraging smart cards (personal HSMs) to protect cryptographic material -* Leveraging sharding in order to physically separate cryptographic material +* Leveraging cryptographic sharding in order to decentralize risk and physically separate cryptographic material -* Leveraging tamper evident controls for components related to the system +* Leveraging tamper evident controls for equipment * Leveraging frequency blocking methods such as TEMPEST (Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions) and soundproofing