diff --git a/notes-from-lance.txt b/notes-from-lance.txt deleted file mode 100644 index ba88822..0000000 --- a/notes-from-lance.txt +++ /dev/null @@ -1,92 +0,0 @@ -# Distrust meet 2025-01-13 - -1. choose location - a. random location - b. if shipped, neutral location, picked up by both - -* barrel jacks are more secure - -Level 0 - * key import from unknown trust level - * key export to unknown trust level - * use any tools you want -level 1 - * icepick level 1 - * sealing or vault - * self custody (by design) - * trust single person - * portable ceremonies are this level - * doesn't matter where they do it, a single individual is trusted - * they use tamper evidence because they don't trust others - * level 2 assumes witnesses - -- [ ] move paragraph above procedures in provisioner/index -- [ ] add more steps to the docs to make it more explicit -- [ ] gotta fix the mnemonic word - ---- - -break out the requirements for bootstrapping into separate prep doc -o - -* assume every ceremony will be done by different people - -* you need to be able to do this ceremony to pass - * if u wanna be a multi party operator you need to have a personal computer - - -* personal operator key provisioning -* provisioning computer - -* provisioner should just buy a laptop and tamper proof it - * operators should be gutting laptops - -* num of laptops - * redundant primary laptop - * redundant operator laptops - * spare bundles for ceremonies - -* all levels need hardware procurement - -* commit inventory to a repo, ceremonies repo is fine, -it can be a text file - -## procurer - -* obtain numbers of needed items, quantity of each item -* tamper proof all hardware, sd cards, laptops, etc. -* tamper proof booster pack of 5 sd cards - -- [ ] specner you can go and do these cermonies right now - -operator - * gets equipment from ceremony inventory - -* get both Spencer and Herve to use a laptop from inventory with airgapos to set up their pgp keys - -* provisioned hardware (that's what provisioners do) can write label on bundles - - * operator kits - * ceremony kits - -* safes and vaults - * everything labelled - * didn't use tamper evident bags because they had big vaults - -* CSA tamper evident safes - -* Spencer tries first, then gets Herve to do it once it's smooth - -* could write some data layer stuff in rust - -- [ ] track down bug for keyfork mnemonic - -* use docs as a way to decide what features to implement - * lighter use - * -- [ ] look ahead at other coins - * shell script to make tx - -- [ ] do level 0 doc - -- [ ] hide document components diff --git a/quorum-vault-system/src/SUMMARY.md b/quorum-vault-system/src/SUMMARY.md index f30887f..2949949 100644 --- a/quorum-vault-system/src/SUMMARY.md +++ b/quorum-vault-system/src/SUMMARY.md @@ -9,7 +9,7 @@ * [Glossary](glossary.md) * [Generated Documents]() * [All Levels]() - * [Create Ceremony Repository](generated-documents/all-levels/create-ceremonies-repository.md) + * [Create Vaults Repository](generated-documents/all-levels/create-vaults-repository.md) * [Personal PGP Key Provisioning](generated-documents/all-levels/pgp-key-provisioning.md) * [Level 2]() * [Fixed-Location]() diff --git a/quorum-vault-system/src/component-documents/ceremony-repository.md b/quorum-vault-system/src/component-documents/vaults-repository.md similarity index 83% rename from quorum-vault-system/src/component-documents/ceremony-repository.md rename to quorum-vault-system/src/component-documents/vaults-repository.md index 83689a9..6816c5f 100644 --- a/quorum-vault-system/src/component-documents/ceremony-repository.md +++ b/quorum-vault-system/src/component-documents/vaults-repository.md @@ -1,12 +1,14 @@ /* ANCHOR: all */ -# Ceremony Repository +# Vaults Repository // ANCHOR: content -This repository holds data pertaining to ceremonies. The primary data consists of: +This repository holds data pertaining to vaults. The primary data consists of: -* Transaction proposals +* Operation proposals -* Transaction approvals +* Operation approvals + +* Payloads * Trusted PGP keyring diff --git a/quorum-vault-system/src/generated-documents/all-levels/create-ceremonies-repository.md b/quorum-vault-system/src/generated-documents/all-levels/create-ceremonies-repository.md deleted file mode 100644 index 750bdd5..0000000 --- a/quorum-vault-system/src/generated-documents/all-levels/create-ceremonies-repository.md +++ /dev/null @@ -1,3 +0,0 @@ -# Create Ceremony Repository - -{{ #include ../../component-documents/ceremony-repository.md:content }} diff --git a/quorum-vault-system/src/generated-documents/all-levels/create-vaults-repository.md b/quorum-vault-system/src/generated-documents/all-levels/create-vaults-repository.md new file mode 100644 index 0000000..130e9e6 --- /dev/null +++ b/quorum-vault-system/src/generated-documents/all-levels/create-vaults-repository.md @@ -0,0 +1,3 @@ +# Create Ceremony Repository + +{{ #include ../../component-documents/vaults-repository.md:content }} diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/approver/approve-transaction.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/approver/approve-transaction.md index 9e9839a..0a15f32 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/approver/approve-transaction.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/approver/approve-transaction.md @@ -14,17 +14,17 @@ The approver is responsible for verifying a transaction proposed by a [proposer] * The approver should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object. - * The approver should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the "ceremonies" repo + * The approver should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the `vaults` repo * Ensure that the computer is configured to sign commits with the desired key. Refer to the [Appendix: Git Commit Signing Configuration](#git-commit-signing-configuration) -* Clone the [Ceremonies Repository](../provisioner/provision-ceremonies-repository.md) for your organization to the machine +* Clone the [Vaults Repository](../../../all-levels/create-vaults-repository.md) for your organization to the machine ## Procedure 1. Turn on online machine -1. Pull the latest changes from the `ceremonies` repository +1. Pull the latest changes from the `vaults` repository 1. Unseal the SD Card Pack @@ -32,7 +32,7 @@ The approver is responsible for verifying a transaction proposed by a [proposer] 1. Plug a fresh SD card into the online machine -1. Save the ceremonies repo to the SD card, referred to as the Ceremony SD card +1. Save the `vaults` repository to the SD card, referred to as the Ceremony SD card 1. Unplug the Ceremony SD card @@ -56,11 +56,11 @@ The approver is responsible for verifying a transaction proposed by a [proposer] 1. Copy the git repo locally from the Ceremony SD card - * `cp -r /media//ceremonies /root/ceremonies` + * `cp -r /media//vaults /root/vaults` -1. Change directory to ceremonies +1. Change directory to vaults - * `cd /root/ceremonies` + * `cd /root/vaults` 1. Verify the detached signature for the payload @@ -90,9 +90,9 @@ The approver is responsible for verifying a transaction proposed by a [proposer] 1. {{ #include ../../../../component-documents/finding-device-name.md:content }} -1. Copy the updated ceremonies repo to the SD card +1. Copy the updated vaults repo to the SD card - * `cp -r /root/ceremonies /media//ceremonies` + * `cp -r /root/vaults /media//vaults` 1. Unplug the SD card from the air-gapped machine @@ -102,11 +102,11 @@ The approver is responsible for verifying a transaction proposed by a [proposer] 1. Copy the updated repository locally: - * `cp -r /media//ceremonies ~/` + * `cp -r /media//vaults ~/` 1. Change into locally copied directory - * `cd ~/ceremonies` + * `cd ~/vaults` 1. Push the latest commit to the repository diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md index 0d74cd3..10ab8d2 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md @@ -24,7 +24,7 @@ 1. Write the ceremony repo data to the SD card: - `cp -r ceremonies/ /media//` + `cp -r vaults/ /media//` 1. Unplug the SD card diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/encrypt-wallet-to-namespace-key.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/encrypt-wallet-to-namespace-key.md index 443cae8..69f4eb3 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/encrypt-wallet-to-namespace-key.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/encrypt-wallet-to-namespace-key.md @@ -20,5 +20,5 @@ Procedure for importing an arbitrary secret (raw key, mnemonic, state secrets) i * `sq encrypt --for-file --output encrypted.asc` TODO: sq needs to be added to airgapOS -1. Once encrypted, name the file appropriately and add it to an `artifacts/` directory in the appropriate namespace subdirectory in the ceremonies repository +1. Once encrypted, name the file appropriately and add it to an `artifacts/` directory in the appropriate namespace subdirectory in the `vaults` repository diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md index 0177bda..30b18dd 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md @@ -62,7 +62,7 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor 1. Label the SD card "Shardfile [date] [namespace]" -1. Upload the newly generated artifacts into the ceremonies repository +1. Upload the newly generated artifacts into the `vaults` repository 1. Gather all the original items that were in the air-gapped bundle: diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md index db9d467..61edeaf 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md @@ -64,7 +64,7 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key 1. Label the SD card "Shardfile [date]" -1. Upload the newly generated artifacts into the ceremonies repository +1. Upload the newly generated artifacts into the `vaults` repository 1. Gather all the original items that were in the air-gapped bundle: diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md index afdc17a..4a6fe0e 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md @@ -28,7 +28,7 @@ The proposer must combine these values into a JSON file, such as: * The proposer should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object. - * The proposer should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the "ceremonies" repo + * The proposer should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the `vaults` repo * [Online Machine](TODO) @@ -56,9 +56,9 @@ The proposer must combine these values into a JSON file, such as: 1. {{ #include ../../../../component-documents/finding-device-name.md:content }} -1. Save the ceremonies repo to the SD card, referred to as the Ceremony SD card +1. Save the `vaults` repo to the SD card, referred to as the Ceremony SD card - * `cp -r ~/ceremonies/ /media//` + * `cp -r ~/vaults/ /media//` 1. Unplug the Ceremony SD card @@ -82,13 +82,13 @@ The proposer must combine these values into a JSON file, such as: 1. Copy the git repo locally from the Ceremony SD card - * `cp -r /media//ceremonies /root/ceremonies` + * `cp -r /media//vaults /root/vaults` -1. Change into the ceremonies directory: +1. Change into the vaults directory: - * `cd /root/ceremonies` + * `cd /root/vaults` -1. Create a new payloads directory in the `ceremonies` repository for the date on which the ceremony for the transaction will take place if it doesn't already exist +1. Create a new payloads directory in the `vaults` repository for the date on which the ceremony for the transaction will take place if it doesn't already exist * `mkdir -p /ceremonies//payloads` @@ -151,7 +151,7 @@ The proposer must combine these values into a JSON file, such as: 1. Copy the updated ceremonies repo to the SD card - * `cp -r /root/ceremonies /media//ceremonies` + * `cp -r /root/vaults /media//vaults` 1. Unplug the SD card from the air-gapped machine @@ -161,11 +161,11 @@ The proposer must combine these values into a JSON file, such as: 1. Copy the updated repository locally: - * `cp -r /media//ceremonies ~/` + * `cp -r /media//vaults ~/` 1. Change into locally copied directory - * `cd ~/ceremonies` + * `cd ~/vaults` 1. Push the latest commit to the repository diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/provisioner/index.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/provisioner/index.md index 3a83ef7..9c55f0f 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/provisioner/index.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/provisioner/index.md @@ -11,7 +11,6 @@ The provisioner is responsible for: ## Procedures * [Provision SD Card](./provision-sd-card.md) -* [Provision Ceremonies Repository](./provision-ceremonies-repository.md) * [Provision AirgapOS](./provision-airgapos.md) * [Provision Computer](./procure-computer.md) * Requires tamper proofing equipment to be available diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremonies-repository.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremonies-repository.md index e0f4681..4d5f1e9 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremonies-repository.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremonies-repository.md @@ -1,3 +1,3 @@ # Provision Ceremony Repository -{{ #include ../../../../component-documents/ceremony-repository.md:content }} +{{ #include ../../../../component-documents/vaults-repository.md:content }}