Secure document Exchange #274
Replies: 5 comments
-
I'm not sure I understand the ask here: Where does OQS come into the picture here? You said
doesn't sound like you're using OQS anywhere as OQS only makes publicly documented algorithms available.
What is "your process"? Is it open(ly documented) or proprietary? Did you chose its license or not?
Sounds like no-one (else) but you has this (process documentation): Am I right understanding it that way? I'm afraid if that's the case, this is not the right venue to discuss this: We only document/discuss/implement/publish code and procedures that are totally open and non-proprietary. Kind of implied in the first letter of our project name :-) |
Beta Was this translation helpful? Give feedback.
-
|
Thankyou for replying. Yes...I understand your position and implications of the project. My Python project is not proprietary in the sense that it utilizes the http and https open source Apache stack and MySQL queries chained together like an messaging application. Anyone who understands web programming, SSL/TLS could do the same. That is given and not the point of my thread. It could also be PHP cURL endpoints that need arguments and decryption on 'intra' or 'internet' topologies.
My real question is how to use the OQS in the communication process, unless this project is purely 'data at rest'?. I understand its an MIT license, and I would like to use it in my application as such. If OQS is quantum safe, then does it not have practical implications for usage and users who need security? I would think so...even if it is a 'pure' research project from a scientific perspective. So, 'how to use it' should be appropriate as a point of topic also.
Consider this question? OQS must have an interface in its code to accept an argument such as a 'text string' or any 'data' even a jpeg for instance which can then be URL encoded appropriately for the wire, and then subsequently decoded. Thus the questions are not about my 'process' but about OQS itself. So I think this curiosity is very appropriate. Have you built an 'automobile' without an engine?
I am a retired Boeing Engineer and self-taught programmer for over 20 years. I'm very curious about encryption and have studied it for over 5 years. I'm not a great mathematician, but I'm not ignorant of the science altogether either.
James Miller
(425) 471-8101
www.electionhope.com (http://www.electionhope.com)
www.os3.org (http://www.os3.org)
"If the mind is blind, the eye cannot see"
On 2024-05-12 21:55, Michael Baentsch ***@***.***> wrote:
>
> I would like to use the open source Quantum safe 'exe'
>
I'm not sure I understand the ask here: Where does OQS come into the picture here? You said
>
> a python app for the exchange of secure documents using a proprietary Quantum safe set of algorithms
>
doesn't sound like you're using OQS anywhere as OQS only makes publicly documented algorithms available.
>
> I would like to use my process but with an open MIT license.
>
What is "your process"? Is it open(ly documented) or proprietary? Did you chose its license or not?
>
> I have total proof of concept of the process
>
Sounds like no-one (else) but you has this (process documentation): Am I right understanding it that way? I'm afraid if that's the case, this is not the right venue to discuss this: We only document/discuss/implement/publish code and procedures that are totally open and non-proprietary. Kind of implied in the first letter of our project name :-)
—
Reply to this email directly, view it on GitHub (#274 (comment)), or unsubscribe (https://github.com/notifications/unsubscribe-auth/A6FBNH4LQZAOVTNM4KBW34LZCBBSBAVCNFSM6AAAAABHTGKZI6VHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4TIMJTHA4TI).
You are receiving this because you authored the thread.Message ID: ***@***.***>
… |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the additional background. This question captures the jist then, if I'm not mistaken:
Yes, there is an application (the "car" in your picture) that allows you to do all this and this is (for example) openssl. To stay in your picture, I'd consider OQS as comprising different piece parts:
Well, there are examples for that. Boeing for one seems like a company doing jets without engines (well, mounting them at the end, but not developing nor manufacturing them, if I'm not mistaken). And it actually is a great example of a product that can work without engine (if airborne -- on the ground, it's a bit useless without engine, admittedly :-) |
Beta Was this translation helpful? Give feedback.
-
|
https://aqedtech.com/. Have you heard of this company and the research performed by math professor Dr. Al Carlson. I did the proof of concept for this application and the database work also to connect users. https://www.mysqif.com/. I did have a license to use their product, but the person with whom I did the proof of concept claims that I was under a perpetual license agreement which is nonsense, but I decided to walk away from the group. They have serious flaws in their process, but who has the talent and experience to tell the public and deal with lawyers.
Nevertheless, OQD should be able to be applied in a non-proprietary way under MIT and be more useful to everyone, while being secure in a private domain as a one time pad. This can be applied to the 'internet' also but with more difficulty. The key issue is 'key generation' in a safe manner on the 'local machine' such as RSA Diffien-Hellman, but with better performance as the numbers get larger. The 'poly_crypt' generation has to be so fast that it cannot be meaningfully captured and repeated in the process, and then utilized to minimize the necessity for ever larger numbers...even in an OQD type environment.
This process must also be able to be performed on local machines with the assumption that they are themselves secure. This is why my interest is mainly in the business environment in a secure domain. I can then setup one time pad connections easily for almost any type of documentation. Also, business or military personnel can be trained to follow rules while the general public cannot. Cheers.
James Miller
(425) 471-8101
www.electionhope.com (http://www.electionhope.com)
www.os3.org (http://www.os3.org)
"If the mind is blind, the eye cannot see"
On 2024-05-12 21:55, Michael Baentsch ***@***.***> wrote:
>
> I would like to use the open source Quantum safe 'exe'
>
I'm not sure I understand the ask here: Where does OQS come into the picture here? You said
>
> a python app for the exchange of secure documents using a proprietary Quantum safe set of algorithms
>
doesn't sound like you're using OQS anywhere as OQS only makes publicly documented algorithms available.
>
> I would like to use my process but with an open MIT license.
>
What is "your process"? Is it open(ly documented) or proprietary? Did you chose its license or not?
>
> I have total proof of concept of the process
>
Sounds like no-one (else) but you has this (process documentation): Am I right understanding it that way? I'm afraid if that's the case, this is not the right venue to discuss this: We only document/discuss/implement/publish code and procedures that are totally open and non-proprietary. Kind of implied in the first letter of our project name :-)
—
Reply to this email directly, view it on GitHub (#274 (comment)), or unsubscribe (https://github.com/notifications/unsubscribe-auth/A6FBNH4LQZAOVTNM4KBW34LZCBBSBAVCNFSM6AAAAABHTGKZI6VHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4TIMJTHA4TI).
You are receiving this because you authored the thread.Message ID: ***@***.***>
… |
Beta Was this translation helpful? Give feedback.
-
|
That is good information. Also, at no time do I presume to be sarcastic or disrespectful. Engineering curiosity by nature has to be blunt and plainly spoken, or people are injured, sometimes tragically. My experience has been that pride is none of our major flaws as humans.
"Data can be passed via stdin/stdout as usual. This allows test usage of QUIC using simple TCP/TLS-like usage".
This is for my part, what I seek to understand as I read through the reference materials. This quote is from the GitHub OpenSSL repository. What I seek is a library that performs encryption on a 'local machine' efficiently so that 'privacy' is localized and under the responsibility of the user, where 'public-keys' are created locally and then distributed 'by choice' of the user as in RSA/Diffie-Hellman as an example...potentially 'hybrid' combinations. Also, the process must provide for 'discovery' of the public key by a 'group' of users who've obviously made themselves available in some manner (on a server) and are 'listening' for a data exchange that is 'time independent' like email. Also, at no time can the private key leave the local machine or domain server. This quickly becomes a huge combinatorial issue in the database. Authentications become a big issue also, which can be resolved with UUID from local machines or servers in private domains. I've already worked most of this out.
Understanding the stdin/stdout interfaces with OQD is of major interest to me. I hope we can continue the discussion. The world needs this globally ASAP.
As a sub-topic, I'm concerned about the security of data and AI LLM processes. I'm designing a process for fine-tuning LLM datasets as a standalone privately contained topology for registered users. Actually, I'm working to do this for a non-profit. One of my concerns is the privacy of the dataset but also of the 'prompt/response' data stream within that domain, and particularly for the public users. SSL/TLS is not sufficient for the security of this process at all.
James Miller
(425) 471-8101
www.electionhope.com (http://www.electionhope.com)
www.os3.org (http://www.os3.org)
"If the mind is blind, the eye cannot see"
On 2024-05-13 05:28, Michael Baentsch ***@***.***> wrote:
Thanks for the additional background. This question captures the jist then, if I'm not mistaken:
>
> OQS must have an interface in its code to accept an argument such as a 'text string' or any 'data' even a jpeg for instance which can then be URL encoded appropriately for the wire, and then subsequently decoded. Thus the questions are not about my 'process' but about OQS itself. So I think this curiosity is very appropriate.
>
Yes, there is an application (the "car" in your picture) that allows you to do all this and this is (for example) openssl (https://github.com/openssl/openssl). To stay in your picture, I'd consider OQS as comprising different piece parts: liboqs may be considered the drive train; the various PQ crypto algorithms as different engines. But the end user app provides all mechanisms to handle different files, so that's the application I'd look at if I were you. The "gear box" allowing you to use openssl is oqs-provider (https://github.com/open-quantum-safe/oqs-provider) and any of its integrations in oqs-demos (https://github.com/open-quantum-safe/oqs-demos) (those I would call trucks :-)
>
> Have you built an 'automobile' without an engine?
>
Well, there are examples for that. Boeing for one seems like a company doing jets without engines (well, mounting them at the end, but not developing nor manufacturing them, if I'm not mistaken). And it actually is a great example of a product that can work without engine (if airborne -- on the ground, it's a bit useless without engine, admittedly :-)
—
Reply to this email directly, view it on GitHub (#274 (comment)), or unsubscribe (https://github.com/notifications/unsubscribe-auth/A6FBNH6JUKZWFGN35ICQFT3ZCCWV7AVCNFSM6AAAAABHTGKZI6VHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4TIMJZGM3DA).
You are receiving this because you authored the thread.Message ID: ***@***.***>
… |
Beta Was this translation helpful? Give feedback.
-
I have developed a python app for the exchange of secure documents using a proprietary Quantum safe set of algorithms written in C that are exposed as .exe files. Calling them using 'pipes' gives me a safe public-key to load into a database for users and a private-key on a local machine. No man in the middle. The private-key is never exposed in the db. However, the proprietary software is not available to me for license.. I would like to use the open source Quantum safe 'exe' in the same manner as an MIT license. Is this even possible. I have total proof of concept of the process, and its actually in production by a company...who was given the license, even though I developed the actual process...sad but true. I would like to use my process but with an open MIT license. Is there any help available to discuss this? It totally works quite well. Thank you.
Beta Was this translation helpful? Give feedback.
All reactions