

Introducing Virtual Notary - emin_gun_sirer
http://hackingdistributed.com/2013/06/20/virtual-notary-intro/

======
latitude
Here's an autopsy of my foray into this domain -
[http://swapped.cc/certtime](http://swapped.cc/certtime)

My takeaway is that this is a variation of an insurance business - you have to
sell people on needing protection for times when sh#t hits the fan. It's an
unpleasant topic and very few would ever want to concern themselves with it,
at least voluntarily. So making something like VirtualNotary work is pretty
much exclusively a sales and distribution problem. The technical side is easy.

~~~
emin_gun_sirer
Very interesting autopsy. But there are many uses for a virtual notary besides
those times when "sh#t hits the fan."

Open source distributions, for instance, are currently distributed along with
a hash, supposedly for protection, but we all know that those hashes are
essentially worthless. This is a way to get integrity protection for free.

Employment status is another case where an independent certificate that you
were employed at that instant would be valuable for the recipient.

Raffles and so forth are entirely untrustworthy at the moment; participants
need to trust the reputation of the raffle holder, and while there are some
laws, they are just not enforced.

In all these cases, VN can provide a useful service far before anything hits
the fan. CertTime looks like it was a great attempt at a very specific
instance of the problem. Virtual Notary is attempting to tackle a more general
version of the attestation problem, so I'm hoping that there are more savvy
users to draw on.

We've been running the service for many months now, and it costs 0.005 BTC per
day, which is a small price to pay for a useful service. Just curious about
what caused you to shut the service down.

------
mwcampbell
Any plans to open-source the implementation (minus secret keys and other
sensitive credentials, of course), so others can set up their own virtual
notaries, to defend against a single point of failure?

~~~
emin_gun_sirer
Yes, quite possibly, if there is sufficient interest.

------
organicdeadbeef
Interesting idea! Any chance of integration with git/GitHub to attest to
things like tags?

~~~
emin_gun_sirer
A git factoid plugin is a great idea. What exactly is the attestation that you
have in mind? You provide the name of a repo plus a tag, and the VN issues a
certificate of the hash?

~~~
organicdeadbeef
Something along those lines. The Linux kernel maintainers do a great job
tagging releases and ensuring that they are signed appropriately. Others are
less careful, and it'd be useful to know that the content you saw tagged as
0.5.9 a month ago is the same as what you see today. Git allows you to check
this, but only if you keep your repository around.

I can see uses extending beyond tags, where people wish to claim that code
existed at a particular point in time. It's possible to fake the git metadata
and push the faked commit. If your notary can say that a particular commit was
public, you raise the bar from changing the system clock to inventing time
travel (or hacking the notary, whichever is your cup of tea).

~~~
emin_gun_sirer
Great idea. We'll add this to the to-do list.

