tlsnotary/website
1
0
Fork 0
mirror of https://github.com/tlsnotary/website.git synced 2026-01-08 21:48:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

Improved diagrams (dark/light mode support)

Browse Source
This commit is contained in:
Hendrik Eeckhaut
2025-05-14 16:29:01 +02:00
parent feb2ff2756
commit 961185c4d4
93 changed files with 3918 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/motivation.md
View File

@@ -12,7 +12,8 @@ Data provenance will make data truly portable, empowering users to share it with
## Non-repudiation: TLS is not enough
![](diagrams/data_provenance_none.svg)
![](../diagrams/light/data_provenance_none.svg#gh-light-mode-only)
![](../diagrams/dark/data_provenance_none.svg#gh-dark-mode-only)
Transport Layer Security (TLS) plays a crucial role in digital security. TLS protects communication against eavesdropping and tampering. It ensures that the data received by a user (_"Alice"_) indeed originated from the `Server` and was not changed. The `Server`'s identity is verified by Alice through trusted Certificate Authorities (CAs). Data integrity is maintained by transmitting a cryptographic hash (called Message Authentication Code or MAC in TLS) alongside the data, which safeguards against deliberate alterations.
@@ -24,7 +25,8 @@ While the concept seems straightforward, enabling servers to sign data is not a
## Status Quo: delegate access
![](diagrams/data_provenance_oauth.svg)
![](../diagrams/light/data_provenance_oauth.svg#gh-light-mode-only)
![](../diagrams/dark/data_provenance_oauth.svg#gh-dark-mode-only)
Currently, when Alice wants to share data from a `Server` with another party, OAuth can be used to facilitate this if the application supports it. In this way, the other party receives the data directly from the `Server`, ensuring authentic and unchanged data. However, applications often do not provide fine-grained control over which data to share, leading to the other party gaining access to more information than strictly necessary.
@@ -34,7 +36,8 @@ It's worth noting that in many instances, OAuth is not even presented as an opti
## TLSNotary: data provenance and privacy with secure multi-party computation
![](diagrams/data_provenance_tlsn.svg)
![](../diagrams/light/data_provenance_tlsn.svg#gh-light-mode-only)
![](../diagrams/dark/data_provenance_tlsn.svg#gh-dark-mode-only)
TLSNotary operates by executing the TLS communication using **multi-party computation** (MPC). MPC allows Alice and Bob to jointly manage the TLS connection.
With TLSNotary, Alice can selectively prove the authenticity of arbitrary portions of the data to Bob. Since Bob participated in the MPC-TLS communication, he is guaranteed that the data is authentic.