You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _pages/garner.md
+16-7Lines changed: 16 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,30 +16,39 @@ sidebar:
16
16
17
17
## Overview
18
18
19
-
A Tor endpoint for self-sovereign identity. It serves static files over HTTP to allow the retrieval of authenticated identity documents.
19
+
A developer tool that provides a Tor endpoint for self-sovereign identity. It serves static files over HTTP to allow the retrieval of authenticated identity documents.
20
20
21
21
## Why is Garner Important?
22
22
23
-
Garner serves self-sovereign identity documents. It has four major advantages over use of `HTTPS` or even bare `tor`.
23
+
Garner serves self-sovereign identity documents. It has five major advantages over use of `HTTPS` or even bare `tor`.
24
24
25
25
**Self-Sovereignty:** The ultimate goal of Garner is self-sovereignty. [XIDs](/xid/) allow users to have a truly self-sovereign identity that they can issue, hold, and redact as they see fit. Garner offers the next step, because it allows them to also serve their own identity documents in a self-sovereign way.
26
26
27
-
**Accessibility:**All that you need to do to run Garner is to generate a keypair and start up the server. This is a huge accessibility advance over HTML, which requires the setup of complex Apache config files and the acquisition of a certificate, all of which will be beyond the average user.
27
+
**Accessibility:**Garner is easy to install: it's just a cargo install. It's also easy to run: there are just three commands, one to generate a keypair, one to start a server, and one for a remote user to get your content. This is a huge accessibility advance over HTML, which requires the setup of complex Apache config files and the acquisition of a certificate, all of which will be beyond the average user.
28
28
29
29
**Privacy:** Because Garner runs across the Tor network, everything is private. Your identity serving address is hidden (protecting any pseudonymous identities) and the requester's address is hidden. Perhaps most importantly, this makes the identity documents served through Garner censorship-resistance. As long as Tor is available, no attacker can prevent you from serving them or the requester from asking for them.
30
30
31
-
**Authentication:** Garner builts its Tor address from the private key you supply, which means that your running a Garner server (which other people connect to with the corresponding public key) implicitly verifies your control of that private key. This is very powerful authentication, because it's live: you controlled the private key when the server was started. Not only does this avoid the need for external dependencies like DNS or a Certificate Authority (CA), but it also steps around situations where a private key is stale (due to loss or rotation).
31
+
**Authentication:** Garner builds its Tor address from the private key you supply, which means that your running a Garner server (which other people connect to with the corresponding public key) implicitly offers live proof of key control. This is very powerful authentication: remote users know that you controlled the private key when the server was started. Not only does this avoid the need for external dependencies like DNS or a Certificate Authority (CA), but it also protects from stale-signature and post-compromise replay attacks.
32
+
33
+
**Security:** Garner is purposefully very constrained. It is not a general-purpose web-server, but only a limited identity-document server. This is an intentional design to minimize its attack surface. It was also built in close coordination with Tor technology, through use of the [official Arti crate](https://gitlab.torproject.org/tpo/core/arti/), which should also improve its security level.
32
34
33
35
## How Does Garner Work?
34
36
35
37
A user runs the [Garner CLI](https://github.com/BlockchainCommons/garner-rust) to create a keypair. They distribute the public key to people who they want to send identity documents to and keep the private key safe. They then use the private key to start up the Garner server, which generates a deterministic address based on the key. Users with the public key can then use their own version of Garner to access that server with the public key (or with the deterministic address once they know it). This allows them to download identity documents from the server that are implicitly authenticated and verified as belonging to the holder of the private key.
36
38
37
-
This allows the pseudonymous, censorship-resistant, self-sovereign distribution of identity documents. Its primary use case is serving [Gordian Envelope](https://developer.blockchaincommons.com/envelope/), including [XIDs](https://developer.blockchaincommons.com/xid/) and [Gordian Clubs](https://developer.blockchaincommons.com/clubs/). However, it can distribute any type of identity document including W3C DID documents and VC Controller documents.
38
-
39
-
Garner is purposefully very constrained. It is not a general-purpose web-server, but only a limited identity-document server. This is an intentional design to minimize its attack surface.
39
+
This allows the pseudonymous, censorship-resistant, self-sovereign distribution of identity documents. Its primary use case is serving [Gordian Envelope](https://developer.blockchaincommons.com/envelope/), including [XIDs](https://developer.blockchaincommons.com/xid/) and [Gordian Clubs](https://developer.blockchaincommons.com/clubs/). However, it can distribute any type of identity document including W3C DID documents, Verifiable Credentials, VC Controller documents, or any other sort of signed content.
0 commit comments