[Cryptech Core] Draft charter for the CrypTech project
Karen O'Donoghue
odonoghue at isoc.org
Fri Oct 27 17:59:56 UTC 2017
Folks,
Below is a draft for the charter we discussed at the recent face to face meeting. Please review and provide comments. Even if you don’t have any comments or concerns, I’d like to know that you are ok with the document. We’d like to wrap this up and get it up on the CrypTech website by the end of next week if possible. We need to get it done in advance of the ISOC Board of Trustees meeting in November. We will also use this as a starting point to develop whatever documentation is needed to move the financial and administrative support from NorduNET to another entity sometime in 2018.
Thanks!
Karen
************************************
The CrypTech Project Charter
The CrypTech Project develops an open source design for a hardware cryptographic engine or Hardware Security Modules (HSMs) and an associated reference implementation that allows anyone to deploy and audit a secure, low-cost cryptographic engine in their environment.
The CrypTech Project was formed, at the urging of the Internet Engineering Task Force (IETF) leadership, in response to the Snowden revelations of mass surveillance and to indications that the implementations of key cryptographic algorithms and functions had been systematically targeted in an effort to weaken and subvert their utility.
The CrypTech Project Mission and Vision
The CrypTech Project vision is that security infrastructure should not have to depend on closed-source HSM products that cannot be publicly audited and where there is a significant probability that the functions implemented in the product may have been subverted. Security technologies that can benefit from CrypTech include Domain Name System Security Extensions (DNSSEC), Resource Public Key Infrastructure (RPKI), TOR Consensus, Pretty Good Privacy (PGP), Identity Federations, and Certificate Authorities (CAs).
To that end, the CrypTech Mission is to:
• Put hardware crypto capability into the hands of as many people as possible by
o Lowering the cost of the technology,
o Diversifying the manufacturing base, and
o Enabling good crypto at the edge; and
• Improve the trustworthiness of hardware crypto technology by:
o Facilitating globally diverse design and development,
o Utilizing a diverse testing community,
o Providing transparency in funding and open source solutions,
o Moving towards an open toolchain for HSMs, and
o Having 3rd party audits of CrypTech technologies.
The CrypTech Project Team
The CrypTech Project Team includes hardware and software developers, business personnel, technical and business advisors, and sponsors. The CrypTech hardware and software developers include a team of developers supported by CrypTech sponsors along with additional volunteer developers. Business personnel support tasks such as fund raising, marketing, and finance. Technical and business advisors are individuals from the community who provide guidance on technical and strategic direction. Sponsors are organizations and individuals that have provided financial resources to the CrypTech project. Sponsors are currently limited to donations of $100,000 per year to reduce the influence of any single part in the resulting products. Finally, NorduNET provides financial administration, and both NorduNET and the Internet Society facilitate sponsorship donations.
In addition to the team described above, a new non-profit corporation, Diamond Key Security, has been established for the development and support of CrypTech based products and to facilitate the long term sustainability of the CrypTech project as a whole. Diamond Key Security staff contribute to several of the roles described above and on an individual basis are considered part of the CrypTech Project.
Governance
The CrypTech Project takes its governance model from the IETF. Technical and administrative decisions are made by a rough consensus of the active participants.
The CrypTech project funds the core team developers (to the extent possible) but aims to have other people involved be self-funding (e.g. for travel to meetings) and to minimise overhead in general.
Transparency
A key tenet of the CrypTech project is transparency. This transparency is achieved by using open source development practices, public mailing lists, and a public wiki (https://trac.cryptech.is/). The open design principles being utilized include:
• All code is open and available under open and unrestricted license;
• An Open, transparent, auditable, and traceable development process is followed;
• The design is open allowing for customization, observation, and testability – in development as well as during operation.
The names and roles of the current and past team members are public can be found at: https://cryptech.is/organization/
The CrypTech project posts annual reports detailing technical progress and financial status along with other governance materials at https://cryptech.is/. The 2016 EOY report is at: https://cryptech.is/wp-content/uploads/2014/04/final-EOY-report-for-2016.pdf
This charter was last updated on 2017-10-27.
More information about the Core
mailing list