译文/Translated:
能和我们聊聊Remme吗?
Remme是一个身份和访问管理产品的生态系统,其核心是数字密钥。开发者可以使用Remme的开源分布式PKI协议,其证书管理平台为企业客户提供解决方案。Remme成立于2015年,其目标是建立下一代的公共密钥基础架构协议(PKI协议)和支持PKI的去中心化应用套件,以解决Web 3.0时代的问题。
PKI协议利用EOSIO代码库创建去中心化系统用来安全地储存和撤销数字密钥。
Remme协议是Remme生态的基石,我们的生态系统包括用来托管身份信息的区块链层,上面的工具可以管理机器和人类用户的身份,以及为各种PKI用例启用自定义应用的层。
比如,我们已经启用几个Remme协议的试点,其中一个是为财富500强车企提供的基于区块链的客户验证项目。
为什么PKI是区块链技术很好的用例
我们确信,上世纪70年代提出的PKI解决方案并不能满足现代Web的需求,尤其是现在有这么多强大的新兴技术不断涌现的情况。
今天,正如40年前一样,身份验证(CA)负责数字签名和使用CA密钥发表公共密钥证书。这就造成了可能的单点、集中攻击。过去业界勉强使用CA,结果其监督的整套密钥都处于危险之中。
企业不断发展的需求、不断增加的相互联系,不断提高自身攻击水平的黑客——这些都让我们必须提出更灵活的解决方法。这个方案必须基于区块链,因为传统的PKI的很多根本问题在区块链上都不存在。
为什么您会从EOSIO分流,自己运营区块链网络呢?
EOSIO为开发Remme协议提供了良好的基础。但是,我们还是决定要以独立网络上线,因为我们希望能够个性化重要的部件,如配置共识,方便超级节点能够担任网络长期的权益人。
我们也希望能够在REM代币的支持下同时管理RAM, NET,和 CPU,从而简化资源经济,这样我们就能从终端用户的角度出发,提高用户体验、简化复杂性。从EOSIO中分流也让我们能够利用系统智能合约创建定制的PKI相关功能。
我们从个性化EOSIO代码库开始,让代码库能够符合我们特殊用例和代币经济的需求。因为我们有很大的代币持有者和区块生产者社区基础,我们要向他们具体地解释这些变化。我们把这些变化详细地记录在一系列教育博客文章中,从EOSIO继承得来的相关功能—共识、管理和资源经济–如果有主要变化,我们都可视化相应的变化。
为什么选择使用EOSIO区块链技术呢?
实际上我们最初是用Hyperledger Sawtooth作为我们的区块链框架,但是在测试过程中我们一直遇到一系列问题。第一个测试网的日期越来越近,我们知道Sawtooth不能处理我们设想的那些用例,很明显,它也不能实现规模化。
很明显,我们需要另一个区块链解决方案,它更灵活、更个性化,更能够实现规模化,服务数百万连接的设备。在探索了各种方案之后,我们知道EOSIO是目前最适合Remme的方式。
那么EOSIO架构中有哪个部件是最吸引你的?
影响我们决策的主要因素是DPOS共识。而且EOSIO资源管理概念特别适合我们的代币经济,去中心化的PKI概念也是。
EOSIO已经被深入地测试过了。它在全球运行,它支持了数百个商业规模的dApp。此外,EOSIO生态拥有一个庞大的开发者社区,它能把代码库和库里的环境工具扩展到每个可能的用例中。其协议能够支持商业规模的、适合企业的dApp,所以最终让我们敲定了它。
区块链技术的使用会怎么改变现在的PKI系统呢?
区块链技术很多著名特点本身就合适身份和访问管理。其中包括内置透明度、防审查制度、分布式的节点网络带来的广泛可用性。
基于区块链的系统还消灭了而某些攻击媒介,包括中间人(MITM)攻击。因为企业直接和区块链交互,而不依赖中心化的权威,所以窃取和破坏证书就变得非常困难。
此外,因为区块链本身被大量实体支持,受全球的验证器节点监督,所以企业可以放心,因为服务能够永久维持下去,而不会遇到证书颁发机构破产或者切断服务的情况。
Remme设定了哪些用例呢?
最明显的两个应用是无密码用户验证和智能设备身份验证,但是用例的数量是无穷尽的。我们打算先引入身份解决方案,如数字密钥管理、域名验证,和SSH密钥管理。未来,我们预计Remme协议将能用来控制数千个企业、数十万个用户、数百用过loT(物联网)设备的访问。
能说说您的团队及他们有多特别吗?
Remme的核心团队有近十年的丰富的区块链和加密安全经验。
我们的CTO Roman Cherednik在区块链和PKI项目发展上有丰富的经验,他曾经任职于一个拥有13000个员工、利润超过6.5亿美元的跨国软件开发公司,他还曾经在一家知名加密货币交易平台有过工作经验。
我们的业务发展总监Sid Desai现在主要负责美国分部。他曾经在Certificate Authority GlobalSign工作过,因此他非常了解PKI,也清楚很多PKI的可改进之处。
Remme拥有30多个熟练的技术和营销专家,这个优势使它能够引领下一代的PKI解决方案的创造。
为什么您会决定让Remme协议开源,您因为这个决定有遇到任何特别的挑战或好处吗?
对我们来说,Remme协议必须完全开源。
这是区块链技术预期的情况。其价值主张的一个部分就是完全透明和公开的架构,没有它的话,大规模的信任以及由此产生的大规模应用都是不可能的。
使用开源技术的优点包括能够利用EOSIO等先进软件,它让我们不需要从无到有构建一切,也给我们带来一些安全和开发的保证。
反过来,我们也希望我们建立在EOSIO上的开源应用能够被其他开发者利用和加以扩展,我们也拥有非常强大的开源Remme社区,包括第三方开发者,他们利用我们的技术解决了大量现实生活中遇到的挑战。
Remme协议未来有怎样的计划,你们公司呢?
我们有很宏伟的计划!在Remme,我们相信当今世界处理数字身份的方法已经过时了。数字身份的数量,不管是人类还是机器,都以不可思议的速度在增长着。所以我们才决定要带领它走向更加安全和简单的身份管理。
关于Remme协议,我们计划在今年年底让它在主网上线。2010年,我们会关注解决其它下一代的PKI挑战上,如去中心化域名验证和SSL/TLS,邮件安全,代码签署和浏览器集成。2021年我们会关注loT领域。
在产品开发商,我们打算进一步研发Remme Auth,它能够处理人类身份管理问题,我们也积极地开发我们第二个旗舰产品Keyhub,它用在机器身份管理上。
Auth将和Remme协议一起在主网上线,从而开始它的旅程,与之相反,Keyhub现在已经上线,也已经解决了现在和证书生命周期管理相关的当今PKI世界遇到的很多问题。现在已经有超过100个企业已经在使用Keyhub了。
能聊聊您未来使用和按需修改EOSIO的计划吗?
等我们完成修改共识和资源管理层之后,我们打算关注开发系统合约,增加账户属性管理。这会启用基于属性的凭证和访问控制用例。接着我们会研发外部状态验证。这有助于巩固发生和驻留在链外事件的链上解决方案。这样,链上智能合约和建立在Remme协议的应用能够支持和对真实世界发生的事件加以反应。
这两个部件之外,我们还会继续提供额外的PKI相关的功能给其他用例,如邮件安全和代码签署,需要的系统合约。
建立在EOSIO之上
我们的 #建立在EOSIO 系列展示了利用EOSIO科技的一些卓越的项目,它们都能为我们更加安全和联系的世界添砖加瓦。如果您想给我们下一个阶段的项目提建议,请给我们的开发者关系小组发送邮件spotlight@block.one
– Block.one 开发者关系小组
. . .
重要通知:所有提供的材料都受此重要通知的约束,您必须自行熟悉此间条款。该通知包含与我们软件、出版物、商标、第三方资源以及前瞻性声明相关的信息、限制和约束内容。通过访问我们的材料,您接收并同意此通知的条款。
原文/Original:
Can you introduce Remme to us?
Remme is an ecosystem of identity and access management products with a digital key at its core. Developers can make use of Remme’s open source distributed PKI protocol, while their certificate management platform offers solutions for enterprise clientele. Remme was founded in 2015 with the goal of building a next-gen Public Key Infrastructure (PKI) protocol and suite of decentralized PKI-enabled apps to address the challenges of Web 3.0.
That PKI protocol utilizes the EOSIO codebase to create a decentralized system for storing and revoking digital keys in a highly secure manner.
Remme Protocol anchors the Remme ecosystem, including the blockchain layer to host identity information, tools on top of it that manage both machine and user identities, and finally the layer that enables custom apps for a variety of PKI use cases.
As an example, we have already implemented several pilots that utilize Remme Protocol, one of which is a blockchain-based customer authentication project for a Fortune 500 automotive manufacturer.
Why is PKI a good use case for blockchain technology?
We are convinced that the PKI solution that was introduced in the 1970s is simply not capable of meeting the needs of the modern web, especially with such powerful new technologies emerging.
Today, just as 40 years ago, certificate authorities (CA) are responsible for digitally signing and publishing public key certificates using the CA’s key. This presents a single, centralized point of attack. Compromise the CA, and the entire suite of keys they oversee is in jeopardy.
The evolving needs of enterprises, their increased connectivity, and the enhanced capabilities of ever more sophisticated attackers have necessitated a transition to a more resilient alternative. That alternative resides on the blockchain, where many of the fundamental weaknesses of traditional PKI do not apply.
What prompted you to fork EOSIO and operate your own blockchain network?
EOSIO forms an excellent base on which to develop Remme Protocol. However, we made the decision to launch as an independent network because we wanted to be able to customize key components, such as configuring the consensus so that Block Producers themselves could serve as the network’s long-term stakeholders.
We also wanted to simplify the resource economy by managing RAM, NET, and CPU simultaneously, powered by the REM token, so as to improve UX and eliminate much of the complexity from the perspective of end-users. Using our own fork of EOSIO also enables us to create bespoke PKI-related features out of the system smart contracts.
We began by customizing the EOSIO codebase to accommodate our specific use cases and token economy. Since we have a large community of token holders and Block Producers, we had to explain to them the changes in detail. We detailed these changes in a series of educational blog posts and visualized the key modifications related to the features we inherited from EOSIO, namely its consensus, governance and resource economy.
Why did you choose to use EOSIO blockchain technology?
We actually started out using Hyperledger Sawtooth as our blockchain framework but encountered an array of problems that persisted throughout testing. As the date of the first testnet drew nearer, it was evident that Sawtooth wasn’t cut out to handle the sort of use cases we’d envisaged, and certainly not at scale.
It was evident that we needed an alternative blockchain solution that was more flexible, customizable and capable of operating at scale to serve millions of connected devices. After exploring the alternatives, it became apparent that EOSIO was by far the best option for Remme.
Which components of the EOSIO architecture, in particular, attracted you?
The main factors that influenced our decision were DPOS consensus, and that the EOSIO resource management concept fit very well into our token economy, and the decentralized PKI concept.
EOSIO has been extensively tested at a very high level and has significant industry recognition. It works on a global scale, supporting hundreds of commercial-scale dApps. Additionally, the EOSIO ecosystem has a tremendous developer community that expands the codebase and the independent surrounding tools towards every possible use case. The protocol’s ability to support commercial-scale dApps that are suitable for enterprises sealed it.
How will the use of blockchain technology transform the current PKI system?
Many of the characteristics for which blockchain technology is renowned are naturally suited to identity and access management. These include built-in transparency, censorship resistance, and widespread availability via a distributed network of nodes.
Blockchain based systems also eliminate certain attack vectors including man in the middle (MITM) attacks. Because enterprises are interacting directly with the blockchain, without reliance on a central authority, stealing or compromising certificates becomes exponentially harder.
Moreover, because the blockchain itself is supported by a broad array of entities, and overseen by a global system of validator nodes, businesses can rest assured that services will be maintained in perpetuity, without the risk of the Certificate Authority going out of business or cutting them off.
What are some of the use cases that have been devised for Remme?
Passwordless user authentication and smart device authentication are two of the most obvious applications, but the number of use cases is limitless; we intend to focus on introducing identity solutions at first such as digital key management, domain validation, and SSH key management. In the future, we envision Remme Protocol being used to control access for thousands of businesses, hundreds of thousands of users, and millions of IoT devices.
Can you tell us a bit about your team and what makes them special?
Remme’s core team has a wealth of blockchain and cybersecurity experience that stretches back almost a decade.
Our, CTO Roman Cherednik, has extensive experience in blockchain and PKI project development, including a global software development company with $650M revenue with over 13,000 employees, as well as a stint at an established crypto exchange.
Then there’s our Head of Business Development Sid Desai, who leads our US office. Thanks to a career at Certificate Authority GlobalSign, he’s been deeply involved with PKI and has seen the many ways in which it can be improved.
With 30 additional seasoned tech and marketing experts, Remme is well placed to make good on its promise of spearheading the creation of next-gen PKI solutions.
Why did you decide to make Remme Protocol open source and have you encountered any unique challenges or benefits as a result of this decision?
For us, it is imperative that Remme Protocol is fully open source.
This is expected of blockchain technology, the value proposition of which hinges partially upon a fully transparent and open framework, and without which mass trust and thus mass adoption would be impossible.
The benefits of harnessing open source technology include being able to leverage advanced software such as EOSIO, which saves us from having to build everything from scratch and provides certain security and developmental assurances.
In return, we hope that the open source applications we build upon EOSIO will be utilized and expanded upon by other developers. We have a very strong open source Remme community, including third-party devs who are solving an array of real-world challenges using our tech.
What are the future plans for Remme protocol, and the company itself?
We have huge plans in the pipeline! At Remme, we believe that the way the modern world handles digital identities doesn’t cut it anymore. The number of digital identities, both human and machine, continues to grow at an incredible pace. That’s why we’re determined to lead the transition towards secure and simplified identity management.
In terms of Remme Protocol, we plan to launch the mainnet by the end of this year. In 2020, we’ll focus on addressing other next-gen PKI challenges such as decentralized domain validation and SSL/TLS, email security, code signing and browser integrations. And 2021 will be dedicated to the IoT universe.
As for product development, we intend to further develop Remme Auth, which addresses human identity management, and we are actively developing our second flagship product, Keyhub, which is for machine identity management.
Unlike Auth, which will begin its journey together with Remme Protocol from mainnet launch, Keyhub is already live and already solves the problems of today’s PKI world related to certificate lifecycle management. More than 100 enterprises are using Keyhub already.
Can you tell us about your future plans for using and modifying EOSIO for your purposes?
Once we’ve finished tailoring the consensus and resource management layer, we intend to focus on developing system smart contracts to add account attribute management. This will enable attribute-based credentials and access control use cases. Then we will work on external state verification. This will facilitate consolidated on-chain resolutions about events that reside and occur outside the blockchain. As a result, on-chain smart contracts and the applications built on Remme Protocol can subscribe and react to the events that happen in the real world.
After these two components, we will continue to deliver extra PKI-related features out of the system smart contracts required for other use cases such as email security and code signing.
Building on EOSIO?
Our #BuiltOnEOSIO series showcases some of the amazing projects leveraging EOSIO technology to build a more secure and connected world. If you would like to suggest a project for us to feature please send an email to spotlight@block.one for our Developer Relations team to review.
– Block.one Developer Relations team
. . .
Important Note: All material is provided subject to this important notice and you must familiarize yourself with its terms. The notice contains important information, limitations and restrictions relating to our software, publications, trademarks, third-party resources and forward-looking statements. By accessing any of our material, you accept and agree to the terms of the notice.
原文链接/Original URL:
