Sander Dijkhuis

@[email protected]
51 Followers
214 Following
92 Posts
Chief technology officer at cleverbase.com & vidua.nl. Current focus: designing applied cryptography, messaging protocols, and citizen experience for a trustworthy online society. Continuing from https://twitter.com/s89
☑️ Verifiedhttps://qpub.eu/mastodon.online/sq/
Sander DijkhuisAug 25, 2025

Credential is my new favourite polyseme in #DigitalIdentity. Sometimes it means data to present yourself as a digital entity, other times the document to exchange identity attributes between those digital entities.

Reflect in https://preludes.eu/op/2025/i on different treatments in standards and systems.

Sander DijkhuisMay 2, 2025
Most APIs complect message delivery with business domain semantics. It’s an easy way to connect internal business applications mutually and to contracted infrastructure platforms. But to connect many-to-many people and organisations, we need something simpler.
Sander DijkhuisApr 25, 2025
@frankel Thanks for publishing https://blog.frankel.ch/rust-from-python/, I like the overview. Did you ever find the answer for Rust-to-Python messages over Unix sockets?
Calling Rust from Python

I recently watched GOTO conferences' talk Calling Functions Across Languages by Richard Feldman. I’m afraid I have to disagree with using the term 'language' in this context. It’s a no-brainer to call Java from Kotlin or Scala or to call Java from Kotlin. Hence, in the rest, I’ll use 'stack'. In the talk, the speaker cites two main reasons to go on this road: Gradual migration from one stack to the otherUsing a library that has no equivalent in one’s stack under the ass

A Java geek
Sander DijkhuisMar 2, 2025
SCAL3: OAuth + WebAuthn + tlogs = public monitoring of resource server integrity
Sander DijkhuisJan 18, 2025
After 2+ years, I still don’t understand the macOS Stage Manager.
Sander DijkhuisSep 3, 2024
What comes after IETF RFC 9999?
Sander DijkhuisAug 31, 2024
sebbuAug 30, 2024
Thanks to @sq my mastodon account now has a verified #eIDAS identity.
Sander DijkhuisAug 28, 2024
How to manage many keys in an identity wallet with high assurance? What started as a question on Cryptography Stack Exchange some months ago is now a 20+ person expert group with a first version 00 spec: https://datatracker.ietf.org/doc/draft-dijkhuis-cfrg-hdkeys/ #EUDIW #eIDAS
Hierarchical Deterministic Keys

Hierarchical Deterministic Keys enables managing large sets of keys bound to a secure cryptographic device that protects a single key. This enables the development of secure digital identity wallets providing many one-time-use public keys. About This Document This note is to be removed before publishing as an RFC. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-dijkhuis-cfrg-hdkeys/. Source for this draft and an issue tracker can be found at https://github.com/sander/hierarchical-deterministic-keys.

IETF Datatracker
Sander DijkhuisAug 18, 2024
HSM development and certification question. While EN 419221-5:2018 allows for running additional firmware or software without further validation and certification, FIPS 140-3 Level 3 does not seem to. Services such as iCloud and WhatsApp apply custom HSM firmware for #e2ee backup. Do they typically run their firmware through validation and certification processes to maintain conformity claims, or just run without an government-approved mode of operation? Is NIST too strict on custom firmware?
Sander DijkhuisAug 18, 2024
In the #WhatsApp #e2ee backups, do the integrity-protected registration payloads include the attempt_counter values, or are these protected elsewhere in the Merkle tree, or even outside of it?