From 73eaa73a3396f92190c5359cbeb6d5e391840e9e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=A7=89=20infominer?= <infominer@protonmail.com>
Date: Sun, 22 Nov 2020 06:39:03 -0500
Subject: [PATCH] add keri

---
 .../2020-11-22-keri.md                        | 138 ++++++++++++++++++
 images/keri-header.webp                       | Bin 0 -> 4898 bytes
 images/keri-teaser.webp                       | Bin 0 -> 1908 bytes
 3 files changed, 138 insertions(+)
 create mode 100644 _posts/organizations/identity-foundation-DIF/2020-11-22-keri.md
 create mode 100644 images/keri-header.webp
 create mode 100644 images/keri-teaser.webp

diff --git a/_posts/organizations/identity-foundation-DIF/2020-11-22-keri.md b/_posts/organizations/identity-foundation-DIF/2020-11-22-keri.md
new file mode 100644
index 00000000..b92edb24
--- /dev/null
+++ b/_posts/organizations/identity-foundation-DIF/2020-11-22-keri.md
@@ -0,0 +1,138 @@
+---
+date: 2020-11-22
+title: KERI - Key Event Receipt Infrastructure
+description: The first truly fully decentralized identity system.
+excerpt: >
+    An identity system based secure overlay for the Internet is presented. This includes a primary root-of-trust in self-certifying identifiers. It presents a formalism for Autonomic Identifiers (AIDs) and Autonomic Namespaces (ANs). They are part of an Autonomic Identity System (AIS). This system uses the design principle of minimally sufficient means to provide a candidate trust spanning layer for the internet. Associated with this system is a decentralized key management infrastructure (DKMI).
+layout: single
+permalink: organizations/identity-foundation/keri/
+canonical_url: 'https://decentralized-id.com/organizations/identity-foundation/keri/'
+categories: ["Identity Foudation"]
+tags: ["DIF","KERI","DKMI"]
+header: 
+  image: /images/keri-header.webp
+  teaser: /images/keri-teaser.webp
+last_modified_at: 2020-11-22
+---
+
+[Website](https://keri.one) - [Resources](https://keri.one/keri-resources/) - [GitHub](https://github.com/decentralized-identity/keri) - [Identifiers & Discovery WG](https://identity.foundation/working-groups/identifiers-discovery.html)
+
+* [KEY EVENT RECEIPT INFRASTRUCTURE (KERI) DESIGN](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/KERI_WP_2.x.web.pdf) Samuel M. Smith Ph.D. v2.54 2020/10/22, v1.60 2019/07/03 [[arXiv](https://arxiv.org/abs/1907.02143)]
+  > An identity system based secure overlay for the Internet is presented. This includes a primary root-of-trust in self-certifying identifiers. It presents a formalism for Autonomic Identifiers (AIDs) and Autonomic Namespaces (ANs). They are part of an Autonomic Identity System (AIS). This system uses the design principle of minimally sufficient means to provide a candidate trust spanning layer for the internet. Associated with this system is a decentralized key management infrastructure (DKMI). The primary root-of-trust are self-certifying identifiers that are strongly bound at issuance to a cryptographic signing (public, private) key-pair. These are self-contained until/unless control needs to be transferred to a new key-pair. In that event an append only chained key-event log of signed transfer statements provides end verifiable control provenance. This makes intervening operational infrastructure replaceable because the event logs may be therefore be served up by ambient infrastructure. End verifiable logs on ambient infrastructure enables ambient verifiability (verifiable by anyone, anywhere, at anytime). The primary key management operation is key rotation (transference) via a novel key pre-rotation scheme. Two primary trust modalities motivated the design, these are a direct (one-to-one) mode and an indirect (one-to-any) mode. In the direct mode, the identity controller establishes control via verified signatures of the controlling key-pair. The indirect mode extends that trust basis with witnessed key event receipt logs (KERLs) for validating events. The security and accountability guarantees of indirect mode are provided by KERIs Agreement Algorithm for Control Establishment (KACE) among a set of witnesses. 
+* [Decentralized key management](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/10-ssi-key-management.pdf) Sam Smith (Manning)
+  > ● Why any form of digital key management is hard\
+  > ● Standardsand best practices for conventional key management\
+  > ● The starting point for key management architectures: roots-of-trust\
+  > ● The special challenges of decentralizedkey management\
+  > ● The new tools that verifiable credentials (VCs), decentralized identifiers (DIDs), and self-sovereign identity (SSI) bring to decentralized key management\
+  > ● Key management for ledger-based DID methods\
+  > ● Key management for peer-based DID methods\
+  > ● Fully autonomous decentralized key management with Key Event Receipt Infrastructure (KERI)
+* [UNIVERSAL IDENTIFIER THEORY](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/IdentifierTheory_web.pdf)
+  > Abstract—A universal theory for identifiers is presented. This theory is based on a unified model of identifiers that include cryptographic autonomic identifiers (AIDs) and legitimized (autho- rized) human meaningful identifiers (LIDs). This model provides truly decentralized trust bases each derived from the cryptographic root-of-trust of a given AID. An AID is based on a self-cer- tifying identifier (SCID) prefix. Self certifying identifiers are not human meaningful but have strong cryptographic properties. The associated self-certifying trust basis gives rise to a trust do- main for associated cryptographically verifiable non-repudiable statements. Every other type of identifier including human meaningful identifiers may then be secured in this resultant trust do- main via an end-verifiable authorization. This authorization legitimizes that human meaningful identifier as an LID though its association with an AID. The result is a secured trust domain spe- cific identifier couplet of aid|lid. AIDs are provided by the open standard key event receipt infra- structure (KERI) [42]. This unified model provides a systematic methodology for the design and implementation of secure decentralized identifier systems that underpin decentralized trust bases and their associated ecosystems of interactions.
+* [Key Event Receipt Infrastructure (KERI): A secure identifier overlay for the internet – Sam Smith – Webinar 58](https://ssimeetup.org/key-event-receipt-infrastructure-keri-secure-identifier-overlay-internet-sam-smith-webinar-58/) SSI-Meetup
+
+{% include video id="izNZ20XSXR0" provider="youtube" %}
+
+## Presentations
+
+* [KERI Overview](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERI2_Overview.web.pdf) Key Event Receipt Infrastructure Samuel M. Smith Ph.D. sam@keri.one https://keri.oneversion 2.54 2020/10/22
+  > **Separation of Control**\
+  > Shared (permissioned) ledger = shared control over shared data. 
+  > * Shared data = good, shared control = bad. 
+  > * Shared control between controller and validator may be problematic for governance, scalability, and performance.\
+  > KERI  = separated control over shared data. 
+  > * Separated control between controller and validator may provide better decentralization, more flexibility, better scalability, lower cost, higher performance, and more privacy at comparable security.
+* [The Duplicity Game: or why you can trust KERI](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/DuplicityGame_IIW_2020_A.pdf)
+  > **Inconsistency vs. Duplicity**
+  > - inconsistency: lacking agreement, as two or more things in relation to each other
+  > - duplicity: acting in two different ways to different people concerning the same matter
+  > **Internal vs. External Inconsistency** 
+  > - Internally inconsistent log = not verifiable.
+  > - Log verification from self-certifying root-of-trust protects against internal inconsistency.
+  > - Externally inconsistent log with a purported copy of log but both verifiable = duplicitous.
+  > - Duplicity detection protects against external inconsistency.
+* [Key Event Receipt Infrastructure (KERI) Model for a Universal DKMI](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERI_Overview.pdf) - December 2019
+  > **KERI Nomenclature**
+  > * **self-certifying identifier**: includes public key
+  > * **digital signature**: unique non-repudiable (cypher suite known)
+  > * **digest**: collision resistant hash of content
+  > * **signed digest**: commitment to content 
+  > * **controller**: controlling entity of identifier 
+  > * **message**: serialized data structure event: actionable message 
+  > * **key event**: key management operation
+  > * **inception event**: unique self-signed event that creates identifier and controlling key(s) 
+  > * **rotation event**: self-signed uniquely ordered event from a sequence that changes the set of controlling keys 
+  > * **verifier**: cryptographically verifies signature(s) on an event message. 
+  > * **witness**: entity that may receive, verify, and store key events for an identifier. Each witness controls its own identifier used to sign key event messages, controller is a special case of witness. 
+  > * **receipt**: event message or reference with one or more witness signatures
+  > * **key event log**: ordered record of all self-signed key event messages key event 
+  > * **receipt log**: ordered record of all key event receipts for a given set of witnesses 
+  > * **validator**: determines current authoritative key set for identifier from at least one key event (receipt) log. 
+  > * **judge**: determines current authoritative key set for identifier from the key event receipt logs from a set of witnesses. 
+  > * **pre-rotation**: commitment to next rotated key set in previous rotation or inception event
+* [KERI for Muggles IIW #31 Day 1 - Session #220 October 2020](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERI_for_Muggles.pdf) 
+  > KERI is a new approach to decentralized identifiers and decentralized key management that promises significant benefits for SSI (self-sovereign identity) and ToIP (Trust over IP) infrastructure
+* [Verifiable Trust Bases](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/presentations/KERIVerifiableTrustBases.web.pdf) Samuel M. Smith Ph.D. sam@keri.one https://keri.one version 2.53 2020/10/20 - Renewing the Web of Trust
+  > * KERI enables cryptographic proof-of-control-authority (provenance) for each identifier.
+  >   * A proof is in the form of an identifier’s key event receipt log (KERL).
+  > * KERLs are *End Verifiable*: 
+  >   * End user alone may verify. Zero trust in intervening infrastructure. 
+  > * KERLs may be *Ambient Verifiable*: 
+  >   * Anyone may verify anylog, anywhere, at anytime. 
+  > * KERI = self-cert root-of-trust + certificate transparency + KA2CE + recoverable + post-quantum.
+
+## GitHub
+- [decentralized-identity/keri](https://github.com/decentralized-identity/keri) - Key Event Receipt Infrastructure - the spec and implementation of the KERI protocol
+  - [KERI Whitepaper](https://raw.githubusercontent.com/decentralized-identity/keri/master/kids/KERI_WP.pdf)
+  - [Implementation Notes for KERI](https://github.com/decentralized-identity/keri/blob/master/implementation.md) [[HackMD](https://hackmd.io/orhyiJkLT721v4PCPkvQiA?both)]
+    > The interpretation of the data associated with the digest or hash tree root in the seal is independent of KERI. This allows KERI to be agnostic about anchored data semantics. Another way of saying this is that seals are data agnostic; they don’t care about the semantics of its associated data. This better preserves privacy because the seal itself does not leak any information about the purpose or specific content of the associated data. Furthermore, because digests are a type of content address, they are self-discoverable. This means there is no need to provide any sort of context or content specific tag or label for the digests. Applications that use KERI may provide discovery of a digest via a hash table (mapping) whose indexes (hash keys) are the digests and the values in the table are the location of the digest in a specific event. To restate, the semantics of the digested data are not needed for discovery of the digest within a key event sequence.
+- [decentralized-identity/keriox](https://github.com/decentralized-identity/keriox) - Rust Implementation of the KERI Core Library
+- [decentralized-identity/keripy](https://github.com/decentralized-identity/keripy) - Python Implementation of the KERI Core Libraries
+- [decentralized-identity/kerigo](https://github.com/decentralized-identity/kerigo) - Go implementation of KERI (Key Event Receipt Infrastructure)
+- [decentralized-identity/kerijs](https://github.com/decentralized-identity/kerijs) - JavaScript (nodes) Implementation of the KERI core library.
+
+## Background
+
+* [Resources](https://keri.one/keri-resources/)
+- [SmithSamuelM/Papers](https://github.com/SmithSamuelM/Papers/)
+  * [Whitepapers](https://github.com/SmithSamuelM/Papers/tree/master/whitepapers)
+  * [Presentations](https://github.com/SmithSamuelM/Papers/tree/master/presentations)
+
+**Self-Certifying Identifiers**
+* Girault, M., “[Self-certifiepublic keys](https://link.springer.com/content/pdf/11007%2F3-540-46416-6_42.pdf),” EUROCRYPT 1991: Advances in Cryptology, pp. 490-497, 1991  
+* Kaminsky, M. and Banks, E., “[SFS-HTTP: Securing the Web with Self-Certifying URLs](https://pdos.csail.mit.edu/~kaminsky/sfs-http.ps),” MIT, 1999  
+* Mazieres, D. and Kaashoek, M. F., “[Escaping the Evils of Centralized Control with self-certifying pathnames](http://www.sigops.org/ew-history/1998/papers/mazieres.ps),” MIT Laboratory for Computer Science, 2000  
+* Mazieres, D., “[Self-certifying File System](https://pdos.csail.mit.edu/~ericp/doc/sfs-thesis.ps),” MIT Ph.D. Dissertation, 2000/06/01  
+* TCG, “[Implicit Identity Based Device Attestation](https://trustedcomputinggroup.org/wp-content/uploads/TCG-DICE-Arch-Implicit-Identity-Based-Device-Attestation-v1-rev93.pdf),” Trusted Computing Group, vol. Version 1.0, 2018/03/05   
+
+**Autonomic Identifiers**
+
+Smith, S. M., “[Open Reputation Framework](https://github.com/SmithSamuelM/Paperblob/master/whitepapers/open-reputation-low-level-whitepaper.pdf),” vol. Version 1.2, 2015/05/13  
+Smith, S. M. and Khovratovich, D., “[Identity System Essentials](https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/Identity-System-Essentials.pdf),” 2016/03/29  
+* Smith, S. M., “[Decentralized Autonomic Data (DAD) and the three R’s of Key Management](https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/DecentralizedAutonomicData.pdf),” Rebooting the Web of Trust RWOT 6, Spring 2018  
+* Smith, S. M., “[Key Event Receipt Infrastructure (KERI) Design and Build](https://arxiv.org/abs/1907.02143),” arXiv, 2019/07/03  
+* Conway, S., Hughes, A., Ma, M. et al., “[A DID for Everything](https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/A_DID_for_everything.pdf),” Rebooting the Web of Trust RWOT 7, 2018/09/26 
+* Stocker, C., Smith, S. and Caballero, J., “[Quantum Secure DIDs](https://github.com/WebOfTrustInfo/rwot10-buenosaires/blob/master/final-documents/quantum-secure-dids.pdf),” RWOT10, 2020/07/09
+
+**Certificate Transparency**
+
+Laurie, B., “[Certificate Transparency: Public, verifiable, append-only log(https://queue.acm.org/detail.cfm?id=2668154),” ACMQueue, vol. Vol 12, Issue 9, 2014/09/08  
+* Google, “[Certificate Transparency](http://www.certificate-transparency.org/home),”  
+* Laurie, B. and Kasper, E., “[Revocation Transparency](https://www.links.org/files/RevocationTransparency.pdf),”
+
+### Related 
+
+* [W3C DID Security Concerns](https://github.com/SmithSamuelM/Papers/blob/master/presentations/W3C_DID_Security_Concerns.pdf) 2020/01/14
+  > **Certificate Transparency Solution**
+  > - Public end-verifiable append-only event log with consistency and inclusion proofs 
+  > - End-verifiable duplicity detection = ambient verifiability of duplicity 
+  > - Event log is third party infrastructure but it is not trusted because logs are verifiable. 
+  > - Sparse Merkle trees for revocation of certificates
+  > - (related EFF SSL Observatory)
+
+**Non Conformist Innovation Summit Closing Keynote #2 - Sam Smith**
+
+The Economics of Its & Bits - Digital Identity - Freedom Privacy Control Security
+
+{% include video id="L82O9nqHjRE" provider="youtube" %}
diff --git a/images/keri-header.webp b/images/keri-header.webp
new file mode 100644
index 0000000000000000000000000000000000000000..b41792ebfe20189fb3834f810812663de701496a
GIT binary patch
literal 4898
zcmaKwS5(vAvd4dPP<k(+27*!rLhne6MnDv#2q>W{JyZ=vMCqX;9R;KpDMF}HLy@9@
z6ceNusi7DFDaZf0FXx_h*WGLFm%V1b^O>24y=F{d`uf}~0PsLh$Hd%3$>ItC0E~Yx
zjsma(0ByL5p(HH;kPytQt=(~r?!n9<G=^H;(t@|Obkf6KN|4Z4k}@ZTMc8%!PHbMy
zx$TaKQ$D<@3kNRtsx%1+lFu1YBF_=&p<>sI-1%WIgk#Tc>m}nqC6Q+9UF7x}>Z63H
z{A17L^pZ*P2l8I(U8IR+5~8==BYyG^rm!WjogXB1?;m^mCY}Pb_SJ6I8igVI!lRp-
zcO9{FxVz0a_6}<6y<3Lrb<I4yxC<NG%7^v{4j8@e!C!-Oi)LnyndO`7F&1MgYW!@o
zmC7YbnLbi&R^VEj!$1*Nk4zUepTC-;%6*tJGDb`9LJ0BmE(xX`od`>J-(Gh`JioM3
zo>kBFE0xB`+o^d%EtiP(KEcZI{dz=BMKi8sli9JD5Kw`8#Zu=fp|)U~{RMF|Wu^4@
zirhlEVn%<Prr6%^Hv=IaeEU#hh5ZbUI!MCjy5i@8oI`ZNxA8;3K5}0hz_TahY{Ajx
zoWI_ndfl^S6MmY^NPFKin?vMPV0OvGjk}8Y5ms{7yo+~Zq^CMPdO!NY`M&wHuua&i
zXZdxjIo))eF6i0tHv-YQz?E@XaVNoX`+Ne%+s95-x#7ioH#z{v?HryJOc4Bu<0b2G
z3v|WW=4-oAGsOU6GP^q>q@LXWBgH5F6MIiXgm-RSW<LhBjeDI|eMEcpvo7{lZmHtW
z2vq&bD9txUMKcB<M4DDQ3h}4KeLxKx>^QH+&Yz3ylSxV!NbnA2*05A>HJYt)zTfFC
zJ=5<yr);W@C8HWa1i9>p6Qe&s;FHg9n0HvBjdb`hR^JIa!LOGeF~u3sXZ6RwdnfLz
zGu?^Z$WQrXSy`BO=#L2)tb>}6FGm;hc--N@NA|7jqKr---M!l=K2DlE*iKWy`-dh)
z)qnvnuAeRvsGBh`7M(Ay@c@)-<3<-WFgDm8G1&Q4O!2YkVQ^5|B{s<rl8V0i&;w_^
zS)Mx=2J^hhv&)V^(LuJA7p?m^lC@`~l%|tldElEtNzOP@$a^p7a!5%XM6&?BuY6j@
z94CA}rR;^Z!O5g?v0rlHMW<vFW?%N4hOHv{>(tCOT<H~<RCypGISA-Eo9T=MUwvK=
z+b2N{aOhWI1vwuBCt$$VV1N*ggxS|q7av+2-yTO2a<gWPN~>aA?ZO2nnO?8=u|<yv
zXPBcu$D-F??Pd0QkmG{ri}aF|x(Q@L*;MRnwJg%;n>acAI@}?2ua6?FXouj~dA3EG
zO>#ADdGWypSa!FHUxJ6~oHuiNTlkmDL0$ZVdzEmOgDs^>#nq&<q@_w{zVEZ?wLoqE
znUv?7&013>Tf#El1Un6PnpUIq?V1$|`?7oi@f5ZszulvI>i2jcbYy!w%b=v##;Txv
zJO)gyj!YPr@f6PdaGWy}I;YIMF9V*s2OU}@`I_P5_-PG6TGn&M?J3-h_;_an-1a<N
zf|;IO?dO>;Y<m|IL)BR5rLhdUxocv#6kp_SQI(S_s(V0V0iqmM7Yli(<Zs*{&-KP>
zg{Iah*x*L;H^hm?OPphkL$L8qX8$yNGvlE{%|rD>>lqbV&ly-9^;AjpvlMLi)_zuJ
zbr5Pq$v*&Kj^6@r()x&M8Z*NnCFLGwc^^Q_)#aO!x@L&swBSqjGTy`Eoao#u0^ECX
zkN!k>p3t99pccK98`)5ZK5HS|+P?ZdRT8V9no}e4dfP;m{vQA32E7xCe(Tg7p}>d7
z8vAY!wja8j#EpPCZf%eo$f^S0YYhem-?Kx`#E(SmtD;K2M}_2ra)IpY-pC9%Z%vy%
z@Luoo?Hoqsb7Dsqf&O|MdqV%gz4yKj%U<-P)J{*SYP*(d{m}ir-8>bcmLdI4!mg@(
zXJtZe`ASsVUWr~-dERc$E9{a27GTZdV620<%SB$BuY?AICnXU!Ua(N;v_)>wU!cWO
zBU>9FWEu%4_%BL^Y%&7Wek3E(w=JYw@~a56bt@sO-wGCH^TleHQ+I^598}?{Xwodz
z;ia8|fQ^XjEv+N91Lde5vx20_lFAY1N#m?~$Ef&n;Dg^#1_I|bSJfx<!|-)KYl8NJ
zwZJwqg8r$Z{Fp$#TyvVYZSq@J$<ud*DcoM~|5^<kv$D|M&MNF6r;2u7;Y5r!O9)Cf
zQym+#H8MDileQR$#z*-zP=F-a_pwK*boH)M(&fLKPg#%7)7{Vxskoz9k#J~2$KDq@
z-9~ZBo3Wy#hxdH1^t1ZW?UCUps=L@foHAqq<_TZ%F!kC|4bqR444^&jtXp*OW-5FT
znXu&BS5zl8ta?nek@Uf$b?&m{o^+J|Sk&sB7KS}SuK15BMC`Ff4t^h$?Dyy`Y8+nF
z8(_h62SF|*j$1nMlKZiaJ-!=Wo-61<TAi1x={pK#EC$ON%Ap)Z!!n^gQG0#Lspud;
zwUz16;N>6QeTCy_JhdFLN5Bz%!2;O{aEa7gn3cB-!{7J~>6LjpKzq*cGPQXbeJIx_
zQ_yfgn!^imYYz)za^}dZ(c!WubA(*T8fFd!tc<1hvNW4Li1OoPvgW!f4~CZ3jI;fL
z2i@ynFzs*#S$Z{GyZYf5XQI@axi003eh3>{&>h2dnon8AvPjQ!U<Zj7)^WCeF^SL;
zXnwp3W0`+z=dYpTM!o}03E^p@Gs6!)KEJ_~e19HxyXXi5o_Ud`bD;I4$nk`U`l>H>
zrKyYIu4iIR>Umv{RU`T6Gq{%px8Zm*<toi%-dlUy0>(EwO4P_6m;QKbcYW1o$<5oE
z)Ki_^5^2jkioJ*kd`UDN8_Q^W&7ci>eD=({jax^wMw|1kyEv!@^8H%HwxE(~Dm|Kp
zkAY@U-VnT&-j|Tto+L0;U?)UPwsIX=*2Vivrzy(VyL~1_Mf;N4cr%XYu*s0?(P`jd
zJe}d+zs8B?aRj?#cdZR0&!5&r6$o!&_O*iuofa<M3F`&7uokg|S9{F1bYcFb_oPzb
z1O=@ro7bi#-HM~~9^05cKh9^=EN})xhrVs1z;RMrd0gKZvwIGZsOs1)qQHXU72F}H
zJ1PRdy5&{UJ+(I{Ng`;9aioJ#w)}`2ogbp+uhrJt=|p<>iV&}^fP^dyJ{j(00A-7I
zYbtn3Mo5OoEn%*b(b_<caji6wUGS>g21WBtch~@^lCM)kd%W(ZeE=0B_n%}Xr{4m8
z2h`o<Dfk81n#bjFyiJ0?10`l52hK28Hy>~7IGJ)W0CT=V5X79y_C$1gPyq8vyUTYv
zZt}ipk}<bw<jGb6gT{WtetxZq;=jH<B}ZvSB2fN(7`tD&v8Ry!p|+;3uU_FGS?%3F
zkr-D%;1p}YcXg`oS=t!v+l8(Uk$<{X6yQn6neIYH^Wzy6J#mXUTglUBs(_xvnio8F
z2h!*O%DE*MiKq1B<wNGx|1pTxct;7p-7tlIv~7MDEk*sR-tR#G8PO;Y(BTDVCfH=}
z59ENx6XPb*{mq&weyHHF_;j}zksYylaP^OL*4rYibz=U+k=r(_P*7&T6oO`yy@^X;
zC0bQFB*A%YB%Q&M!jl)tk&hfrYg)@`l4k1U|MgmqdaBiCW#y69T24+gA*n_8NyQNB
z0{Q@?0hM~$#2yO_pd8NFNfva(km-d>yH!4321^**)D)3*RIkU7^7{8{b>u&|)z|^A
z#ev3xH57IWCW~IlSw2caN>y!6cUi}ZhWVDAaEm77Af@PV8U|Umh&boblPH-|vIU~t
z5S<hfD(KZvOgH_dTzPkMALU86ncTR^jw>$@Uz|LUDPQ{5(U1X@_Rp0c>wJ@R0>fhK
z3|S&sNLx>+>1_hm<ivh#RXwiTH8<uvjyJV}A4f@ojI-g*?Otkt3>H&yC8VP1YHS+`
z_6!_W*e5Z6!w?~i#5ahvlnlXegw}Q&ixs-eGp?D+t|jNjqml4OEWg<!?W9(_g`^4I
zm%Luh+E^LmQ%`oxSw@sy=tGOM!;l?wp32rOLueMN0ccehdVUrnZ(9fzp4>4ewQo<9
zaE_B<OU4uC#J+k|#Ax0{Uk%cy8yq+@AbAI+tXP^bvu_s>zkugUpMSdQ^}NxRK74Fi
za<+h*_u_uOemB2ATl+Iq-;-gvUwGaNTN-EaCFJ*?e7Ni@7ard*%4hR|z~4DS080q~
zUvz<75-~i5HK6g;rP}nGW>LXAroj{fH;tpmqA&W+1xZ@`HBBwvPR;sYK-95i@IKDY
zQteA1a*7X?Fns}@jLa}N9(~ba-?ps|3C)_PKN9)reW^H3a(Nm4xhKCb6wm}Tk<ZVV
zh@U4)=r~>tR_QhWBG-5uIY}nyX##uCP3hzj;FqCwcR|ia!T(pm34`ooqen8TQ2gB=
z+DNEy0sb_c-{j^db+9%=so?*3GXBRCe-b<~&Zc{6OrJ9^78|9=OJXzF1c9gDtIyP)
zLi{dHhIx&1x?zvSM_;T|ZCPziF$cf8`orkLXZ-2^<{6MnO_{2A+IHzmyD^QCmKS?u
z8`mIJp@CZJhPU{zdX-L|c>JaQ&)ENsqXjPQcuLhcoT?=&N<cQ{b&QB&0({OvR#$z#
zmMgg(!z`qV67}c1Ps=BO>ObE96yg7sy8_h^VO01-uRL#Ox69_s;C*2C$zpj%km#Nz
ztUt<bmkQQV{24XT8;;0=imTZiUK?KOn0@BESU_l&FKzn2<%fFc(m5Qi(+z-Agil;i
zm*3v1tiRT(*7W+8xt7&C&fQ<ISu3ZpUc^7sSL*ZM3G;^m7j=OEAdwumeooiQWNOSj
zKY)toX^m;Kh;Q&$=lwmyY_|VLG(q~5NKk#@GO_z>XT(E$A>`5I0f$|WNmu8fz4qw1
z%jBr{i%RY*jlgPgTuh0+t(<o@)SJw2Nc~xxNUTz|9*zv8<7!w{%0Mrz|D@?sriIVp
znE`d$JHK=CFHZHhHlH?$EhF}#X5}7kv)=RJnI*vvf006}9@xI>e4QF&XoMy5qnR_l
zxQJQ+SNJXVH4Lld!?R`JfxEh8d_k(g&}2_h&*J1eD?3Nyu(sTeESO?S(*z81;D72W
z{KIJej&SxM?q>`DNW0vhzi_=g8~SuvL3mqQ+-yTr^(U8_!c7as-1{Z?U0Kl+zbj8N
z?ih$U)+A;fy$<WrI!!S&OwgBo`59NjnYXOdQ$~NAjO3%q{S-SrSdpEud=t-2`7x-_
zX0qUfN_C$W6!(6;lM_3X%3(1l#5~ON6^8;xCtnLJky<_hw}z6JqnyUeW;k7SsxPZs
zV|f*lH#g-aI({mCW^1N*Uk}WJR0k=^!JqeRZij-W=8JnL44&GD{ap?G`>-5XJ^0)~
zS1X?MScVlijsCia>Ghc_QeZs_XemidEABhz>)XtJF&4{rCwPD-wUZCYOU+|wH*&7R
zQ?E2El2{$X2Az9zc~QCZ`lO0$o>9##=W|zaVJoNfFzcbqtpKE$`F2U0akta?i78_q
zt+?H+v)duH&+3VU1u7-WHMf{v$VoAE@#%DuV08uSM$hOuSxO`EJ!$3HY84GS>z*nR
zQ{A{#7DCkeH?G`0I}DbuA?0_*jZICnIE_$D$h@+FdB;nND_GgC8qG9fez!h5U$OXb
z$g^8j&!^Tz(-)T8;IWT2?39=CF`u?l>Bsxi9kOxa)}h}gyO!9j8rm$#P@e;J&6Z=;
znRmjYXP;50Bi4HpC1R^GxDo0t!OtDv_N`_Zi$C}#W#7jgwfvdeK>XO~8#znN)Lp4i
ztqKy&*3H}Z-5)Uf4~^QHXw$$zf(;vEYX`%=)XDSQ|4@@$&&o~4_fz*n&M3DIiUz)p
zazbj^3ai72ozAxAMiY+2`Ob;Anp9K5!XZ$ZcI`ZbCzmAg=SRdW6<gMxn?5Zhk2aIF
zKG%1=!1<^aP@oO&Y;SY_#a?a*YB~BjWFBwY^TY9%9kNh=O0nX;a*Ftq{Twy^7uHQN
zjg_4yMKZHA0Rv$}9I^|-HM6{HO7EvFGH?wKbZ_m~a@vCE5xwp441*ZrX_iOHVl(3-
z!JQC4gS)!)v*H{BVAUu0-^!$<WpP<1mb9oWLOpyxB8LOh&NV16v=GUJ=13@g++|op
z5{DFt_FXFp@2Rp*Q!^=6>T>dbw`*FZtZfhTd*q!<C^7@H(EUU{4TZh)<HVqV!lpP}
z&Dr0u@Tthd>$DYt4@?px$P47vbba1DWtTHSGwm_bT%i~JU|WA|8?-_E`V%=Y)zN-r
zh$^3W@zVLGa6-y6ve#EQDyB5OYT+BQ31F%&#Vh{3zD;4n6~;D7!#Y;*ZhzLo29vqg
KxP`EPVEzSR=3AKn

literal 0
HcmV?d00001

diff --git a/images/keri-teaser.webp b/images/keri-teaser.webp
new file mode 100644
index 0000000000000000000000000000000000000000..064f66c4cf26a201c9fdbfcc79f026bef4d111f2
GIT binary patch
literal 1908
zcmV-)2aEVpNk&F&2LJ$9MM6+kP&il$0000G00015003G506|PpNY(@Z00D50ZChBq
z2p>WSA%rl55JJdc2q6q1gb+gb5Z)jAzShneKtxOcemb7`?5OPWQJEx%d{U-4<byKZ
zA)gbuIOJoZuCRTJ46fHtX?&VK<ly5epCRh0!|O9Hx>rz#=_3-|AxPf*h~Y&5)nWaF
zOt<1b9F;Ga&VU&m)(^;ZlZ9B$e$x-=&V`h6JyMDQ5X)fxyGS=A`tzy@2*=-@PD5X~
zYdi4w>ZHi$dWL^Wl4wt~4J2Fmm)Ivxr-<$$Px%L_WW#Vm=5{@PFAkDfXb)Wb$R<CQ
zl_cZgoVaR9c5UMcNBpUiCaQDbq2z0gntrI!?C6d>0U%|rkojjC?S^ShJdPs^@?2s5
zkw&+Ic7Fy^t4Lj8{)tMzcy+@hsReN?X#9bLi}8)ldk@k)s=OA|(}?68+c<#gvA@>o
zYQ#d?a9IS9J(iaWU5#*ND`H7XNvyhp>}hyK)JrhN839SP^+|vB^8uQ}{z{`;aF+-i
z=iu{>YYp9DdLhugV5g?s+R-0~I`f6*sNAGX?q28?4u^SLpj!Y)Rqn5tPtcvdtvVAx
zRlZq4`$Dv$!?<fY8ENv}6rBq8bVGB_O_BCQ;YRIOHP1dM*~x)q4*-&*n@%S~pNx70
zJZw%(yjK9jV%#$vIk?=j0D`B}K{Yrc4(Hq=v@cu>dIm_ov_A>7JGw>9$ZGU0hm)a>
zRzYgK%Y))nG>2@6dgGSrghaauP-*7}!%0Bu4!cCXr5%^0sK!hHa5!Tv&{o`wS{xFU
zWZu!Oj_cM0rdo_kr_&6CVR1-QvhJXLqLZ58o=#g4b&>^~7KcP-d!d5V2tPUu3zhc7
zVzzi8v%iqR8L`@(=7~CG1xXE_INwMZg5~TmI+eD{5~3Q+I9~~PIGt_<x)l$Tr2#J-
zc$^&;qdO{3kPVJ!621Bi!_f$!(5-lW8Z3`mc_TR-f=E|o1G=H%L14wO`UYGM8xAky
zxk%6(uLq46x;1x*I;^Nx$Hvr=4W^|)4xAQc0}hWF?WSQzWkxspQX`4%96QiFW@M5F
zc3xD82IGQ|WQtDPBEw@r))PC0<cVgqg>oxUOSd4X$A*BdnIuCnDBieTxGWx95Y^+5
zJ=d+_GKv#;S7fK}L0+I9I|A=2$rw&C8bmF|ErPs2Uh=FNESNV2s~ZQ<oNLFS4S9uH
z<w2l5P>o{ot^kt5^eA+a4N(`!S!Ag>6VbSgWLyByo$(+vnhkNTka|Wh(apfT(Wpkb
zWruYoH2MQ_Es-2G-efu|Kr`a)GSUs*VX`E5F3t#`JRqq(pwTS=vQcisIOG<NT5C-y
z0YE4hmrubxjwfu$bSD5r<Gj(GSIsF207<FTu3Ya4e$lmtgMN~uUeo9R#CvyUEKAje
zhN#|&ll}ydeqm-jma0}kR=QIXR{@0iT1(g}d5|-q(AOyQ2@ucu!j%R4LlL>Sn9=zR
zK*()8(_RzaJ|-6n8rPF!##C#)dhchgIRyZrTvc8OovRI*tFs+=F&(ulNoti%sd2d>
z)9q&tcyn;Q9r7rY!SxK(T5Cy3@P1n(+3S%kNu^Cb)C0er^})L%;MYU{nTmfb`V&3k
zKc(txGvR-w&R2TEpC3&(%^L89srD!HDghrFQmOWl1iuPaP&goP0ssII4*;D3Dq8?s
z06xW1qD!a0qan3Yz5DPOiEIGLylD-*lk9HZouWvJ-T&S_Ms0xe0q14u8~slB*7Ilh
zyaHdq3UAaZu;krhI=sfY<W&3BKM?fPW`q|vqeqyPU0PuYp5EsMthFl6h-++tmJry_
z(%&+8OM%3vuc)?<_hdQ%0RAi>D)``)+l~0|OdS*%Q>f!PWz4-W@Y+?FQqWG2_~(#z
z*mUr9n@(4z5MMvy@U0n$B>T*WjIsPf%6-(`a(Q+;IXf($HB($JgEtwg%SW(C3M^qN
z$N%3qgnZVG*jXWdq(|Gv$&S0nml7^&`Ci}uzoJ*WL~9o9nPS~aME+#^Zn+UN_<<s;
z7tEB)u&q`yVN1<+a)tQvv_K+<Owb{S|299y9coH0`(*EYjpSb+-|-2APi1HIa`Nk?
z(Lt1av!#qi(YarkDTO6j`U;J5Hi&>`sek&ObVvKp`4M$llL9k-6-ZWd90nDv_^Md*
zOb;?D6A9<DHO?X-0sRm9)Pt5>kazFmVP>T3b@1pEBItLTh<KZ->5}nR6$U_rmz<|e
zfFyme>ryn7p?&u2w~ok#B{wZScs&$H0Y~o!vnyOR1nSlEFT^2IM(XYFI}litajBfi
ziSXP6iUJ2Y<bt)hU6<XUEN;3QxPo0Q+ovKt)pPr27`<3eS`Xw1?NLn`Z1Zr_??a;}
z<g1L>=+*HTw-YXy+5qX#c^LB;U|WRu`+xdeFLvL5|JrSrQ*4ZRdZ(Q9co{?wL_quc
u@jgr8Pn`l@=lli<+yC1?y~rc^i3@Ge_%$|V*PjqllZ1>$LnD2!0000<W{-^k

literal 0
HcmV?d00001