W3C home > Mailing lists > Public > public-credentials@w3.org > December 2019

Re: DIDs available by satellite. A curiosity, an exploration.

From: Brent Shambaugh <brent.shambaugh@gmail.com>
Date: Tue, 3 Dec 2019 14:27:58 -0600
Message-ID: <CACvcBVoR=ay2_npfj8sh-GM0A-5HvbSKHGOxtSX+fd_NoWG2+A@mail.gmail.com>
To: Sam Mathews Chase <samantha@venn.agency>
Cc: Credentials Community Group <public-credentials@w3.org>, Mike Lodder <mike@sovrin.org>, Wolf McNally <wolf@wolfmcnally.com>, David Hoffman <dhoffman32@gmail.com>
Hi Sam,s

I met Jim Cantrell from Stratspace in Tuscon recently. We have known each
other for awhile, and get along well. We both have engineering backgrounds.
He was involved with both generations of the Iridium Network [1],[2]. I
also have been in touch with Kim Hamilton Duffy. She is up for updates and
I assume amusements, but she is quite buried.

I ordered a RTL-SDR. I might also get an Hack-RF clone. The RTL-SDR website
looks like a great place to start [3],[4]. This will require
a bit of a struggle.

Blockstream is a free service worth tinkering with. They have their
satellites in geosynchonous orbit which is unlike Iridium's closer
orbits.

I'm guessing that it would be better to follow an Iridum kind of thinking
to minimize device size. It is not rational to expect
people to carry around bulky hardware if they are going to replace their
wallet and perhaps a Yubikey(TM). I believe you
said something somewhere agreeing with this.

The video that I linked to was Daniel Hardman's talk on Peer DIDs [5]. I'm
sure you will also like the did:key method talk discussed
in today's call. Perhaps it could help move Critical Use Cases for Offline
Credentials forward?

I may have some overlap with the Verifiable Driving Event Data Chain in
your RWoT Barcelona paper.

Tyler Ruff's Verifiable Credentials 101 talk helps a lot with understanding
how Issuer, Holder, and Verifier play together [6].

I am not sure how public keys, DIDs, and DID documents play together. Is it
possible to get a DID document from decoding the base58 string?
What is the relation of the DID and public key?

"Creating a did:key value consists of creating a cryptographic key pair and
encoding the public key using the format provided in Section 2. The did:key
Format <https://digitalbazaar.github.io/did-method-key/#format>. The
creation of a DID Document is also performed by taking the public key value
and expanding it into DID Document. An example is given below that expands
the ed25519 did:key did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH
into its associated DID Document" [6]

What about a verifiable credential that only needs to see a public ledger
if it has not been seen before or is not in the "database"?


[1] ,[2] : https://www.iridium.com/,
https://www.nasaspaceflight.com/2018/03/iridium-next-5-satellites-spacex-falcon-9
<https://www.iridium.com/>
[3],[4] :
https://www.rtl-sdr.com/talk-decoding-data-from-iridium-satellites/,
https://www.rtl-sdr.com/rtl-sdr-tutorial-receiving-noaa-weather-satellite-images/
[5] :
https://ssimeetup.org/peer-dids-secure-scalable-method-dids-off-ledger-daniel-hardman-webinar-42/
[6] : https://digitalbazaar.github.io/did-method-key/#create

-Brent

On Sat, Nov 30, 2019 at 12:38 AM Sam Mathews Chase <samantha@venn.agency>
wrote:

> Hi Brent!
>
> My company, Venn.Agency is a permanent contractor of Seaspan ULC and the
> Vancouver Shipyards. We are currently rolling out our *verifiable* safety
> training focused on emergency response and fire safety. The risk of fire to
> a vessel or ship build is the number one thing keeping Lloyd's Actuaries up
> at night. We're working to establish a new risk category in which everyone
> who enters a vessel or works in the shipyard has gone through our active
> simulation training and learned important safety information. We're
> maintaining an occupancy percentage over a set threshold which issues a
> "Certificate of Recognition" COR
> <https://www.worksafebc.com/en/health-safety/create-manage/certificate-recognition>
> [equivalent] Credential to BC Gov's Orgbook.
> <https://orgbook.gov.bc.ca/en/home> Kim Hamilton Duffy has designed our
> system's architecture and can offer more insight if you have
> specific questions.
>
> The thing I myself most worry about is how freakin' easy it is to hack a
> big ship... or a tank for that matter 😳
> I co-authored a paper with Wolfe McNally and Michael Lodder (on cc) at
> Rwot Toronto outlining Critical Use Cases for Offline Credentials.
> <https://nbviewer.jupyter.org/github/WebOfTrustInfo/rwot7-toronto/blob/master/final-documents/offline-use-cases.pdf>
>
> On Satcoms, there are very narrow bandwidths for encryption and
> unfortunately, on top of that, a lot of passwords are password. Pentest
> Partners
> <https://www.pentestpartners.com/security-blog/sinking-container-ships-by-hacking-load-plan-software/>do
> a lot of good work exposing vulnerabilities and associated risk in ships
> and satcoms more broadly.
>
> It is my personal belief, that focusing technical solutions and early
> adoption towards critical infrastructure (government, workforce data
> providence and privacy, heavy industry/high-risk safety and environmental
> compliance, etc) is the best way to make lasting change. I welcome you,
> (and anyone else on this thread) to comment- offer some insights,
> corrections, or alternate points of view on our soon to be published Rwot
> Barcelona paper: Driving Adoption with a Focus on Safety, Security &
> Compliance.
> <https://docs.google.com/document/d/1E-yJ5LJDCwE3yOD-U7Q5Yz2GyI2-hgk33IiZ80JalUU/edit?usp=sharing>
>
> I'm keen to know who else is working in or near these use cases?
> Currently, historically, hypothetically or all of the above!
>
> Also, the link to your video is dead. Can you recover it for me?
>
>
> *Sam Mathews Chase*
> *Founder, Venn.Agency*
> *-------------------------------------------------------*
> *Move Slow and Fix Things.*
> *-------------------------------------------------------*
> *samantha@venn.agency <samantha@venn.agency>*
>
>
> On Fri, Nov 29, 2019 at 1:10 PM Brent Shambaugh <brent.shambaugh@gmail.com>
> wrote:
>
>> To whom it may concern:
>>
>> I have been wondering: Would it be useful to work on a solution that
>> makes DIDs resolvable anywhere on the surface of the earth with Satellites?
>>
>> It does not seem broadband is needed, and when studying DIDs it seems
>> like only a small part of the time does one need to verify a DID for a
>> particular identity [1].
>>
>> [1] "Peer DIDs: a secure and scalable method for DIDs that's entirely off
>> ledger" https://www.youtube.com/watch?v=d-5MmLLd3x
>>
>> Thanks for your time,
>>
>> Brent Shambaugh
>>
>
Received on Tuesday, 3 December 2019 20:28:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:19:06 UTC