W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: decentralised

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 14 Jun 2016 10:21:09 -0400
Message-ID: <576012D5.4030208@digitalbazaar.com>
To: public-credentials@w3.org
On 06/13/2016 07:33 PM, Melvin Carvalho wrote:
> "The Web currently does not have a mechanism where people and 
> organizations can claim identifiers that they have sole ownership 
> over. Identifiers, such as those rooted in domain names like emails 
> addresses and website addresses, are effectively rented by people
> and organizations rather than owned. Therefore, their use as
> long-term identifiers is dependent upon parameters outside of their
> control. One danger is that if the rent is not paid, all data
> associated with the identifier can be made temporarily or permanently
> inaccessible. This document specifies a mechanism where people and
> organizations can cryptographically claim ownership over identifiers
> such that they control them and the documents that they refer to."
> This is not a significant danger.  It's like saying the google could 
> lose google.com <http://google.com> due to factors outside of their 
> control.  It wont happen, will it?

No, that will probably not happen, but people do lose access to services
(and thus the identifiers for those services) for a variety of reasons.

For example, I used to have this email address:


and then this one


and now I have this one


Only one of those work these days. I've lost access to the other two,
and with them, I lost access to all of my personal data and identities
tied to those identifiers.

> The fact is there's a small management fee for maintaining a global 
> lookup table, which can be as low as $1 a year, and if you want a 
> vanity address it's a bit more expensive.

The last time I checked, a domain and SSL certificate cost a bit more
than $1/year, not to mention hosting fees. :)

Having a secure domain that you control with services attached to it
costs roughly $223.64/year. This is what we pay for a barebones VM at a
generic hosting provider with domain and SSL cert fees factored in.
Before someone claims that they can do it for half of that price, keep
in mind that we haven't factored in maintenance, security updates, or
just "keeping the site" running into that equation at all.

Also keep in mind that the price above assumes that you know how to
setup and maintain these systems. The vast majority of the human
population (99.9%) has no idea how to do that.

Running a self-sovereign service on the current Internet is a very
expensive proposition.

Walk into to a refugee camp and tell them that they can self-issue
identifier documents (this is one of our use cases, btw) to help them
transition to another country and all it'll cost them is $223.64/year.
It's a non-starter.

> What you get for that price is participation in the biggest global 
> network in the history of the planet, allowing you to publish 
> arbitrary documents and code, for you, and anyone you wish to put on
>  a subdomain. We've never had anything like this before.

While it's true that we've never had anything like this before, it's
also a solution that assumes you have lots of money or you're willing to
trade your self-sovereignity for a "free" service (which many do today).

There's a better way, which is what WebDHT, Namecoin, OneName, and
others are attempting to pursue.

I know you already agree with a good bit of this, Melvin. :)

I'm primarily taking issue with the "This is not a significant danger."
statement. I think that's a dangerous way to think about the issue
because it leaves some of the most vulnerable people on the planet
without a solution to their needs (documenting that they are living
human beings).

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Web Browser API Incubation Anti-Pattern
Received on Tuesday, 14 June 2016 14:21:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:17:53 UTC