W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: decentralised

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Wed, 15 Jun 2016 10:31:25 +0200
Message-ID: <CAKaEYhKfh1rpo+xfRBo7x+WxMrNy9nv+kQ5aQ=b-01Wp+30kdQ@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: W3C Credentials Community Group <public-credentials@w3.org>
On 14 June 2016 at 16:21, Manu Sporny <msporny@digitalbazaar.com> wrote:

> On 06/13/2016 07:33 PM, Melvin Carvalho wrote:
> > "The Web currently does not have a mechanism where people and
> > organizations can claim identifiers that they have sole ownership
> > over. Identifiers, such as those rooted in domain names like emails
> > addresses and website addresses, are effectively rented by people
> > and organizations rather than owned. Therefore, their use as
> > long-term identifiers is dependent upon parameters outside of their
> > control. One danger is that if the rent is not paid, all data
> > associated with the identifier can be made temporarily or permanently
> > inaccessible. This document specifies a mechanism where people and
> > organizations can cryptographically claim ownership over identifiers
> > such that they control them and the documents that they refer to."
> >
> > This is not a significant danger.  It's like saying the google could
> > lose google.com <http://google.com> due to factors outside of their
> > control.  It wont happen, will it?
> No, that will probably not happen, but people do lose access to services
> (and thus the identifiers for those services) for a variety of reasons.
> For example, I used to have this email address:
> msporny@marshall.edu
> and then this one
> msporny@vt.edu
> and now I have this one
> msporny@digitalbazaar.com
> Only one of those work these days. I've lost access to the other two,
> and with them, I lost access to all of my personal data and identities
> tied to those identifiers.

Yes user@host identifiers are vulnerable to his.  My sister actually got
locked out of her gmail because someone else tried to access it.  Since she
doesnt remember her recovery address password, she's lost a chunk of her
internet access and it's a traumatic experience.

> > The fact is there's a small management fee for maintaining a global
> > lookup table, which can be as low as $1 a year, and if you want a
> > vanity address it's a bit more expensive.
> The last time I checked, a domain and SSL certificate cost a bit more
> than $1/year, not to mention hosting fees. :)

Have a look at


There's a few domains in the $1-$2 range.

Lets encrypt certs are free.  But well HTTPS is not mandatory for a

But actually I think everyone should get credit from the govt to have one
domain (and probably server space) for free.  This is a service that should
be a utility and covered by tax revenue, or passport registration fees.  It
should be started from school so that children have the ability to learn

For example have a look at what you can get for 2.99 a month from scaleway:


2 x86 64bit Cores
2GB Memory
50GB SSD Disk
Unmetered bandwidth

Countries should start investing in programs like this to become
competitive members of the digital economy.  W3C and other groups should
probably lobby for it.

The Vice President of the EU and president of Estonia recently visited
MIT.  He said the savings they are making through digital signatures is 2%
of GDP.  And their military budget is 2% GDP.  So digital signatures fund
their military!

> Having a secure domain that you control with services attached to it
> costs roughly $223.64/year. This is what we pay for a barebones VM at a
> generic hosting provider with domain and SSL cert fees factored in.
> Before someone claims that they can do it for half of that price, keep
> in mind that we haven't factored in maintenance, security updates, or
> just "keeping the site" running into that equation at all.
> Also keep in mind that the price above assumes that you know how to
> setup and maintain these systems. The vast majority of the human
> population (99.9%) has no idea how to do that.
> Running a self-sovereign service on the current Internet is a very
> expensive proposition.
> Walk into to a refugee camp and tell them that they can self-issue
> identifier documents (this is one of our use cases, btw) to help them
> transition to another country and all it'll cost them is $223.64/year.
> It's a non-starter.

That would be a high end super paranoid solution.  See my costings above.

A more practical approach would be a community leader to host a website for
the village to facilitate organization of that community.

> > What you get for that price is participation in the biggest global
> > network in the history of the planet, allowing you to publish
> > arbitrary documents and code, for you, and anyone you wish to put on
> >  a subdomain. We've never had anything like this before.
> While it's true that we've never had anything like this before, it's
> also a solution that assumes you have lots of money or you're willing to
> trade your self-sovereignity for a "free" service (which many do today).
> There's a better way, which is what WebDHT, Namecoin, OneName, and
> others are attempting to pursue.
> I know you already agree with a good bit of this, Melvin. :)
> I'm primarily taking issue with the "This is not a significant danger."
> statement. I think that's a dangerous way to think about the issue
> because it leaves some of the most vulnerable people on the planet
> without a solution to their needs (documenting that they are living
> human beings).

In a global namespaced URI system you can use all sorts of identifiers that
play well together.  The question is one of which to prioritize and why.
HTTP(S) stands out because it has a network effect of 3 billion+

The risk of losing your domain via ICANN is vanishingly small compared with
the advantages.  I think a better way is to train people to run their own
HTTP servers cheaply.  And hopefully it will become a utility like running

> -- manu
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The Web Browser API Incubation Anti-Pattern
> http://manu.sporny.org/2016/browser-api-incubation-antipattern/
Received on Wednesday, 15 June 2016 08:31:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:17:53 UTC