W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: decentralised

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Wed, 15 Jun 2016 09:37:13 -0400
To: Melvin Carvalho <melvincarvalho@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>
Cc: W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <57615A09.9020203@digitalbazaar.com>
On 06/15/2016 04:31 AM, Melvin Carvalho wrote:
> On 14 June 2016 at 16:21, Manu Sporny <msporny@digitalbazaar.com
> <mailto:msporny@digitalbazaar.com>> wrote:
>     On 06/13/2016 07:33 PM, Melvin Carvalho wrote:
>     > "The Web currently does not have a mechanism where people and
>     > organizations can claim identifiers that they have sole ownership
>     > over. Identifiers, such as those rooted in domain names like emails
>     > addresses and website addresses, are effectively rented by people
>     > and organizations rather than owned. Therefore, their use as
>     > long-term identifiers is dependent upon parameters outside of their
>     > control. One danger is that if the rent is not paid, all data
>     > associated with the identifier can be made temporarily or permanently
>     > inaccessible. This document specifies a mechanism where people and
>     > organizations can cryptographically claim ownership over identifiers
>     > such that they control them and the documents that they refer to."
>     >
>     > This is not a significant danger.  It's like saying the google could
>     > lose google.com <http://google.com> <http://google.com> due to
>     factors outside of their
>     > control.  It wont happen, will it?

Is the assertion that Google will be around forever -- or at least
longer than anyone's lifetime? Is the assertion that the likelihood of
Google losing its domain is the same as the likelihood of some random
person? What about some random person who falls on difficult times and
can't pay for their domain? What about some random person that needs an
identifier that doesn't reveal certain aspects about them by being
attached to their domain?

I don't think this covers many cases.

> Have a look at
> https://tld-list.com/
> There's a few domains in the $1-$2 range.
> Lets encrypt certs are free.  But well HTTPS is not mandatory for a
> domain. 

Certificates may be free, paying for the education to be able to
maintain one and use Lets encrypt is not free (in many countries). HTTPS
may be mandatory to be able to adequately prove various assertions about
your identity.

> But actually I think everyone should get credit from the govt to have
> one domain (and probably server space) for free.

Which government? While a laudable goal, not every government is free
and stable.

> This is a service that
> should be a utility and covered by tax revenue, or passport registration
> fees.  It should be started from school so that children have the
> ability to learn programming.

This may work coming from a first world perspective. What about everyone

> For example have a look at what you can get for 2.99 a month from scaleway:
> https://www.scaleway.com/
> 2 x86 64bit Cores
> 2GB Memory
> 50GB SSD Disk
> 200Mbit/s
> Unmetered bandwidth

Again, consider the perspective. This approach works for people living
in first world countries with tech experience and the desire to run
their own servers and/or governments that they trust to indefinitely
provide these services on their behalf.

Second of all, how are you going to pay for that in the first place? Are
you going to present some identity and/or payment credentials that you
already possess? I think perspective is key here.

Dave Longley
Digital Bazaar, Inc.
Received on Wednesday, 15 June 2016 13:37:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:17:53 UTC