- From: Steven Rowat <steven_rowat@sunshine.net>
- Date: Fri, 29 Sep 2017 10:21:12 -0700
- To: public-credentials@w3.org
On 2017-09-29 8:15 AM, Manu Sporny wrote: > Here is a short video that we have put together > to explain and demonstrate the current capabilities: > > https://youtu.be/tQzQKZKF93w After watching this, it seems possible that another announcement I saw this morning might be useful to the DID system. It's described as 'discovery' of a way to protect against certain types of MITM attacks, especially at the ISP level, by registering the key in a ledger as a certificate: "Computer scientists address gap in messaging privacy". Here's the report on phys.org: https://phys.org/news/2017-09-scientists-gap-messaging-privacy.html Here's a single example paragraph that should explain it, from the phys.org report: "Example of solution in practice "To prepare for receiving a message, Robert's device certifies an encryption key, and publishes the certificate in the ledger. To send a message, Sally's device uses a cryptographic process to fetch and verify the certified encryption key from the ledger. She then uses it to send a message to Robert, who opens it with the corresponding decryption key." I'm not sure it's applicable in DID work, because I don't completely understand the relation between cryptographic keys and ledgers in DID so far. But my hunch is that DID isn't registering the keys themselves at this point, so maybe it will be of interest. Steven
Received on Friday, 29 September 2017 17:21:35 UTC