- From: Amir Hameed <amsaalegal@gmail.com>
- Date: Sat, 24 Jan 2026 12:43:08 -0800
- To: Manh Thanh Le <vnlemanhthanh@gmail.com>
- Cc: Steven Rowat <steven_rowat@sunshine.net>, Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CANGYBsx-UOHh+YjpWH-4Z8_sVTx9xjkirrXE_XBrrauqH=sa4A@mail.gmail.com>
*Dear Mạnh Thành Lê,*
Your pivot to a *"Stateless Causal Protocol"* is a compelling response to
the scalability trap. By placing the burden of history on the participant
rather than the network, you've moved closer to the "Restraint" I advocate
for.
However, if we are to truly treat *L0 as Physics*, we must address two
critical architectural hurdles that remain:
1. Implementation Agnosticism (Beyond the Digest)
A true "Physics of Trust" cannot be wedded to a specific cryptographic
primitive like SHA-256. If L0 is to be an immutable foundation for
centuries, it must be *Algorithm Agnostic*.
-
*The Risk:* Cryptographic standards have "shelf lives" (as we saw with
MD5 and SHA-1).
-
*The Requirement:* The "6-field arithmetic core" must treat hashing
as a *functional
slot*, not a fixed value. The lineage should be verifiable regardless of
whether the underlying math is a classical hash or a post-quantum
multilinear map. Truth should be a result of the *relation*, not the
*algorithm*.
2. The "Virtual Physics" Problem (TCP/UDP Deception)
You describe L0 as the "engine that ensures trust." But in the real world,
"Physics" is mediated by the *Transport Layer (TCP/UDP)* and the *Socket
Level*.
-
*The Vulnerability:* We now live in an era of *Virtualized Networks*
(SDNs, WireGuard, Overlay Networks). These layers can "fake" the physics. A
socket connection can be spoofed, packet timing can be manipulated, and the
"ancestral substrate" can be simulated by a virtualized observer.
-
*The Challenge:* How does Glogos distinguish between "Real-World
Physics" and a "Virtualized Simulation"? If the causal engine relies on the
network stack as its witness, it inherits all the fragilities of that stack.
The Minimal Defensible Boundary
If we are to "co-evolve this substrate," we must ensure that the *L0/L1
boundary* is not just a software distinction, but a *hardware-attested* or
*entropy-bound* one.
Identity-native networking cannot just trust the "heartbeat" if the heart
itself is running inside a virtual machine that can pause, rewind, or clone
the state.
*I propose this challenge:* How can Glogos ensure *Causal Integrity* when
the underlying network fabric (the TCP/UDP packets) is increasingly
ephemeral and programmable?
I look forward to your thoughts on how we anchor this "Digital Script" not
just in sunlight, but in a way that is blind to the deception of the
virtual stack.
With respect,
*Amir*
On Sat, 24 Jan 2026 at 10:30, Manh Thanh Le <vnlemanhthanh@gmail.com> wrote:
> Dear Amir,
>
> Thank you for the sharp architectural critique.
>
> Your concern — that a global causal DAG acts as an engineering liability
> and a privacy side-channel — is correct if the network is responsible for
> synchronization and global state.
>
> Glogos, however, is a stateless causal protocol (layer 0). It is designed
> to be the immutable foundation that exists beneath the interaction layer,
> without requiring global consensus.
>
> 1. The engineering liability (scalability)
> The bottleneck exists only if we treat Glogos like a ledger.
> - Truth is a path, not a state.
> - In trade and traceability, the burden of history is on the provenance
> path provided by the participant making the claim, not the network
> infrastructure.
> - Scalability is resolved by subgraph verification: A verifier only
> validates the specific lineage of ancestors required for a transaction. The
> rest of the planetary event volume is irrelevant to the verification.
>
> 2. The privacy liability (topological leakage)
> You are right: event chronology is sensitive metadata. Glogos addresses
> this through architectural restraint:
> - Implicit privacy: There is no global sync layer. Without a global
> observer, the topology is only disclosed piecewise during specific
> interactions.
> - Causal masking: The structure allows for opaque refs (hashed
> commitments), masking behavior patterns while maintaining the verifiable
> causal link.
>
> 3. The defensible boundary
> The distinction between identity infrastructure and stateful truth defines
> our stack:
>
> - L2 (contextual truth): Applications. Jurisdictions, interpretations, and
> contradiction management.
> - L1 (identity-native addressing): UDNA, DIDs & VCs. The network protocol
> and primitives. UDNA routes the connection, while DIDs and VCs define the
> identity and credentials.
> - L0 (causal physics): Glogos. Hashing, signing, referencing. The causal
> engine that ensures trust is earned through verifiable provenance.
>
> As you noted, "trust is a function of identity, not location." Glogos
> simply adds the layer where identity itself is a function of verifiable
> history.
>
> Restraint is the feature. Glogos is the mechanism that allows participants
> to remain the controllers of their own history.
>
> I am eager to hear if this distinction moves us closer to a shared
> architectural understanding.
>
> With respect,
>
> Mạnh Thành Lê
> -----------------------------------------------------------
> SHA-256("") — From nothing, truth emerges
> <https://github.com/glogos-org/glogos/blob/main/shared/artifacts/genesis-artifact.json>
>
>
> On Sat, Jan 24, 2026 at 11:56 PM Amir Hameed <amsaalegal@gmail.com> wrote:
>
>> Thank you for the detailed explanation and for grounding it in code — I
>> appreciate the rigor and the spirit of collaboration.
>>
>>
>> Let me share a concern that sits at the architectural level rather than
>> implementation detail.
>>
>>
>> The strong temporal / causal framing (global or even large-scale identity
>> DAGs) introduces two fundamental bottlenecks:
>>
>>
>> 1. Engineering & scalability
>>
>>
>> When event volume becomes large (key rotations, attestations,
>> interactions, delegations, revocations, etc.), maintaining and traversing a
>> causal DAG becomes:
>>
>>
>> -
>>
>> computationally expensive,
>> -
>>
>> storage heavy,
>> -
>>
>> synchronization sensitive,
>> -
>>
>> and operationally complex in adversarial and
>> intermittent-connectivity environments.
>>
>>
>> At planetary scale, this quickly becomes an engineering liability rather
>> than a strength.
>>
>>
>> 2. Privacy & domain boundaries
>>
>>
>> In sensitive domains (finance, healthcare, legal identity):
>>
>>
>> -
>>
>> event chronology itself is sensitive metadata,
>> -
>>
>> graph structure leaks behavioral patterns,
>> -
>>
>> correlation becomes unavoidable over time.
>>
>>
>> Even if encrypted, the existence, ordering, and linkage of events form a
>> powerful side-channel.
>>
>>
>> Not everything should become part of a globally observable or
>> synchronizable structure.
>>
>> ------------------------------
>>
>> On “truth” and where it should live
>>
>>
>> I would argue that truth cannot be fully externalized into a network
>> structure.
>>
>>
>> Truth in real systems has:
>>
>>
>> -
>>
>> partial observability,
>> -
>>
>> delays,
>> -
>>
>> reversals,
>> -
>>
>> jurisdictional boundaries,
>> -
>>
>> subjective interpretations,
>> -
>>
>> and legitimate contradictions.
>>
>>
>> Reducing this into a single causal graph risks over-formalizing something
>> that is inherently contextual.
>>
>>
>> From a pragmatic standpoint:
>>
>>
>> the strongest root of truth should remain with the user (or the local
>> authority they choose), not with the network.
>>
>>
>> The network should verify claims, not attempt to become the historical
>> substrate of reality.
>>
>> ------------------------------
>>
>> On DIDs and causal attestation
>>
>>
>> If we perform an ablation study:
>>
>>
>> -
>>
>> DIDs + signatures already provide:
>>
>> -
>>
>> cryptographic continuity,
>> -
>>
>> key rotation,
>> -
>>
>> recovery,
>> -
>>
>> delegation,
>> -
>>
>> and verifiable causal chains when needed.
>>
>>
>>
>> Causality can be expressed locally and selectively, without enforcing a
>> globally accumulated structure.
>>
>>
>> In other words:
>>
>>
>> causal proof ≠ global causal memory.
>>
>>
>> Selective disclosure + signed statements already cover most real-world
>> requirements with far better privacy and scalability properties.
>>
>> ------------------------------
>>
>> A pragmatic boundary
>>
>>
>> So my current view is:
>>
>>
>> -
>>
>> Identity systems should be:
>>
>> -
>>
>> minimal,
>> -
>>
>> privacy-preserving by default,
>> -
>>
>> user-anchored,
>> -
>>
>> and selectively composable.
>>
>>
>>
>> Not every truth needs to become network truth.
>>
>> Not every event needs to become global history.
>>
>>
>> At planetary scale, restraint is a feature, not a limitation.
>>
>> ------------------------------
>>
>> That said, I do see strong alignment in the goal of identity-native
>> networking and in the desire to remove centralized trust anchors. My
>> position is simply that:
>>
>>
>> the network should route identities,
>>
>> applications should manage truth,
>>
>> and users should remain the ultimate custodians of their own history.
>>
>>
>> I’m very open to continuing this discussion — especially around where the
>> minimal, defensible boundary between identity infrastructure and stateful
>> truth systems should lie.
>>
>>
>> With respect,
>>
>> Amir
>>
>>
>> On Sat, 24 Jan 2026 at 9:53 PM, Manh Thanh Le <vnlemanhthanh@gmail.com>
>> wrote:
>>
>>> Dear Amir,
>>>
>>> Thank you for the warm welcome and the bridge you are building with UDNA.
>>> I am aware of the UDNA Community mission to treat identifiers as
>>> first-class network primitives. It is a critical piece of the puzzle.
>>>
>>> To respect the community's time, this response answers your 4
>>> architectural questions directly with "show, don't tell" evidence from
>>> codebase.
>>>
>>> 1. Identity model (causal integrity vs. static resolution)
>>>
>>> Q: How does Glogos handle identity lifecycle concerns such as key
>>> rotation, recovery...
>>>
>>> In Glogos's design, identity is a temporal process anchored in a causal
>>> DAG.
>>>
>>> - Recovery: Glogos supports BIP39 mnemonics at the edge (implemented in `
>>> glo-cli <https://pypi.org/project/glo-cli/>`) to ensure controllers can
>>> recover their private key seed independently of any provider.
>>> - Rotation: Lifecycle events like key rotation are appended as
>>> attestations that physically point to their ancestors.
>>> This ensures the "heartbeat" (evidence of liveness) is built into the
>>> chronological graph of its actions.
>>>
>>> The Code: `examples/use-cases/key-rotation.ts
>>> <https://github.com/glogos-org/glogos/blob/main/examples/use-cases/key-rotation.ts>`
>>> demonstrates how a persistent identity survives key compromise by
>>> maintaining a verifiable inheritance chain.
>>>
>>> Contrast: UDNA resolves the current address; Glogos provides the "causal
>>> pulse" that proves the legitimacy of that address.
>>>
>>> 2. Coordination vs. Transport (Substrate vs. Architecture)
>>>
>>> Q: Do you see Glogos as complementary... or as an alternative?
>>>
>>> Complementary. Glogos is the substrate of truth (the water/state), while
>>> UDNA is the addressing architecture (the pipe/network).
>>>
>>> The philosophy: UDNA provides the "first-class network addressing" (how
>>> to find). Glogos provides the "first-class cryptographic soul" (what is
>>> true).
>>> Without the water (truth), the pipes (network) are empty; without the
>>> pipes, the water cannot reach its destination.
>>>
>>> The synergy: Your reference to "identity-native networking" is a perfect
>>> wrapper for this "causal integrity substrate".
>>> Glogos is designed to work entirely offline (as shown in `
>>> examples/use-cases/supply-chain.ts
>>> <https://github.com/glogos-org/glogos/blob/main/examples/use-cases/supply-chain.ts>`),
>>> providing the resilient state that UDNA can then route once a connection is
>>> established.
>>>
>>> 3. Adversarial environments (Sybil resistance)
>>>
>>> Q: How does Glogos address Sybil resistance... in public-goods?
>>>
>>> Glogos does not use central authorities (KYC). Glogos uses topology.
>>>
>>> The code: `examples/use-cases/sybil-resistance.ts
>>> <https://github.com/glogos-org/glogos/blob/main/examples/use-cases/sybil-resistance.ts>`
>>> simulates an attacker creating 50 Sybil bots.
>>>
>>> The defense: The system uses a trust graph (web of trust). The "voting
>>> power" naturally decays with graph distance from the observer.
>>> An attacker can create 1 million bots, but if no honest node bridges to
>>> them, their mathematical influence is zero.
>>>
>>> 4. Interoperability (the envelope metaphor)
>>>
>>> Q: Is your intent for Glogos to integrate directly with existing DID /
>>> VC stacks...?
>>>
>>> Logical separation. Glogos does not seek to compete with `did:cel` or
>>> VCs. Glogos wraps them to give them "physicality".
>>>
>>> The mechanism: `examples/use-cases/standards-bridge.ts
>>> <https://github.com/glogos-org/glogos/blob/main/examples/use-cases/standards-bridge.ts>`
>>> explicitly wraps W3C VCs (the "letter") inside Glogos attestations (the
>>> "envelope").
>>>
>>> Result: One can use UDNA for addressing and W3C VCs for semantics, while
>>> Glogos provides the causal integrity (time/ordering) beneath them.
>>>
>>> Conclusion
>>>
>>> If UDNA is the "nervous system" of the identity-native web, Glogos is
>>> its "immutable memory".
>>> Glogos is ready to support the UDNA mission by providing the immutable
>>> state layer needed to make decentralized routing truly robust.
>>>
>>> With respect,
>>>
>>> Mạnh Thành Lê
>>> -----------------------------------------------------------
>>> SHA-256("") — From nothing, truth emerges
>>> <https://github.com/glogos-org/glogos/blob/main/shared/artifacts/genesis-artifact.json>
>>>
>>>
>>> On Sat, Jan 24, 2026 at 9:52 PM Amir Hameed <amsaalegal@gmail.com>
>>> wrote:
>>>
>>>> Hi Manh
>>>>
>>>> Thank you for sharing Glogos and the thinking behind a logic substrate
>>>> for coordination. I appreciate the emphasis on treating commitments and
>>>> contributions as first-class cryptographic objects — that is an important
>>>> direction for decentralized systems.
>>>>
>>>> I’m writing from the perspective of building UDNA (Universal DID-Native
>>>> Addressing), which approaches similar coordination problems from an
>>>> identity-native networking angle.
>>>>
>>>> As brief context, UDNA focuses on:
>>>>
>>>>
>>>> -
>>>>
>>>> using DIDs as first-class network addresses,
>>>> -
>>>>
>>>> integrating identity resolution, key management, and secure routing,
>>>> -
>>>>
>>>> enabling agent-to-agent coordination and communication aligned with
>>>> DID Core, DIDComm, and VC ecosystems.
>>>>
>>>>
>>>> From reading your proposal, Glogos appears to focus on:
>>>>
>>>>
>>>> -
>>>>
>>>> a DAG-based attestation structure anchored to a universal hash
>>>> constant,
>>>> -
>>>>
>>>> a logic substrate for promises / contributions / coordination
>>>> objects,
>>>> -
>>>>
>>>> cryptographic ordering and integrity independent of any specific
>>>> network layer.
>>>>
>>>>
>>>> To better understand how you see Glogos fitting into the broader
>>>> identity and coordination stack, I’d be interested in your view on a few
>>>> technical points:
>>>>
>>>>
>>>> 1.
>>>>
>>>> Identity model
>>>>
>>>> How does Glogos handle identity lifecycle concerns such as key
>>>> rotation, recovery, compromise, multi-device agents, and long-lived
>>>> identifiers, compared to DID-based systems?
>>>> 2.
>>>>
>>>> Coordination vs. transport
>>>>
>>>> Do you see Glogos as complementary to identity-native networking
>>>> layers like uDNA (which handle discovery, routing, and secure transport),
>>>> or as an alternative foundational layer replacing that role?
>>>> 3.
>>>>
>>>> Adversarial environment
>>>>
>>>> Beyond immutability of attestations, how does Glogos address Sybil
>>>> resistance, incentive alignment, and strategic misbehavior in public-goods
>>>> or commitment-device scenarios?
>>>> 4.
>>>>
>>>> Interoperability
>>>>
>>>> Is your intent for Glogos to integrate directly with existing DID /
>>>> VC stacks, or to remain logically separate as a substrate that other
>>>> identity systems might optionally build on?
>>>>
>>>>
>>>> I think clarifying these distinctions would be valuable for the
>>>> community, especially as multiple efforts are exploring how to combine
>>>> identity, trust, and coordination in interoperable ways.
>>>>
>>>>
>>>> Looking forward to your thoughts.
>>>>
>>>>
>>>> Best regards,
>>>>
>>>> Amir Hameed
>>>>
>>>> Sirraya Labs
>>>>
>>>>
>>>> On Sat, 24 Jan 2026 at 7:51 PM, Manh Thanh Le <vnlemanhthanh@gmail.com>
>>>> wrote:
>>>>
>>>>> Dear Steven,
>>>>>
>>>>> I am writing to you from the quiet evening of Ho Chi Minh City.
>>>>> I send this message with the sincerity of a handwritten letter,
>>>>> echoing the warmth I have felt from this community.
>>>>> The engagement from this community has been a gift of clarity—a
>>>>> guiding light,
>>>>> helping me anchor this logic into the resilient laws of nature.
>>>>>
>>>>> You are right. Glogos is a humble substrate.
>>>>> It is a semantic vacuum—a minimal skeleton designed to serve the rich
>>>>> soul of our community's work.
>>>>>
>>>>> The substrate and the soul:
>>>>> I view Bitcoin (thermodynamic body) and DIDs/VCs (semantic soul) as
>>>>> the two great ancestors of digital trust.
>>>>> Glogos is the inheritor—a digital script that feels as permanent as a
>>>>> handwritten letter anchored in sunlight.
>>>>> It provides the heartbeat—the rhythmic pulse of attestations that
>>>>> keeps an identity (did:cel) alive by turning fleeting events into immutable
>>>>> memory.
>>>>> I do not claim to know the final form of this fusion.
>>>>> I simply anchor to Bitcoin as a genesis witness
>>>>> <https://github.com/glogos-org/glogos/blob/main/shared/artifacts/genesis-artifact.json> to
>>>>> show my deepest respect for the physical laws that make digital truth
>>>>> possible.
>>>>>
>>>>> To answer your question on reputation:
>>>>> I believe reputation is not a number, but a verifiable pedigree.
>>>>> Reputation crystallizes when one becomes a necessary cryptographic
>>>>> ancestor to the truths that follow.
>>>>> That is why I built the standards bridge—to prove that Glogos can
>>>>> carry the "causal inheritance" of VCs through its ancestral substrate.
>>>>>
>>>>> The power of simplicity:
>>>>> Is Glogos too simple? I believe stripping trust to its 6-field
>>>>> arithmetic core is the Minimum Viable path to Resilient Digital Trust.
>>>>> It ensures that digital truth remains immutable for the long term,
>>>>> regardless of the infrastructure above it.
>>>>>
>>>>> Invitation to verify:
>>>>> I have implemented a verifiable heartbeat (poc) to demonstrate this
>>>>> pedigree in action:
>>>>> Standards Bridge:
>>>>> https://github.com/glogos-org/glogos/blob/main/examples/use-cases/standards-bridge.ts
>>>>>
>>>>> To experience this substrate firsthand, you can anchor a genesis zone:
>>>>> `pip install glo-cli && glo init --name "[your-zone-name]"`
>>>>>
>>>>> I invite you, Manu, and all colleagues to weigh in:
>>>>> Can we co-evolve this substrate to honor and carry the soul of the
>>>>> DID/VC ecosystem as a permanent anchor for Resilient Digital Trust?
>>>>>
>>>>> With warmth and respect,
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *P.S. If this logic resonates, nothing would honor me more than seeing
>>>>> a PR sharing your Genesis Zone
>>>>> <https://github.com/glogos-org/glogos/tree/main/shared/zones> in the
>>>>> repository.The spec is waiting for its Co-Editors.*
>>>>> Mạnh Thành Lê
>>>>> -----------------------------------------------------------
>>>>> SHA-256("") — From nothing, truth emerges
>>>>> <https://github.com/glogos-org/glogos/blob/main/shared/artifacts/genesis-artifact.json>
>>>>>
>>>>>
>>>>> On Fri, Jan 23, 2026 at 10:46 AM Steven Rowat <
>>>>> steven_rowat@sunshine.net> wrote:
>>>>>
>>>>>> On 2026-01-14 11:45 am, Manh Thanh Le wrote:
>>>>>>
>>>>>> Glogos is offered as a contribution to this shared vision—providing
>>>>>> the mathematical grounding needed for resilient digital trust.
>>>>>>
>>>>>> I welcome discussion on how this logic substrate can serve the
>>>>>> broader goals of the Verifiable Credentials community.
>>>>>>
>>>>>> Hi Manh,
>>>>>>
>>>>>> I'm replying here to your comments about Glogos in the did:cel thread
>>>>>> today, since I'm still unclear how it will be used relative to VCs and
>>>>>> DIDs, including did:cel, and so it seems maybe Glogos is best addressed in
>>>>>> its own thread.
>>>>>>
>>>>>> In that other (did:cel) thread, you gave links to the Glogos
>>>>>> use-cases you're working on, and I looked through several of these. I
>>>>>> started with this link you gave for scientific peer review:
>>>>>>
>>>>>>
>>>>>> https://github.com/glogos-org/glogos/blob/main/examples/use-cases/peer-review.ts
>>>>>>
>>>>>> I found this and other of your 22 use-cases very interesting, and
>>>>>> clearly there is a careful structure at play in your system. It seems to be
>>>>>> well thought out and implemented, at least in your examples.
>>>>>>
>>>>>> However, I'm still unclear how what you've done relates to DIDs and
>>>>>> VCs. I saw no evidence of either, at least on a scan of that science
>>>>>> use-case.
>>>>>>
>>>>>> Given that 'reputation' is of extreme importance in the peer-reviewer
>>>>>> case that you're showing, wouldn't the ability to handle VCs (and DIDs) be
>>>>>> of great importance in the interactions involved?
>>>>>>
>>>>>> If you agree, I suggest the best way to involve the multiple more
>>>>>> exert coding people (than me) on this list, in Glogos, would be to provide
>>>>>> code showing that integration.
>>>>>>
>>>>>> Or, perhaps, do some of your use-cases already show this integration?
>>>>>> If so, which?
>>>>>>
>>>>>> Or, perhaps, can Glogos completely replace the need for VCs and DIDs?
>>>>>> 🙂 In which case, you've definitely come to the right place, but
>>>>>> getting past Kubler-Ross's five stages of grief may take the other members
>>>>>> a few days. 😉
>>>>>>
>>>>>> Steven Rowat
>>>>>>
>>>>>>
Received on Saturday, 24 January 2026 18:42:18 UTC