Re: DID Method utilizing PGP/GPG keyservers for seamless on-boarding from Markus Sabadello on 2024-12-13 (public-did-wg@w3.org from December 2024)

From: Markus Sabadello <markus@danubetech.com>
Date: Sat, 14 Dec 2024 01:05:54 +0900
To: public-did-wg@w3.org
Message-ID: <dc36dd4e-bb2d-45bd-9028-55a3af43465e@danubetech.com>

Not sure about potential adoption.

 From a technical perspective it would certainly be interesting to 
define such a PGP-based DID method, to illustrate how DIDs can really 
serve as an abstraction layer for pretty much any key-based identifier 
system.

Markus

On 12/13/24 11:53 PM, Filip Kolarik wrote:
> Thank you for the feedback. GPG keys are widely used, for example, by
> GitHub users to obtain verified badges (alongside SSH keys), for
> signing artifacts published on Maven Central, and Ubuntu has a
> built-in key manager connected to key servers. These are just a few
> examples, and I’m sure there are many more.
>
> Focusing on a smaller group (perhaps in the lower hundreds of
> thousands?) at this stage of adoption could be far more beneficial for
> the community than attempting to find a use case targeting millions of
> non-technical users who may not fully grasp the purpose or value. By
> expanding the current community of developers, we could help create
> broader awareness and adoption over time.
>
> Best
> Filip
>
> On Fri, Dec 13, 2024 at 2:49 PM Manu Sporny <msporny@digitalbazaar.com> wrote:
>> On Thu, Dec 12, 2024 at 9:00 PM Filip Kolarik <filip26@gmail.com> wrote:
>>> I’d appreciate any thoughts or feedback on this idea, as well as
>>> insight into whether there is interest or alignment with the goals of
>>> this group.
>> There was a previous attempt at a did:pgp, but I don't think it really
>> went anywhere. I think the general thinking has been: "Yes, but how
>> many people have an active PGP key... and would they be interested in
>> converting that to a DID?" -- and the answer seems to be: "Not many"
>> and "Probably not".
>>
>> I think a more likely bootstrap would be SSH keys, because developers
>> need to use them, but again, the developer population is really small
>> compared to the user population. If we look at the largest deployment
>> of DIDs to date, BlueSky, I expect that next to none of those 25M+
>> people know they're even using a DID (which is where we need to be).
>>
>> Just some thoughts... not saying not to do a did:pgp, just noting
>> we've had some discussions in the past and it didn't seem to go
>> anywhere the first time around.
>>
>> -- manu
>>
>> --
>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>> Founder/CEO - Digital Bazaar, Inc.
>> https://www.digitalbazaar.com/

Received on Friday, 13 December 2024 16:06:07 UTC