Re: DID Method utilizing PGP/GPG keyservers for seamless on-boarding

On Fri, Dec 13, 2024 at 6:34 PM Aaron Goldman <goldmanaaron@gmail.com> wrote:
>
> I wonder if it would be better to have standard guidance for did:key extractors. There are many kinds of certs (Certificate Chains, GPG keys, Libp2p adresses, wallet address, nostr npub1 public keys). There are many many specs that bottom out as a public key in a key format supported by did:key

+1. The original idea behind this post was to convert GPG public keys
into DID keys. However, it has since evolved, as keyservers offer more
data than just a public key, which could also be incorporated into the
result.

I think, describing how to convert a key into a DID key is an even
broader and more complex approach, given the variety of key formats.

>
> X25519
> Secp256k1
> BLS 12381
> P-256
> P-384
> P-521
> RSA
>
> If we have guidance on how tools that use these specs to output a did:key and the did doc from that key.
> maybe even using signed-ietf-json-patch to add any fields that are unique to that use case
> https://github.com/decentralized-identity/did-spec-extensions/blob/main/parameters/signed-ietf-json-patch.md
> did:key:123?signedIetfJsonPatch=head.body.sig
>
> On Fri, Dec 13, 2024 at 8:06 AM Markus Sabadello <markus@danubetech.com> wrote:
>>
>> Not sure about potential adoption.
>>
>>  From a technical perspective it would certainly be interesting to
>> define such a PGP-based DID method, to illustrate how DIDs can really
>> serve as an abstraction layer for pretty much any key-based identifier
>> system.
>>
>> Markus
>>
>> On 12/13/24 11:53 PM, Filip Kolarik wrote:
>> > Thank you for the feedback. GPG keys are widely used, for example, by
>> > GitHub users to obtain verified badges (alongside SSH keys), for
>> > signing artifacts published on Maven Central, and Ubuntu has a
>> > built-in key manager connected to key servers. These are just a few
>> > examples, and I’m sure there are many more.
>> >
>> > Focusing on a smaller group (perhaps in the lower hundreds of
>> > thousands?) at this stage of adoption could be far more beneficial for
>> > the community than attempting to find a use case targeting millions of
>> > non-technical users who may not fully grasp the purpose or value. By
>> > expanding the current community of developers, we could help create
>> > broader awareness and adoption over time.
>> >
>> > Best
>> > Filip
>> >
>> > On Fri, Dec 13, 2024 at 2:49 PM Manu Sporny <msporny@digitalbazaar.com> wrote:
>> >> On Thu, Dec 12, 2024 at 9:00 PM Filip Kolarik <filip26@gmail.com> wrote:
>> >>> I’d appreciate any thoughts or feedback on this idea, as well as
>> >>> insight into whether there is interest or alignment with the goals of
>> >>> this group.
>> >> There was a previous attempt at a did:pgp, but I don't think it really
>> >> went anywhere. I think the general thinking has been: "Yes, but how
>> >> many people have an active PGP key... and would they be interested in
>> >> converting that to a DID?" -- and the answer seems to be: "Not many"
>> >> and "Probably not".
>> >>
>> >> I think a more likely bootstrap would be SSH keys, because developers
>> >> need to use them, but again, the developer population is really small
>> >> compared to the user population. If we look at the largest deployment
>> >> of DIDs to date, BlueSky, I expect that next to none of those 25M+
>> >> people know they're even using a DID (which is where we need to be).
>> >>
>> >> Just some thoughts... not saying not to do a did:pgp, just noting
>> >> we've had some discussions in the past and it didn't seem to go
>> >> anywhere the first time around.
>> >>
>> >> -- manu
>> >>
>> >> --
>> >> Manu Sporny - https://www.linkedin.com/in/manusporny/
>> >> Founder/CEO - Digital Bazaar, Inc.
>> >> https://www.digitalbazaar.com/
>>

Received on Friday, 13 December 2024 17:45:16 UTC