Re: [EXT] Re: [Potential Malicious Mail]Re: Query: Storing DID Documents on Centralized Platforms

On Thu, Feb 15, 2024 at 12:57 AM Christopher Allen
<ChristopherA@lifewithalacrity.com> wrote:
>
> On Wed, Feb 14, 2024 at 9:46 AM Drummond Reed <Drummond.Reed@gendigital.com> wrote:
>>
>> Vigas, if you want more insight into the vulnerability of the DID doc (and how to address it), I recommend this blog post that explains the purpose of the did:webs method task force at ToIP.

Thank you for sharing that Mr. Reed, it was an insightful read.

>
> You might also want to look at did:onion https://github.com/BlockchainCommons/did-method-onion . It basically used the did:web style of /well-known paths and DID documents, but has the advantage that a) you know that you can't connect to the onion server to download the DID document unless the holder has a working private key that matches the public key in the onion address, b) you can include that key in the DID document you offer, and c) you can sign the entire DID document with that same key.
>
> We did a minimal proof of concept at https://github.com/BlockchainCommons/torgap-demo — I'm not sure that the demo server is still live, but the code works. It was written a few years ago, so not sure the "did:web"-like functionality is current, but should be close.
>

I will definitely try this one for sure.

> We are also working this month on something related, which uses SSH keys, SSH detached signatures, and SSH signed git commits. SSH offers an IETF alternative for signing, and is already in use by GitHub as an alternative to GPG. Let me know if anyone is interested in that project.

Oh I am interested, I will be able to spend a few hours here and there
over the weekends. Any pointers on where to start?

-- 
Vigas Deep

Received on Saturday, 24 February 2024 22:40:50 UTC