Re: possible use case - verifying email holder?

On 04/08/2018 06:03 PM, Liam R. E. Quin wrote:
> Wondering if there's a way to improve the US of signing up for 
> services that require an email account and send you a "verification"
>  link, maybe with email providers signing a hasThisEmailAddress 
> credential?

Yes, this is the quintessential use case for login and is what
kick-started all of this technical work:

http://manu.sporny.org/2014/credential-based-login/

Fundamentally, a site may ask:

1. Prove to me that you control a DID, and then
2. Give me a verified email address so I can communicate with you.

Note that this destroys any sort of privacy gained via a ZKP approach,
which is why people are talking about replacing email w/ secured
messaging services.

> What led me here is the related-but-different story in 
> https://jameshfisher.com/2018/04/07/the-dots-do-matter...html

I didn't even know of that feature until you emailed it to the list and
are now working through if our own systems are vulnerable to such an
attack. Building secure systems is hard. :)

-- manu

PS: also interesting is that in that blog post, we were using the term
"Verifiable Credentials"... so, we've come full circle on terminology
after 4+ years.

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Monday, 9 April 2018 12:56:00 UTC