W3C home > Mailing lists > Public > public-webpayments@w3.org > March 2014

Re: Web Payments Telecon Minutes for 2014-03-19

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Wed, 19 Mar 2014 21:42:31 -0400
Message-ID: <532A4787.9010900@digitalbazaar.com>
To: public-webpayments@w3.org
On 03/19/2014 07:47 PM, Melvin Carvalho wrote:
> Thanks for the minutes and blog post, I'm trying to understand the 
> telehash dependency better.

The purpose of Telehash is to map an email address to one or more
identity service URLs (which bootstrapts the identity credentials
exchange process). For example:

melvin@example.com -> https://idp.securemelvin.com/identities/
                      and so on...

Since you're querying a DHT for the mapping, you need to protect the
information so attackers can't map evil IdPs to melvin@example.com. The
best way to do this is to use a passphrase or perhaps a
passphrase-derived private key.

> Is the use case that a user types in an email address into a form, 
> and you wish to get an HTTP URL from that?

More or less, yes, but in a way that allows any IdP to claim their email
address as long as a proper user-supplied passphrase is provided.

> Something wasnt 100% clear for me from the blog, might the user also 
> need a 15 character password.

They need a passphrase because that passphrase is the only thing sitting
between them and a DDoS on their email address to IdP URL mapping.

You can think of Telehash as a decentralized-with-mirroring-of-data
replacement for WebFinger.

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Worlds First Web Payments Workshop
Received on Thursday, 20 March 2014 01:43:01 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:28 UTC