- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Wed, 4 Nov 2015 20:34:08 -0500
- To: David Nicol <davidnicol@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>
- Cc: Web Payments CG <public-webpayments@w3.org>
On 11/02/2015 05:25 PM, David Nicol wrote: > I'm of the opinion that a hash of a public key makes a fine DHT > handle for an identity that can be validated by demonstration of > access to the matching private key. > In a separate thread in response to this we discussed how it's important to loosely couple keys and identifiers. However, I wanted to say that we may still use a public key hash as the basis for the identifier so as to simplify the initial claiming process. But, post claim, there would be no tie between any keys associated with the identifier and the value of the identifier itself. In short, to claim a decentralized identifier you could: 1. Generate a key pair. 2. Create a URL: `did:<hash-identifier>:<hash of public key>`. 3. Create a DID document containing an ACL with your public key in it. 4. Digitally-sign the DID document and send it to the WebDHT for publishing. The WebDHT could then check the value of the identifier you wish to claim against the public key in the associated document and check the signature on the document. If all of these match, the DID would be considered claimed and the document accepted and stored on the WebDHT. However, from that point forward, different keys could be associated with the document (and the original key could be removed entirely if so desired). This gives us the best of both worlds: A simple way to assert ownership over an identifier and no strong link between keys and the identifier after the identifier has been claimed. After it has been claimed, the identifier can be treated as an opaque value. There might be a reason to keep the original public key around for provenance to help prevent certain attacks on the WebDHT, but that is TBD. -- Dave Longley CTO Digital Bazaar, Inc.
Received on Thursday, 5 November 2015 01:34:37 UTC