W3C home > Mailing lists > Public > public-webpayments@w3.org > November 2015

Re: A Decentralized Hashtable for the Web

From: Dave Lampton <dave.lampton@gmail.com>
Date: Sat, 07 Nov 2015 18:33:53 +0000
Message-ID: <CAHbN0ezgKbDD5Qc7PiUqLuyLB1psAh=QSRUkB6Da7-BSa2KcFQ@mail.gmail.com>
To: Dave Longley <dlongley@digitalbazaar.com>, David Nicol <davidnicol@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>
Cc: Web Payments CG <public-webpayments@w3.org>
Thanks Manu, (I think I accidentally sent my message twice). Don't worry
about a response, I know you're super busy. There is probably nothing new,
repeated my thoughts from last year for posterity. It's pie in the sky
stuff anyway!  :-) wishing I could stop the whole Internet for one day and
fix a few things about how it works.. :-)

On Wed, Nov 4, 2015 at 5:36 PM Dave Longley <dlongley@digitalbazaar.com>
wrote:

> On 11/02/2015 05:25 PM, David Nicol wrote:
> > I'm of the opinion that a hash of a public key makes a fine DHT
> > handle for an identity that can be validated by demonstration of
> > access to the matching private key.
> >
>
> In a separate thread in response to this we discussed how it's important
> to loosely couple keys and identifiers. However, I wanted to say that we
> may still use a public key hash as the basis for the identifier so as to
> simplify the initial claiming process. But, post claim, there would be
> no tie between any keys associated with the identifier and the value of
> the identifier itself.
>
> In short, to claim a decentralized identifier you could:
>
> 1. Generate a key pair.
> 2. Create a URL: `did:<hash-identifier>:<hash of public key>`.
> 3. Create a DID document containing an ACL with your public key in it.
> 4. Digitally-sign the DID document and send it to the WebDHT for
> publishing.
>
> The WebDHT could then check the value of the identifier you wish to
> claim against the public key in the associated document and check the
> signature on the document. If all of these match, the DID would be
> considered claimed and the document accepted and stored on the WebDHT.
> However, from that point forward, different keys could be associated
> with the document (and the original key could be removed entirely if so
> desired).
>
> This gives us the best of both worlds: A simple way to assert ownership
> over an identifier and no strong link between keys and the identifier
> after the identifier has been claimed. After it has been claimed, the
> identifier can be treated as an opaque value.
>
> There might be a reason to keep the original public key around for
> provenance to help prevent certain attacks on the WebDHT, but that is TBD.
>
>
> --
> Dave Longley
> CTO
> Digital Bazaar, Inc.
>
> --


*Dave Lampton*
Twitter: @Dave_Lampton <https://twitter.com/dave_lampton>
Google: +DaveLampton <https://www.google.com/+DaveLampton>
LinkedIn.com/in/DaveLampton/ <https://www.linkedin.com/in/davelampton/>
About.me/DaveLampton <https://about.me/davelampton>
Received on Saturday, 7 November 2015 18:34:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:43 UTC