W3C home > Mailing lists > Public > public-webpayments@w3.org > November 2015

Re: A Decentralized Hashtable for the Web

From: Dave Lampton <dave.lampton@gmail.com>
Date: Sat, 07 Nov 2015 18:34:20 +0000
Message-ID: <CAHbN0ey08EpnPUx5FRybTHM-O3M_=h3VLYaf9cf4iaid7FH_eg@mail.gmail.com>
To: Dave Longley <dlongley@digitalbazaar.com>, David Nicol <davidnicol@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>
Cc: Web Payments CG <public-webpayments@w3.org>
sorry list.  :-P

On Sat, Nov 7, 2015 at 10:33 AM Dave Lampton <dave.lampton@gmail.com> wrote:

> Thanks Manu, (I think I accidentally sent my message twice). Don't worry
> about a response, I know you're super busy. There is probably nothing new,
> repeated my thoughts from last year for posterity. It's pie in the sky
> stuff anyway!  :-) wishing I could stop the whole Internet for one day and
> fix a few things about how it works.. :-)
> On Wed, Nov 4, 2015 at 5:36 PM Dave Longley <dlongley@digitalbazaar.com>
> wrote:
>> On 11/02/2015 05:25 PM, David Nicol wrote:
>> > I'm of the opinion that a hash of a public key makes a fine DHT
>> > handle for an identity that can be validated by demonstration of
>> > access to the matching private key.
>> >
>> In a separate thread in response to this we discussed how it's important
>> to loosely couple keys and identifiers. However, I wanted to say that we
>> may still use a public key hash as the basis for the identifier so as to
>> simplify the initial claiming process. But, post claim, there would be
>> no tie between any keys associated with the identifier and the value of
>> the identifier itself.
>> In short, to claim a decentralized identifier you could:
>> 1. Generate a key pair.
>> 2. Create a URL: `did:<hash-identifier>:<hash of public key>`.
>> 3. Create a DID document containing an ACL with your public key in it.
>> 4. Digitally-sign the DID document and send it to the WebDHT for
>> publishing.
>> The WebDHT could then check the value of the identifier you wish to
>> claim against the public key in the associated document and check the
>> signature on the document. If all of these match, the DID would be
>> considered claimed and the document accepted and stored on the WebDHT.
>> However, from that point forward, different keys could be associated
>> with the document (and the original key could be removed entirely if so
>> desired).
>> This gives us the best of both worlds: A simple way to assert ownership
>> over an identifier and no strong link between keys and the identifier
>> after the identifier has been claimed. After it has been claimed, the
>> identifier can be treated as an opaque value.
>> There might be a reason to keep the original public key around for
>> provenance to help prevent certain attacks on the WebDHT, but that is TBD.
>> --
>> Dave Longley
>> CTO
>> Digital Bazaar, Inc.
>> --
> *Dave Lampton*
> Twitter: @Dave_Lampton <https://twitter.com/dave_lampton>
> Google: +DaveLampton <https://www.google.com/+DaveLampton>
> LinkedIn.com/in/DaveLampton/ <https://www.linkedin.com/in/davelampton/>
> About.me/DaveLampton <https://about.me/davelampton>
> --

*Dave Lampton*
Twitter: @Dave_Lampton <https://twitter.com/dave_lampton>
Google: +DaveLampton <https://www.google.com/+DaveLampton>
LinkedIn.com/in/DaveLampton/ <https://www.linkedin.com/in/davelampton/>
About.me/DaveLampton <https://about.me/davelampton>
Received on Saturday, 7 November 2015 18:34:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:43 UTC