- From: Dave Lampton <dave.lampton@gmail.com>
- Date: Sat, 07 Nov 2015 18:34:20 +0000
- To: Dave Longley <dlongley@digitalbazaar.com>, David Nicol <davidnicol@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>
- Cc: Web Payments CG <public-webpayments@w3.org>
- Message-ID: <CAHbN0ey08EpnPUx5FRybTHM-O3M_=h3VLYaf9cf4iaid7FH_eg@mail.gmail.com>
sorry list. :-P On Sat, Nov 7, 2015 at 10:33 AM Dave Lampton <dave.lampton@gmail.com> wrote: > Thanks Manu, (I think I accidentally sent my message twice). Don't worry > about a response, I know you're super busy. There is probably nothing new, > repeated my thoughts from last year for posterity. It's pie in the sky > stuff anyway! :-) wishing I could stop the whole Internet for one day and > fix a few things about how it works.. :-) > > On Wed, Nov 4, 2015 at 5:36 PM Dave Longley <dlongley@digitalbazaar.com> > wrote: > >> On 11/02/2015 05:25 PM, David Nicol wrote: >> > I'm of the opinion that a hash of a public key makes a fine DHT >> > handle for an identity that can be validated by demonstration of >> > access to the matching private key. >> > >> >> In a separate thread in response to this we discussed how it's important >> to loosely couple keys and identifiers. However, I wanted to say that we >> may still use a public key hash as the basis for the identifier so as to >> simplify the initial claiming process. But, post claim, there would be >> no tie between any keys associated with the identifier and the value of >> the identifier itself. >> >> In short, to claim a decentralized identifier you could: >> >> 1. Generate a key pair. >> 2. Create a URL: `did:<hash-identifier>:<hash of public key>`. >> 3. Create a DID document containing an ACL with your public key in it. >> 4. Digitally-sign the DID document and send it to the WebDHT for >> publishing. >> >> The WebDHT could then check the value of the identifier you wish to >> claim against the public key in the associated document and check the >> signature on the document. If all of these match, the DID would be >> considered claimed and the document accepted and stored on the WebDHT. >> However, from that point forward, different keys could be associated >> with the document (and the original key could be removed entirely if so >> desired). >> >> This gives us the best of both worlds: A simple way to assert ownership >> over an identifier and no strong link between keys and the identifier >> after the identifier has been claimed. After it has been claimed, the >> identifier can be treated as an opaque value. >> >> There might be a reason to keep the original public key around for >> provenance to help prevent certain attacks on the WebDHT, but that is TBD. >> >> >> -- >> Dave Longley >> CTO >> Digital Bazaar, Inc. >> >> -- > > > *Dave Lampton* > Twitter: @Dave_Lampton <https://twitter.com/dave_lampton> > Google: +DaveLampton <https://www.google.com/+DaveLampton> > LinkedIn.com/in/DaveLampton/ <https://www.linkedin.com/in/davelampton/> > About.me/DaveLampton <https://about.me/davelampton> > > > -- *Dave Lampton* Twitter: @Dave_Lampton <https://twitter.com/dave_lampton> Google: +DaveLampton <https://www.google.com/+DaveLampton> LinkedIn.com/in/DaveLampton/ <https://www.linkedin.com/in/davelampton/> About.me/DaveLampton <https://about.me/davelampton>
Received on Saturday, 7 November 2015 18:34:57 UTC