Email or username:

Password:

Forgot your password?
Top-level
Dmitri | πŸ‡ΊπŸ‡¦

@cuchaz @lucid00 @grishka So, I definitely think you're on the right track. The thing about key being an identity, is that you can't rotate or revoke it! That's why it's so useful to add one more level of indirection. an identity points to one or more keys (which can be rotated / revoked without changing the identity). Which is exactly what a DID is -- just a string that points to a JSON object that has a bag of keys.

3 comments
Jeff Martin replied to Dmitri | πŸ‡ΊπŸ‡¦

@dmitri @lucid00 @grishka It sounds like to me you just explained the same thing, but with different nouns in each place?

ie, the DID would be the "address". The bag of keys is the "identity". The DID method/resolver would essentially act as the domain.

Putting a name@domain on top of that is just involving a second layer of indirection and a second authority you must appease. Having two different layers of indirection and external authorities that must be appeased seems unnecessary.

Also, if organization can be convinced to accept a new identity for an address, that is the method of key rotation or revocation.

@dmitri @lucid00 @grishka It sounds like to me you just explained the same thing, but with different nouns in each place?

ie, the DID would be the "address". The bag of keys is the "identity". The DID method/resolver would essentially act as the domain.

Putting a name@domain on top of that is just involving a second layer of indirection and a second authority you must appease. Having two different layers of indirection and external authorities that must be appeased seems unnecessary.

Dmitri | πŸ‡ΊπŸ‡¦ replied to Jeff

@cuchaz @lucid00 @grishka So, yes and no. The DID is the identity. The keys are emphatically /not/ the identity. They are interchangeable methods for cryptographically confirming the identity. DNS / URLs are just one method of implementing DIDs, and there are many others.

[DATA EXPUNGED]
Lucid00 replied to DELETED

@Paulie @cuchaz @grishka @dmitri

"they have to keep that separate thing up to date just to login to see cat pics"

They don't, they could just login to see cat pics like most users are doing.

Also I'm not sure PGP failed, it's still in use.

Off topic:
We've really got to sort out the use of the word "failed" in tech.

"Failed" implies that PGP had some kind of success target to hit that it didn't beyond just providing the ability to encrypt stuff.

Go Up