Versions Compared

Old Version 2

changes.mady.by.user Stephen Curran

Saved on

compared with

New Version 3

changes.mady.by.user Stephen Curran

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Online Discussion (from RocketChat this week)

  • Why we propose to go with the arbitrary name (summarized by Paul Bastian)

    • 1. motivation to pick namespace collisions are not high,

    • 2. chances for namespace collisions are not to be expected due to the expected numbers,

    • 3. we should forbid selfdeclared DID ids and only allow selfcertyfing, generated DID ids that form a cryptographic barrier in case of an attacker collision,

    • 4. hash solution does not solve the this either,

    • 5. nobody wants DNS

  • Why it's a bad idea (Kyle Den Hartog)

    • 1 if an attacker squats on a name space then that won’t remain true. That’s premised on the assumption that all actors are benevolent within the space.

    • 2 again has nothing to do with honest actors. They’ll easily work out how to avoid name space collision through implicit governance of the Indy sub namespace. It’s malicious actors who will cause the problems.

    • 3 agree but this doesn’t have anything to do with network identification and resolution

    • 4 if a cryptographic hash is used and not overly truncated it would. This is what pre-image resistance is about

    • 5 Then it would be wise of us to not create a human friendly network identifier because DNS has the architectural constraints on it due to their namespace also opting to use human friendly identifiers and being globally unique.

    • From the sounds of it though, people are convinced this is what they want so that’s the direction the method will go. I’m just trying to do my due diligence by calling out the tradeoffs that I’m seeing that don’t seem like they’re being considered from the discussions I’m seeing. If people are aware and still willing to accept the tradeoffs that’s fine because I raised the concern at least.

Discussion:

  • Third level names for subsidiary ledgers – e.g. Sovrin Staging and Sovrin Builder net?
    • We could use ":", but that creates lots of colons.
    • Andrew Whitehead mentioned in chat that "." is a valid character per the DID Spec. What about that?
      • did                = "did:" method-name ":" method-specific-id
method-name        = 1*method-char
method-char        = %x61-7A / DIGIT
method-specific-id = *( *idchar ":" ) 1*idchar
idchar             = ALPHA / DIGIT / "." / "-" / "_"
  • How to find the nodes of the network once the ledger is known?  Config files, registries, gossiped names, etc.
  • How to find previous versions of DIDs and what are the implementation ramifications of that?
    • <did>?version-id=<txnid>
    • <did>?version-time=<timestamp>

...