or
or
By clicking below, you agree to our terms of service.
New to HackMD? Sign up
Syntax | Example | Reference | |
---|---|---|---|
# Header | Header | 基本排版 | |
- Unordered List |
|
||
1. Ordered List |
|
||
- [ ] Todo List |
|
||
> Blockquote | Blockquote |
||
**Bold font** | Bold font | ||
*Italics font* | Italics font | ||
~~Strikethrough~~ | |||
19^th^ | 19th | ||
H~2~O | H2O | ||
++Inserted text++ | Inserted text | ||
==Marked text== | Marked text | ||
[link text](https:// "title") | Link | ||
 | Image | ||
`Code` | Code |
在筆記中貼入程式碼 | |
```javascript var i = 0; ``` |
|
||
:smile: | ![]() |
Emoji list | |
{%youtube youtube_id %} | Externals | ||
$L^aT_eX$ | LaTeX | ||
:::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Do you want to remove this version name and description?
Syncing
xxxxxxxxxx
DPKI - Distributed Public Keys
First piece of three Holochain identity services.
User Seed and Key Generation
Registration of User Seed and Master Keys on the DPKI (occurs during Holochain Installation):
Types of Seeds:
Levels of Keys:
Registration of new dApp on the DPKI
Decision to be made:
Types of Package(s):
Gossip Identity Verification Process:
Primary Revocation Key (48 words) >> generate 1.) Master Revocation Key and 2.) Master Identity Seeds ("GenSeeds", of 12 words each)
Set a Revocation Method for each particular key.
Updating Key Revocation method.
N(M) Process:
Indentification Process
Need :
Other notes on Identity:
Revoking a Key
Lost Key
Compromised Key
Getting a new Key
Explained: Using a key in HoloChat
DPKI Components
Override default method for a specific app
Bridging from/to a holochain app
Unify identities across devices
Bind to HC identity services
"Proof" of key control across HC apps
Hold/reveal Assertions/Claims/Fields
Seed & HD keys
"Proof" of legacy identity services (email, FB, Twitter, github, google, phone, etc.)
OAuth provider for legacy web
Notes from the meeting (29/6)
We discussed the importance of user experience and how a well designed process can ensure the majority of users has good security and recovery protocols set up be default.
(node damaged or destroyed)
To do this we imagined using a key generation algorithm (BIP39?). This would allow a user to securely record and store a key phrase which can be used to regenerate their public/private key pairs. This would allow a user who lost their private key to recover it and resume using their apps.
(node stolen by bad agent)
It was discussed that this same key phrase could be used to generate revocation key pairs stored inside DPKI. This would allow a user posessing the key phrase to not only recover their app private keys but also revoke them to prevent a bad agent in possession of their device from permanently taking controll.
Finally we considered how to structure the communications between DPKI and a users apps. The main concern was that if a bad agent were to temporally take control of a users node they could use DPKI to discover all the apps which they are a part of. (Art explained why this is a bad scenario).
If the bridging calls go from DPKI to the peripheral dApps this makes it much easier to revoke all keys in the case of a compromise. It has the downside of revealing all apps that are bridged.
The alternative is that apps bridge TO DPKI. In this case a user must activate revokation from within all their apps, potentially 100s, but means their existance would not be revealed if DPKI was exposed.
Another option we partially explored is using multiple instances of DPKI (with different keys generated from the seed phrase) to bridge to different apps thus limiting the potential information a hacker could gain.
How to make the DPKI Experience More Friendly ?
( How to make Key managemnet compatable with humans ? How to make the user experience Smooth ? )
After the revocation (How can you change the Keys ?)
NOTE : We don't send the private key over the wire.
How to Sync Two same apps are the same person
Other random things I remember
Notes from the meeting (3/7)
Had more clarification on the proposed ADR for Identity and Key Management