# DID:IPID Collab ## Who's on first - Parties - Jonathan Holt (TranSendX) - Victor Dods (LedgerDomain) - Juan Caballero (PLN/LearningProof) - IP? - Confidentiality? ## Meeting minutes ### 30 Jan 2023 - Intros - Jonathan: fundamental approach to DID/VC is... it's very early; I have a big client/project using SOME form of DID/VC, may or may not be ipid - security considerations: - master key == published key? - Ed25519 and secp256k1 only things available in the stack right now, may not work for all use cases/threat models - UX/adoption concerns: CLI ain't gonna cut it, secrets management... - wallet wars <> how to manage accounts? - MSFT SIOP+Authenticator+CloudHSM approach is interesting (those are all RSA though, not Ed25519) - Ledger Domain looks interesting, but don't feel pressured to tell me anything strategic - Original thought behind did:ipid - DHTs all the way down, just use IPNS as a publication mechanism - Victor: LD and compliance in very specific, crisp use-case for B2B verifiable comms; DIDs and VCs for identification/AuthN and credentialing - adoption taken care of by regulation-structured urgent enterprise-wallet usecase (PDG and HGA) - enterprise wallets <> verifiable records - did:web has a problem with verification across time - ipns-based approaches: TTL of IPNS has its own problems - Open design questions re: did:ipid - revocation mechanism for lost keys? - prototyped a system using TTLs in iprs (record system) - IPNS and key management: how defend against eclipse attacks (classic vuln of PGP and other key server approaches) - economics of VC reissuance and key rotation- big question mark - two keys - IPNS publishING key versus DID signing (publishED) key ? - delegation between the two over time? - delegation to pinning service -- third key to delegate to? - AuthZ problems all the way down :D - cloud wallets <> edge wallets - interested in supporting both - "master key in the cloud" solution kind of disadvantages edge wallets/demotes them to second - jonathan: is ipns open to baking in multisig/threshold with Ed25519 to IPNS keys? - talked to idan about IPNS support for BLS-12381 (n of m) and secp (libp2p already supports it for eth2.0 chatter, not sure when IPNS will take advantage) - did controller would have to be a hash of a multi-sig, OR support multiple keys (can did `controller` be an array? is there a spec for stringifying multiple keys?) - security audit - may be able to fold it into a bigger PLN-backed security audit - historical query and timestamping DID doc updates - BTC already working in a prototype - human-readable names - Next steps? - bump `did:ipid` to newer specs? - HTTPS URLs versus ipfs links - CIDv1-supporting gateway as a hashlinking workaround? ## Some Building Blocks to consider ### core IPFS repos to watch - [ipfs / kubo v0.18.0](https://github.com/ipfs/kubo), previously `go-ipfs`, stablest way to run ipfs-aaS with ipns running in its stablest form - also most up-to-date IPFS implementation with respect to IPIP specs & interface targets, AFAIK - [architecture diagram](https://camo.githubusercontent.com/05362f4ab9e7c512338a589145f704f6f0dcea273c64b63628072b86e304e3f5/68747470733a2f2f646f63732e676f6f676c652e636f6d2f64726177696e67732f642f652f32504143582d3176535f6e3146765375366d646d5369726b427249494569623267716867746174443961776150325f576472474e347a544e65673632305851643950393557542d49766f676e5378494964434d3575452f7075623f773d3134343626683d31303336) - [`--ttl` issues fixed... last week](https://github.com/ipfs/kubo/pull/9471) - [IPNS v1 signatures sunset period closed-- v2 only going forward](https://github.com/ipfs/kubo/pull/9265) - [JS wrapper](https://github.com/ipfs/js-ipfs/pull/4207) too - [aschmahmann / ipns-utils v0.0.1](https://github.com/aschmahmann/ipns-utils) - #Golang - last commit Aug 22, "breaking changes to support creating and working with real records" (!) - Maintainer: Adin Schmahmann (core PLN dev) - [ipfs / go-namesys v0.6.0](https://github.com/ipfs/go-namesys) - component of kubo that can be run (or forked) independently - #golang - last commit Dec 22, to ship v0.6.0 ; dev ongoing and PRs accepted - not packaged/cross-compiled; go library for go apps to: - resolve, i.e. turn IPNS links into ipfs/CIDs - publish, i.e. push updates (to public IPFS only? or any?) for IPNS records - CAR dereferencing optimization proposals - [master thread](https://github.com/ipfs/specs/issues/348) - 3 months of discussion, put on ice after Thing - [recent proposal](https://github.com/ipfs/specs/issues/348#issuecomment-1387627152) - new life breathed into the idea with a new IPIP - Draft [IPIP spec](https://github.com/ipfs/specs/pull/293/files) - IPLD path on gateway resolution - /ipld/ in addition to /ipns/ and /ipfs/ as top-level path - potentially taking advantage of optimized CAR fetching to dereference leaf-addressed ipld paths! - [ipfs / libipld (rust)](https://github.com/ipld/libipld) - being worked on now by Nathaniel Cook (recent hire at Ceramic/3Box) ### Ceramic-Land - [CASA / IPLD Timestamp Proof](https://chainagnostic.org/CAIPs/caip-168) - step-by-step algorithm for anchoring DAG-CBOR-serialized IPLD blocks as "timestamping" mechanism - [eth profile](https://namespaces.chainagnostic.org/eip155/caip168) already published at CASA; other profiles possible, including for non-blockchain VDRs and vector clocks like KERI, drand, radicle, etc. - drand profile wen? maybe i can work on this, will ask a colleague who works on that project - [Ceramic / `did:3` implementation]() - [Article explaining new `did:3` approach](https://blog.ceramic.network/accounts-evolution-of-3id/) - [Ceramic / go-ipfs-daemon](https://github.com/ceramicnetwork/go-ipfs-daemon) - Ceramic-friendly fork of go-ipfs - branched before kubo reorg, I believe; not sure how in/out of sync with kubo trunk! - [Ceramic / js-dag-jose v4.0.0](https://www.npmjs.com/package/dag-jose) - Last [npm pkg publish](https://www.npmjs.com/package/dag-jose) Jan 2023 - Maintainer: OED/Joel Thorstensson (Ceramic founder) - [Ceramic / js-dag-jose-utils v2.0.0](https://github.com/ceramicnetwork/js-dag-jose-utils) - Last commit Apr 2022, bumping to 2.0.0, same as [npm pkg publish](https://www.npmjs.com/package/dag-jose-utils) - Maintainer: OED/Joel Thorstensson (Ceramic founder) ### Fission- - fission.codes's DID pseudomethod approach - basically, fission custodies an IPNS key for each user, with opt-out/export to self-custody mode TBD - [Example DID Doc](https://whitepaper.fission.codes/authorization/did-doc) - basically, a `did:key` for an IPNS masterkey - [Crypto options](https://whitepaper.fission.codes/authorization/self-certified) - basically Ed25519/EdDSA accessible via WebCrypto API - Brownfield [approach](https://whitepaper.fission.codes/authorization/challenge) - not sure if there is a sample project anywhere on GH - what even is fission? [architecture diagram](https://whitepaper.fission.codes/introduction/untitled-2) - Building Blocks of... the above - blog post about ["the wallet stack"](https://fission.codes/blog/wallet-stack/) - i LOVE this article and recommend it to everyone everywhere - Web Native File System (WNFS) - [design overview slidedeck](https://fission.codes/blog/web-native-file-system-presentation/) | [repo](https://github.com/fission-codes/webnative) | [docs / sandbox](https://webnative.dev/) - UCANs - JWT-based authorization system for WebNativeFS - [spec in progress v0.9.0](https://github.com/ucan-wg/spec)