-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issues to explore resolve #16
Comments
After discussion, this is the proposed approach. I also discovered that many DNS providers do not support URI and/or TLSA records, so relying on those types is a significant path blocker to adoption. Use the scoping _did and TXT record to store any public key material (e.g. hex string) In the did document, add a header section like this example: header = {
"typ" = "dns/did",
"alg" = "secp256k1ecdsa"
} Since the issuer knows and has registered the public key for the did doc, it can provide this information within the did doc. The verifier checks the header - |
Proposed header object: 3 required fields "header": {
"verificationMethod": "did:web:example.ca#key-1",
"alg": "ecdsap256",
"dnsType": "tlsa"
} Proposed JWT field inclusions in DID doc: {
"exp": 2024-03-15T07:09:48.000+0545
"iat": 2024-02-15T07:09:48.000+0545
} There is no need to include the issuer field as that concept is not supported by the DIDs. The relevant parallel is the "controller" (https://www.w3.org/TR/did-core/#did-controller) and "id" fields (https://www.w3.org/TR/did-core/#did-subject). |
yeah - that header format looks good. |
I implemented "dnsType" and made the timestamps ISO format. I still don't believe verificationMethod should be in the header because it is a different concern: the header is just about how the did doc is signed and verified. Verficationmethod is about how it is used for signing and verifying other things (not the did doc) - that became clear when I was generating did docs for users, e.g., did:web:trustroot.ca:examplecorp |
Issues to explore/resolve. Some of these might require an "ask" from IETF and/or W3C
DID (_did) type for specifying did:methods to invoke other than the did:web method
DID TLSA for looking up public key material.
TXT record for looking up other pubkey type.
type for public key type, etc.
alg - for a given public key type, specifying the signing algorithm, etc.
Accommodate JWT conventions where additional info can be found in header
As per JWT conventions - "iat", "ext", "iss", etc.
The text was updated successfully, but these errors were encountered: