►
A
A
Material
agreement
type
all
right,
so
it's
you
know
one
of
these
json
webkey20
right,
so
we're
going
to
just
try
all
these.
A
A
A
A
A
A
A
A
A
A
A
A
A
A
Okay
yeah,
so
this
is
actually
irrelevant,
I'm
realizing!
So
we
we
don't
need
to
care
that
we're
only
using
this
thing
for
signing,
because
we
can
add
another
key
for
encryption.
If
we
wanted
to,
we
don't
need
to
care
about
using
the
key
for
encryption.
A
A
A
A
A
A
A
A
All
right,
so
we
may
not
even
need
to
care
about
this
encryption
thing,
because
all
we
really
care
about
is
you
know
doing
this
right
this
this
really
what
amounts
to
a
signing
flow
so.
A
A
A
All
right,
similar
to
method
zero.
Is
there
one
genesis
stock
creator,
genesis
version
of
a
json
document:
genesis
version
must
define
a
single
key
with
the
register
privilege
this
inception
key
should
create
a
dock.
That
is
the
key
that
creates
the
did
an
authentic
case.
When
changing
exchange
note
with
the
first
period,
it
should
include
enough
state.
Subsequent
evolutions
to
the
dock
are
authorized.
Otherwise,
the
dock
is
static.
Suitable
only
for
layer
2
to
use
must
not
include
the
did
itself
either
root,
id
property
or
its
value.
A
This
lets
the
dock
be
created
without
knowing
the
did's
value
in
advance.
Suppressing
the
did
value
creates
a
stored
variant
of
the
pdid
data
dock,
as
opposed
to
a
resolved
variant.
It
would
have
an
actual
did
value
in
the
root
id
property
and
either
stored
a
result.
Variant
of
the
dock
anywhere
else
that
the
did
well
value
would
appear
introduce
a
relative
reference
on
the
absolute
value.
For
example,
each
controller
property
of
a
verification
method
that
is
owned
by
a
dad
would
say,
controller
hash
id
okay.
A
So
I
think
what
they're
trying
to
tell
us
is
by
hashing
the
store
varia.
We
avoid
the
circular
problem
of
including
the
did
and
the
data
that's
being
hashed.
This
means
that
a
pure
did
doc
must
be
resolved
by
converting
a
stored
variant
of
the
did
data
doc
data
into
a
resolved
variant.
By
inserting
the
value
of
the
did
being
resolved
by
deriving
the
number
basis
of
the
did
from
the
genesis
version
of
the
did
doc.
A
The
did
can
begin
its
life
cycle
with
any
number
of
keys
and
endpoints
using
a
protective
m
of
n
policies.
The
inception
key
is
the
part
of
the
genesis
state.
That's
true
bedrock.
All
other
information
is
optional
can
be
thought
of
as
a
sort
of
pre-rotation
or
pre-evolution
initiated
by
the
inception
key
to
a
more
complex
state.
The
root
of
trust
for
pure
dids
is
the
entropy
and
the
inception
key.
The
inception.
A
Key
must
be
new
for
each
did,
it
must
not
ever
be
reused,
and
it
must
must
be
the
case
that
anyone
observing
the
public
half
of
the
inception
key
cannot
somehow
steal
the
private
half.
This
guarantees
that
nobody
other
than
the
holder
of
the
inception
key,
could
have
created
the
genesis
version
of
the
did
dock,
because
only
the
inception
key
has
the
privilege
of
sharing
the
did
dock
with
the
peer.
No
other
key
holder
can
establish
a
relationship
contrary
to
the
intent
of
the
inception,
key
holder.
A
This
gives
pure
dids
a
self-certifying
property
that
is
viable
vitals
to
cyber
security
of
all
the
ids,
any
diid
method
that
does
not
guarantee
the
chain
of
custody
of
the
did
between
when
it
is
created
and
when
it
is
shared,
eg
written
to
a
ledger
given
to
appear
lacks
this
quality
and
is
obsessed
susceptible
to
attacks
early
in
the
dids
life
cycle.
See
this
github
issue
for
more
details.
A
Anyone
kilometers
all
right,
okay,
so
a
discussion
thread
around
the
vulnerability
has
started
in
the
w3c
cct.
Here's
a
quick
summary
of
the
background
smith,
samuel
m,
and
I
have
been
discussing
an
issue
that
I
wanted
to
bring
to
this
group.
It
is
a
risk
that
sam
has
described
as
anybody
can
ledgerize
problem.
What
is
to
prevent
someone
other
than
the
owner
of
the
did
from
recording
the
initial
version
of
a
did
talk
on
the
ledger,
thus
making
public
something
that
the
owner
intended
to
keep
off
the
ledger
for
the
time
being
or
permanently.
A
Even
though
this
question
is
framed
in
terms
of
ledgers,
it
has
direct
application
of
non
ledger.
Did
methods
as
well.
I
believe
that
some
did
methods
allow
anyone
with
right
permission
or
willing
to
pay
transaction
keys
to
write
a
did.
Its
initial
did
dock
to
the
shared
source
of
truth,
since
the
did
doc
just
contains
public
keys.
All
the
other
info
might
be
known
to
someone
other
than
the
did's
owner.
Another
party
in
the
list
of
controllers,
for
example,
even
an
adversary.
A
Yes,
this
adversary
possesses
none
of
the
private
keys,
so
cannot
control
the
did
after
registration,
but
the
mere
registration
of
someone
else's
data
could,
in
effect,
constitute
mischief
to
guard
against
abuse.
The
correct
behavior
of
alleged
ledger
is
probably
to
require
that
the
request
to
write
the
genesis
version
of
a
ddid
doc
be
signed
by
a
key
in
the
did
dock.
Of
course,
yeah
note
that
just
signing
the
did
doc
isn't
enough,
since
the
attacker
could
have
captured
the
signature
when
he
captured
the
did
doc
content.
A
A
Now,
I'd
like
to
reason
about
how
this
applies
to
pure
dids
here,
how
here's,
how
it
could
play
out
alice's
agent,
one
creates
a
did
doc
for
a
relationship
with
bob
naming
keys
for
agent
2
and
agent.
3
are
as
also
authorized
then
alice's
agent,
two,
which
may
have
been
hacked
without
alex
realizing
it.
Oh
no
can
take
that,
did
doc
and
send
it
to
carol
using
the
agent
two
key
to
sign.
A
A
One
reason
for
this
misconception
is
that
crypto
textbooks
indeed
much
of
crystal
practice
and
assumed
that
there
is
some
authority
that
origin
intimidates
public
private,
key
pairs
and
therefore
argument
or
or
origination
is
a
given,
but
this
is
inherently
centralized
in
a
decentralized
system,
there's
no
unique
or
origination
authority.
So
it's
a
bootstrap
problem
of
self-certifying
identifiers,
which
are
not
mentioned
unless
crypto
textbook
elegantly
solve
the
bootstrap
origination
authority
problem
by
including
a
public
key
in
the
identifier.
A
This
means
only
the
creator
of
the
public
key
is
uniquely
able
to
certify
as
their
originationist
authority,
via
the
associated
private
key
and
in
portland
friendly
and
an
entity
made
likewise
be
the
only
verifiable
organization
authority
for
any
sufficiently
collision
resistant
key
pair.
They
create
assuming
sufficient
entropy.
A
The
authority
is
derived
from
a
bank
vanishingly
small
probability
and
any
other
entity
that
could
create
the
same
public
private
key
pair.
It
names
facing
identifiers.
So
basically
they're
saying,
if
you
put
like
the
fingerprint
in
the
thing
you're
going
to
sign,
then
obviously
you
know
or
yeah,
if
you
put
the
fingerprint
and
the
thing
you're
gonna
sign-
and
I
think
this
is
the
thing
we're
gonna
hit
on
here
too.
A
At
the
inception
of
a
relationship
that
does
not
allow
deltas
to
accompany,
if
you
have
ideas
about
answering
each
of
these
questions,
I'd
be
interested
in
exchanging
a
did
doc
at
the
inception
of
a
pure
did
relationship,
then
the
did
doctors
exchange
could
include
a
block
that
includes
the
key
event
receipts
upon
the
creation
of
the
did
rock.
Usually
this
would
just
be
the
inception
and
one
rotation
of
the
identifier,
but
it
could
establish,
include
any
number
of
rotations.
A
These
rotations
are
and
are
not
deltas
on
the
did
dock,
but
established
via
verification
of
the
receipts
of
the
receipts.
The
current
authoritative
keys
for
the
identifier,
but
established
via
verification
of
the
receipts,
the
current
authoritative
keys
for
the
identifier
and
hence
the
did
daca
return
as
a
origination
as
provided
in
the
other,
was
the
audac
origination.
Event
is
not
the
inception
event
for
the
identifier.
A
The
concept
is
to
decouple
or
remove
the
did
dock
as
the
primary
source
of
the
key
event
state,
replace
it
with
much
more
compact
key
event
receipts,
and
then
the
id
dock
becomes
the
snapshot
of
the
key
event
state
by
including
the
key
event
receipt.
Log
and
signatures
of
the
did
dock.
With
the
current
authorities
keys
for
non-pure
dids,
the
did
doc
would
include
a
designation,
the
infrastructure
that
provides
the
key
event
state,
there's
your
provenance
information,
but
for
the
pure
dids
it
needs
to
be
self-contained.
A
In
the
query
parlance,
the
did
doc
is
an
interaction
event,
not
a
key
event.
This
approach
is
generalizable
to
any
protocol
and
also
used
to
support
the
delegated
credentials.
You
wonderfully
subscribed
today,
and
so
this
is
why
you
know
this
web
through
stuff
is
interesting,
because
it's
a
generic
protocol.
A
A
A
And
carry
the
daddy
doc,
okay,
so
so
following
carrying
principles
and
did
pure
should
fix
the
problem.
I
don't
know
exactly
what
yet
the
fix
looks
like
for
did
peer
in
curie.
The
did
doc
is
not
the
root
of
trust.
The
curl
is,
did
doc
may
provide
a
snapshot
of
carol
or
a
reference
to
the
curl
by
which
the
id
doc
authenticity
may
be
established.
B
A
A
Okay,
that's
moving
deep
here
to
occur,
changes
how
one
looks
a
day
to
pure
doc.
One
could
use
a
sequence
of
daddy
pure
docs.
The
id
docs
is
the
equivalent
of
a
cure,
but
the
control
establishes
and
for
each
new
did
doc
would
have
to
follow
cure
principles.
Each
version
of
a
did
doc
would
function
either
as
an
establishment
event
or
a
non-establishment
event
in
the
carrier
parlance.
B
A
Appropriately
in
order
to
establish
a
travel
transfer
of
control
authority,
rotate
keys,
so
a
did
doc
could
not
be
used
in
an
inconsequent,
consistent
sequence
of
events
without
being
detectable.
Okay
yeah.
I
talked
too
much
about
keyboard
revocation
stuff
earlier
today,
and
this
sounds
like
it's
what
it's
hitting
on
so
so
we
need
to
read
this
thing.
What
is
this.
A
A
Using
the
ethereum
lightweight
identity,
standard
erc
1056,
the
default
unconfigured
drd
document
can
be
considered
quantum
secure,
but
when
the
did
document
is
first
configured
a
blockchain
transaction
is
signed
and
the
public
key
is
revealed
unless
the
public
key
is
deactivated
by
rotation.
The
dad
document
cannot
be
considered
post
quantum
secure
anymore
narrative
guidance.
Oh.
A
It's
because
the
quantum,
the
quantum
computers,
if
they
know
the
public
portion,
they
can
break
the
private
portion
for
some
things,
especially
these
short,
shorter
bike
keys
that
they
use
here,
like
the
ed
two,
five
five
one
nines
and
and
the
ed
or
what's
the
other
one,
the
other
short
one
that
they
use
for.
Ssh,
as
why
always,
I
personally
prefer
the
rsa
4096
keys.
A
All
right,
okay,
I'm
obviously
not
reading
this
okay
q
approach:
this
is
a
pre-rotation
scheme
for
each
rotation
event
that
makes
a
forward
cryptographic
commitment
to
the
next
key
reputation
cure
uses
a
pre-rotation
scheme
in
each
rotation
event.
That
also
makes
a
forward
cryptographic
commitment
to
the
next
rotation
key
or
set
of
keys.
Pre-Rotation
is
an
elegant
way
of
managing
rotation
keys
with
pre-rotation
a
given
rotation
key
can
only
be
used
once
for
this
forward.
Command
committed
is
expressed
as
a
digest
of
the
next
key
rotations
key
of
the
next
rotation
key
set.
A
Then
the
pre-rotation
can
be
considered
post
quantum
secure.
The
latest
version
of
the
curie
design
white
paper
proposes
this
approach.
Details
of
the
scheme
can
be
found
here.
The
nearby
diagram
shows
the
basic
idea
of
pre-rotation
with
post
quantum
secure
digest
of
the
next
key
sets.
Okay.
Well,
you
had
me
sold
once
you
said.
A
Each
rotation
event
also
makes
a
forward
cryptographic
commitment
to
the
next
rotation
key
or
set
of
keys,
so
it
sounds
like
basically
they're
going
to
change
the
numbers
in
the
keys
to
make
it
a
different
key.
So,
every
time
it's
almost
like,
like
you're,
not
going
to
be
able
to
guess
it,
basically
it's
it's
getting
blown
up
every
time
it
gets
used
and
rotated
to
the
next
thing
which
you're
not
going
to
be
able
to
tell
the
next
thing
from
knowing
blowing
up
the
last
thing
sort
of
okay.
So.