10D/ Fantastic DIDComm Protocols, and How to Write Them
Fantastic DIDComm Protocols and How to Write Them
Convener: Sam Curren
Notes-taker(s): Sam Curren
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Session Slides: https://hackmd.io/rwOOObn4RzaITcC217lGpw
(more links in slides)
Sandboxing? (see links)
From TimoGlastra to Everyone: So all Aries protocols are DIDComm protocols, but not all DIDComm protocols are Aries protocols if that makes sense; DIDComm is extracted from Aries in V2. You can use DIDComm without Aries, but can't use Aries without DIDComm. Aries is focused on creating, transmitting and storing verifiable digital credentials, while the application of DIDComm is much broader
Alex from Spherity: FInal version when? Feature freeze? How/when to buidl?
Geo Fletcher “v2 is almost done but v3 is already starting” sounds really scary, this sends up red flags about timeline and life expectancy
Vic C: does an ecosystem sprout from this? An app store?
Sam: I can see lots of systems (and the web) integrating this as a protocol (the way everything does email), or bootstrapping it
Sam: This would’ve been easier to build as a product/platform, but building it as a protocol strives for the goal of being like email
Vic: How could people “invest” in the protocol beyond just donating code/review/etc? Is a “token” out of the question?
Sam: I’m nervous about binding the DIDComm protocols to a long-term risk; a token could crash, be a net negative, etc;
Protocols could go this route, but not the DIDComm framework around it; protocols could be proprietary, support a tokenized network, etc
David: Why did SMIME fail?
[from chat, Sebastian]: SMIME certs cost money-- let’s encrypt for DMIME is missing
Sam: I mean, DIDs and DIDComm are, debatably, PGP with more steps!
[from chat, Bart]: PGP failed because it was too technical, I worry DIDComm could too… or put differently: people use apps/services, not technology/protocols
Sam: i can’t really answer this…
[Natgeo]: Especially in light of our tendency for creating so many “V1 layer” alternatives —> if you have more than one key server (or key ledger/chain/etc) you ain’t got any. Key management philosophy matters, and we still have a lot of work to do there
Sam; I tried doing TLS with DIDDoc keys, which is allowed by the DID spec… but `openSSL` and all the commodity TLS tooling assumes lots of things, and would have to be reimplemented all the way down…
Partic for mobile-friendliness and async routing :/
Links from the Zoom Chat: